analyzeCode
Executes a sonar scan, waits for it complete, and then returns the information on completed scan. This operation takes inputs for both a Sonar project properties path and an analysis properties file but only requires one. If both are provided, the plugin will use the analysis properties and do nothing with the path. This operation only returns information including but not limited to quality gate status, dashboard url, task Id, analysis Id, and task status.
Analysis Properties
There is a significant amount of analysis parameters available to augment a Sonar scan. It is recommended to research which parameters are necessary for your projects and sonar scans.
Analysis Tool Instance Properties
Property Name | Property Code | Required | Description |
---|---|---|---|
SonarQube Instance URL |
| Yes | SonarQube Server Instance URL (example:Ā https://localhost:9000) |
SonarQube Token |
| No | SonarQube Server Token provides credentials to run code scans or to invoke web services as a replacement of the user login. Provide a token or username and password. |
SonarQube Username |
| No | The username for your SonarQube Server Instance.Ā Provide a token or username and password. |
SonarQube Password |
| No | The password for your SonarQube Server Instance.Ā Provide a token or username and password. |
SonarQube Client path |
| No | SonarQube Client path in the server (e.g. /u01/sonarClinet/sonar-scanner-3.1.0.1141-linux/bin) |
Inputs
Input Name | Input Code | Required | Description |
---|---|---|---|
SonarQube Account Code |
| Yes | The SonarQube account with all the required properties like Sonar Scanner Home, Instance Url, Token for running SonarQube Instance. |
Sonar Project Properties Path |
| No | Absolute file path of the sonar-project.properties file. |
Analysis Properties |
| No | Define the sonar project properties manually. This will override all other fields. Required property: sonar.projectKey |
Outputs
Output Name | Description |
---|---|
| Defines the status of the project based on all the quality gate(s) defined for the project. Possible values:Ā OK, WARN, ERROR, NONE. The NONE status is returned when there is no quality gate associated with the analysis. |
| SonarQube instance dashboard url.Ā Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report. |
| Id of the task being retrieved. |
| Task type. Possible Values: REPORT |
| Component Id. |
| Component Key. |
| Component Name. |
| Component Qualifier. |
| Analysis Id. |
| Task status. Possible values: SUCCESS, FAILED, CANCELED, PENDING, IN_PROGRESS |
Artifacts
This operation doesnāt consume or produce any artifacts.
Endpoint Selection
This operation delegates the selection to the workflow developer to determine.
Endpoint Execution
This operations delegates the execution to the workflow developer to decide.
Special Considerations
A SonarQube instance is required. Here is guidance on installing that if necessary.
DownloadĀ the SonarQube Community Edition.
As aĀ non-
root
Ā user, unzip it, let's say inĀ C:\sonarqubeĀ orĀ /opt/sonarqube.As a non-
root
user, start the SonarQube Server:Ā# On Windows, execute: C:\sonarqube\bin\windows-x86-xx\StartSonar.bat # On other operating systems, as a non-root user execute: /opt/sonarqube/bin/[OS]/sonar.sh console
Ā
Troubleshooting Sonar
If you're having trouble starting your server for the first time (or any subsequent time!) the first thing to do is check your server logs. You'll find them inĀ
$SONARQUBE_HOME/logs
:sonar.log - Log for the main process. Holds general information about startup and shutdown. You'll get overall status here but not details. Look to the other logs for that.
web.log - Information about initial connection to the database, database migration and reindexing, and the processing of HTTP requests. This includes database and search engine logs related to those requests.
ce.log - Information about background task processing and the database and search engine logs related to those tasks.
es.log - Ops information from the search engine, such as Elasticsearch startup, health status changes, cluster-, node- and index-level operations, etc.
Ā
Log in toĀ http://localhost:9000Ā with System Administrator credentials (login=admin, password=admin).
Click theĀ Create new projectĀ button to analyze your first project.
Sonar Scanner installed on target environment
DownloadĀ the CLI Sonar Scanner
Example of complete sonar implementation
Step 1: Gather authentication information.
If you choose to use a token over username and password for authentication you can generate it on your SonarQube Server.Ā To get a SonarQube Token: login to your SonarQube Instance (http://host:portĀ ex: http://localhost:9000/) and navigate to My Account->Security->Generate New Token. Make sure you copy and save this token somewhere secure because after you leave this screen you will not be ableĀ to see your token again.Ā
Ā
You may be asked for a token type. A global Analysis Token is appropriate.
Ā
Step 2: Create a SonarQube Analysis Tool Account
Under SonarQube Account define:
SonarQube Instance URL (http://host:portĀ with no extra "/" at the end).
Token OR username AND password for SonarQube Instance.
Step 3: Set your host url
Navigate to your SonarQube installation location.Ā We'll refer to it asĀ
$install_directory
Ā in the next steps.Update the global settings to point to your SonarQube server by editingĀ
$install_directory/conf/sonar-scanner.properties
:sonar-scanner.properties
#----- Default SonarQube server #sonar.host.url=http://localhost:9000 #Don't forget to remove the "#" here if it is there by default
Step 4: Define sonar project properties (2 options)
Option 1: Create a configuration file in the root directory of the project and name itĀ sonar-project.properties, then give the file path to this file under Sonar Project Properties Path.
Sonar Project Properties Path or Analysis Properties is required but not both. Analysis properties take precedence over the file, which is ignored if both are specified.
Ā
Option 2: Create the sonar project properties from the Workflow screen under Analysis Properties.
If you use groovy like the example below, note that you will need to add \n or \r\n before each property except the first.
If you are not using groovy, this is not needed.
You could also use a shell step to echo the properties out to a file and then read it with the Sonar Project Properties Path property.
Ā
Omitting sonar.sources or sonar.projectBaseDir properties means the sonar scan will default to scanning all files in the base directory of the workflow execution ā Endpoint Base Directory/ProjectId/WorkflowExecutionId (I.E.: prod/flexdeploy/fdtlt04/work/302231/198535/)
For a list of all possible properties available visitĀ SonarQube Analysis Properties.
Step 5: Define output names for FDSQ_OUT_TASK_ID and FDSQ_OUT_DASHBOARD_URL and create variables with matching names.
Step 6: Create a project, select your sonar scan workflow, and instance.
Step 7: Run the workflow to start your sonar scan.Ā
Example output:
Ā
- style