changes.
| Since QuickBuild 10, [SonarQube|https://www.sonarqube.org], a continuous code inspection solution, can be added to your continuous integration workflow. |
| |
| You can trigger SonarQube to analyze your source code by adding a step. The step can be: |
| |
| * Sonar Scanner Step |
| * Maven Step |
| * Gradle Step |
| * Command line Step |
| |
| h2. Configuring Webhook |
| |
| QuickBuild uses Webhook to communicate with SonarQube. So firstly, you need config the webhook both in QuickBuild and in SonarQube. |
| |
| h3. QuickBuild Side |
| |
| Go to configuration Settings page, then Webhook tab, you can define the SonarQube settings: |
| |
| !sonar-settings.png! |
| |
| If the "Anyone" pseudo-group does not have permission to perform analyses, you'll need to |
| supply the credentials of a user with Execute Analysis permission for the analysis to run under. So, you need input Login or Token and Password for authentication. See more details at below page: |
| |
| https://docs.sonarqube.org/latest/analysis/analysis-parameters/ |
| |
| {note:title=Important} |
| The Login or Token field and Password field are only used in Sonar Scanner Step. If you use |
| other steps. like Maven step or Gradle step, those fields are no use. |
| {note} |
| |
| h3. SonarQube Side |
| |
| Go to project administration page, create a webhook: |
| |
| !quickbuild-webhook.png! |
| |
| Please make sure the secret is identical to the secret filled in QuickBuild. |
| |
| The URL is in below format: |
| |
| {code} |
| http://{your-quickbuild-host}/rest/webhook/sonarqube/{configurationId} |
| {code} |
| |
| h2. Sonar Scanner Step |
| |
| In configuration workflow, add Sonar Scanner Step to trigger SonarQube to analyze your source code. And beside triggering the analysis, this step can also used to detect the quality gate result. |
| |
| If you are using Maven Step or Gradle Step to run Sonar scanner, this step can only be used for detecting the quality gate only. |
| |
| !sonar-step.png! |
| |
| h2. Maven Step |
| |
| If you are using Maven step for triggering Sonar Scanner, you need add scanner parameters either in Maven properties section or in step build properties, see more details at below page: |
| |
| https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/ |
| |
| The parameters can be found at below page: |
| |
| https://docs.sonarqube.org/latest/analysis/analysis-parameters/ |
| |
| QuickBuild need one additional parameter in order to receive the webhook result: sonar.analysis.buildNumber: |
| |
| {code} |
| sonar.analysis.buildNumber: ${build.id} |
| {code} |
| |
| |
| {note:titile=Important} |
| Property: sonar.analysis.buildNumber is required when using Maven Step to trigger the scanner, otherwise, there is no quality gate report. |
| {note} |
| |
| h2. Gradle Step |
| |
| If you are using Gradle step for triggering Sonar Scanner, you need add scanner parameters either in Gradle properties file or in step build properties, see more details at below page: |
| |
| https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-gradle/ |
| |
| The parameters can be found at below page: |
| |
| https://docs.sonarqube.org/latest/analysis/analysis-parameters/ |
| |
| QuickBuild need one additional parameter in order to receive the webhook result: sonar.analysis.buildNumber: |
| |
| {code} |
| sonar.analysis.buildNumber: ${build.id} |
| {code} |
| |
| {note:titile=Important} |
| Property: sonar.analysis.buildNumber is required when using Gradle Step to trigger the scanner, otherwise, there is no quality gate report. |
| {note} |
| |
| |
| h2. Command line Step |
| |
| If you are using command line step for triggering Sonar Scanner, you need add scanner parameters in command line directly: |
| |
| https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/ |
| |
| The parameters can be found at below page: |
| |
| https://docs.sonarqube.org/latest/analysis/analysis-parameters/ |
| |
| QuickBuild need one additional parameter in order to receive the webhook result: sonar.analysis.buildNumber: |
| |
| {code} |
| -Dsonar.analysis.buildNumber=${build.id} |
| {code} |
| |
| {note:titile=Important} |
| Property: sonar.analysis.buildNumber is required when using command line Step to trigger the scanner, otherwise, there is no quality gate report. |
| {note} |
| |
| |
| h2. View Quality Gate Result |
| |
| QuickBuild can receive the Quality Gate result from SonarQube webhook and showing them in build report tab: |
| |
| | !quality-gate.png! |
| | !sonar-report.png! |
| |
| |