Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Executes a sonar scan, waits for it complete, and then returns the information on completed scan. This operation takes inputs for both a Sonar project properties path and an analysis properties file but only requires one. If both are provided, the plugin will use the analysis properties and do nothing with the path. This operation only returns information including but not limited to quality gate status, dashboard url, task Id, analysis Id, and task status.

Info

Analysis Properties

There is are a significant amount number of analysis parameters available to augment a Sonar scan. It is recommended to research which parameters are necessary for your projects and sonar scans.

Analysis Tool Instance Properties

FDSONARQUBEACCT_INSTANCE_URL

FDSONARQUBEACCT_TOKEN

FDSONARQUBEACCT_USERNAME

FDSONARQUBEACCT_SONAR_HOME

Property Name

Property Code

Required

Description

SonarQube instance URL

Code Block

Yes

SonarQube Server Instance URL (example: https://localhost:9000)

SonarQube Token

Code Block

No

SonarQube Server Token provides credentials to run code scans or to invoke web services as a replacement of the user login. Provide a token or username and password.

SonarQube Username

Code Block

No

The username for your SonarQube Server Instance. Provide a token or username and password.

SonarQube Password

code

FDSONARQUBEACCT_PASSWORD

No

The password for your SonarQube Server Instance. Provide a token or username and password.

SonarQube Client path

Code Block

No

SonarQube Client path in the server (e.g. /u01/sonarClinet/sonar-scanner-3.1.0.1141-linux/bin)

...

FDSQ_INP_ANALYSIS_PROPERTIES

Input Name

Input Code

Required

Description

SonarQube Account Code

code

FDSQ_INP_ANALYSIS_TOOL_ACCOUNT_CODE

Yes

The SonarQube account with all the required properties like Sonar Scanner Home, Instance Url, Token for running SonarQube Instance.

Sonar Project Properties Path

code

FDSQ_INP_PROPERTIES_FILE_PATH

No

Absolute file path of the sonar-project.properties file.

Analysis Properties

Code Block

No

Define the sonar project properties manually. This will override all other fields. Required property: sonar.projectKey

Outputs

Output Name

Description

FDSQ_OUT_QUALITY_GATE_STATUS

Defines the status of the project based on all the quality gate(s) defined for the project. Possible values: OK, WARN, ERROR, NONE. The NONE status is returned when there is no quality gate associated with the analysis.

FDSQ_OUT_DASHBOARD_URL

SonarQube instance dashboard url. Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report.

FDSQ_OUT_TASK_ID

Id of the task being retrieved.

FDSQ_OUT_TASK_TYPE

Task type. Possible Values: REPORT

FDSQ_OUT_TASK_COMPONENT_ID

Component Id.

FDSQ_OUT_TASK_COMPONENT_KEY

Component Key.

FDSQ_OUT_TASK_COMPONENT_NAME

Component Name.

FDSQ_OUT_TASK_COMPONENT_QUALIFIER

Component Qualifier.

FDSQ_OUT_TASK_ANALYSIS_ID

Analysis Id.

FDSQ_OUT_TASK_STATUS

Task status. Possible values: SUCCESS, FAILED, CANCELED, PENDING, IN_PROGRESS

...

This operation doesn’t consume or produce any artifacts.

Endpoint Selection

This operation delegates the selection to the workflow developer to determine.

Endpoint Execution

This operations delegates the execution to the workflow developer to decide.

Special Considerations

  • A SonarQube instance is required. Here is guidance on installing that if necessary.

Excerpt
nameInstalling SonarQube
  1. Download the SonarQube Community Edition.

  2. As a non-root user, unzip it, let's say in C:\sonarqube or /opt/sonarqube.

  3. As a non-rootuser, start the SonarQube Server: 

    Code Block
    # On Windows, execute:
    C:\sonarqube\bin\windows-x86-xx\StartSonar.bat
    
    # On other operating systems, as a non-root user execute:
    /opt/sonarqube/bin/[OS]/sonar.sh console
    

    Troubleshooting Sonar

    If you're having trouble starting your server for the first time (or any subsequent time!) the first thing to do is check your server logs. You'll find them in $SONARQUBE_HOME/logs:

    • sonar.log - Log for the main process. Holds general information about startup and shutdown. You'll get overall status here but not details. Look to the other logs for that.

    • web.log - Information about initial connection to the database, database migration and reindexing, and the processing of HTTP requests. This includes database and search engine logs related to those requests.

    • ce.log - Information about background task processing and the database and search engine logs related to those tasks.

    • es.log - Ops information from the search engine, such as Elasticsearch startup, health status changes, cluster-, node- and index-level operations, etc.

  4. Log in to http://localhost:9000 with System Administrator credentials (login=admin, password=admin).

  5. Click the Create new project button to analyze your first project.

  • Sonar Scanner installed on target environment

...

Excerpt
nameSonar Authentication

Step 1: Gather authentication information.

  • If you choose to use a token over username and password for authentication you can generate it on your SonarQube Server. To get a SonarQube Token: login to your SonarQube Instance (http://host:port ex: http://localhost:9000/) and navigate to My Account->Security->Generate New Token. Make sure you copy and save this token somewhere secure because after you leave this screen you will not be able to see your token again. 

You may be asked for a token type. A global Analysis Token is appropriate.

Image Modified

Step 2: Create a SonarQube Analysis Tool Account

...

  • Option 1: Create a configuration file in the root directory of the project and name it sonar-project.properties, then give the file path to this file under Sonar Project Properties Path.

  • Option 2: Create the sonar project properties from the Workflow screen under Analysis Properties.

    Image RemovedImage Added
Info

...

Note

Sonar Project Properties Path or Analysis Properties is required but not both. Notice both are defined in this example, therefore, the analysis properties will take precedence.

Info

Note

Omitting sonar.sources or sonar.projectBaseDir properties means the sonar scan will default to scanning all files in the base directory of the workflow execution → Endpoint Base Directory/ProjectId/WorkflowExecutionId (I.E.: prod/flexdeploy/fdtlt04/work/302231/198535/)

...