Associate Specified Quality Gate dynamically to a Project for SonarQube Analysis
Overview
To get more visibility of the code and enforce quality policy in an organization, SonarQube provides a feature called “Quality Gate”.
Quality Gate is the set of conditions or measures defined to measure the code (mostly production-ready code and also the new code) based on metrics:
- Rating of Reliability
- Security
- Maintainability
Problem Statement
The default Quality Gate provided by SonarSource provides better visibility of the codebase. But for a bigger organization with more development teams, there should be different guidelines or policies for different teams to flag more issues and bugs, and also to provide different data insights. Thus, there is a need to set up different Quality Gate accordingly.
How — Associate a specified Quality Gate dynamically?
In this article, we will show you how to associate a specified Quality Gate dynamically to a project and then configure Jenkins job to enforce sonar analysis.
To associate a specified Quality Gate dynamically, we will use SonarQube’s two WEB API:
- Get a List of Quality Gates
╔══════════════╦════════════════════════════════════════════════╗
║ URL ║ /api/qualitygates/list ║
╠══════════════╬════════════════════════════════════════════════╣
║ Description ║ Get a list of quality gates ║
╠══════════════╬════════════════════════════════════════════════╣
║ HTTP Method ║ GET ║
╠══════════════╬════════════════════════════════════════════════╣
║ Example ║ curl -u "<Username>:<Password>" -X GET ║
║ ║ "http://localhost:9000/api/qualitygates/list" ║
╚══════════════╩════════════════════════════════════════════════╝- Associate a Project to a Quality Gate
╔══════════════╦════════════════════════════════════════════════╗
║ URL ║ /api/qualitygates/select ║
╠══════════════╬════════════════════════════════════════════════╣
║ Description ║ Associate a project to a quality gate ║
╠══════════════╬════════════════════════════════════════════════╣
║ HTTP Method ║ POST ║
╠══════════════╬════════════════════════════════════════════════╣
║ Parameters ║ gateId(Quality Gate ID), projectId(Project ID) ║
╠══════════════╬════════════════════════════════════════════════╣
║ Example ║ curl -u "<Username>:<Password>" -X POST ║
║ ║ "http://localhost:9000/api/qualitygates/select?║
║ ║ projectKey=webapp&gateId=10180" ║
╚══════════════╩════════════════════════════════════════════════╝Jenkins Job Setup
Before setting up the Jenkins job, we will get the ID of the quality gate which we are going to associate with the project. We will use the web api /api/qualitygates/list to get the ID of the quality gate (in our case say 10100 )
Note: You need the “Administer Quality Gate” permission to set the quality gate. Here, we have used an admin user to do sonar analysis.
Note: In the above image, “id”:10040,”name”:”SonarQube way” is the default Quality Gate. We will use “id”:10100,”name”:”SASSonarQube way” to associate with a project dynamically. All are marked in
yellow
Now, perform sonar analysis on a sample maven project and, the quality gate to use for the scan will be, say, SASSonarQube (qulaitygateId: 10100).
Prerequisites: Jenkins is setup with Github/Gitlab for code checkout and Maven to build the project. SonarQube is running and you have Sonar Scanner setup in system. Install Jenkins plugin
SonarQube Scannerto configure Sonar Scanner.
In Jenkins, we will create stages in the following sequence:
- Check out the code
- Build the project (In case of Maven Project)
- Create the Sonar Project (say
stackoverflow) - Associate the created sonar project with a Quality Gate
- Run sonar analysis
Here, is the sample Jenkinsfile:
pipeline {
agent any
tools {
maven 'MAVEN_HOME1'
}
stages {
stage('Code Checkout') {
steps {
git credentialsId: 'gitlab-cred', url: 'https://example.com/gitlab/repo1/simple-java-maven-app.git'
}
}
stage('Build Project') {
steps {
sh "mvn install"
}
}
stage('Create Sonar Proejct') {
steps {
sh 'curl -X POST -u "admin:admin" "https://example.com/sonarqube/api/projects/create?name=stackoverflow&project=stackoverflow"'
}
}
stage('Set Quality Gate') {
steps {
sh 'curl -u "admin:admin" -X POST "https://example.com/sonarqube/api/qualitygates/select?projectKey=stackoverflow&gateId=10100"'
}
}
stage('Sonarqube Analysis') {
steps {
sh """mvn -U install sonar:sonar -Dsonar.host.url=https://example.com/sonarqube/ -Dsonar.login=7yha3f47967iuednd8cd -Dsonar.projectKey=stackoverflow -Dsonar.projectName=stackoverflow -Dsonar.sources=. -Dsonar.java.binaries=**/* -Dsonar.language=java -Dsonar.exclusions=src/test/java/com/mycompany/app/AppTest.java"""
}
}
}
}Now, let’s verify in the SonarQube server whether the project stackoverflow is analyzed using the specified Quality Gate i.e. SASSonarQube
In the above screenshot, you can verify that the Quality Gate SASSonarQube way has been used to do sonar analysis. Marked in yellow
Conclusion
In this article, we have shown how we can associate a specified quality gate dynamically to a project. We have also seen, how we can enforce Jenkins to do sonar analysis with a specified quality gate.
This approach will definitely help the different development teams to use a specified quality gate for a project to flag more issues and bugs, and also to provide different data insights rather than using the default quality gate which has a fixed set of rules and cannot be altered.
Connect with me on LinkedIn or say hi, mentioning this story when you write.
