sonarqubegitlabgitlab-cisonar-runnergitlab-ci-runner

How to integrate Sonar Quality Gates with Gitlab-CI


I have a gitlab-ci integration that require a sonar analysis and if the quality gates pass, to build a docker image.

Is this possible using gitlab-ci ?


Solution

  • To break the CI build for a failed Quality Gate,

    1.Search in /report-task.txt the values of the CE Task URL (ceTaskUrl) and CE Task Id (ceTaskId)

    2.Call /api/ce/task?id=XXX where XXX is the CE Task Id retrieved from step 1 Ex:- https:///api/ce/task?id=Your ceTaskId

    3.Wait for sometime until the status is SUCCESS, CANCELED or FAILED from Step 2

    4.If it is FAILED, break the build (Here failure is unable to generate sonar report)

    5.If successful,then Use the analysisId from the JSON returned by /api/ce/task? id=XXX(step2)and Immediately call /api/qualitygates/project_status?analysisId=YYY to check the status of the quality gate. Ex:- https:///api/qualitygates/project_status?analysisId=Your analysisId

    6.Step 5 gives the status of the critical, major and minor error threshold limit

    7.Based on the limit break the build.

    8. Follow proper indentation while using the script

    build:
      stage: build
      before_script:
       - yum -y install epel-release
       - yum -y install jq
       - yum install -y coreutils
      script:
        - mvn sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_LOGIN_TOKEN -Dsonar.working.directory=../target/.sonar
        - export url=$(cat ../target/.sonar/report-task.txt | grep ceTaskUrl | cut -c11- ) #URL where report gets stored
        - sleep 15s #Wait time for the report
        - curl -k -u "$SONAR_LOGIN_TOKEN":"" $url -o analysis.txt
        - export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED or FAILED
        - export analysisId=$(cat analysis.txt | jq -r '.task.analysisId') #Get the analysis Id
        - |
          if [ "$status" == "SUCCESS" ];then 
            echo -e "SONAR ANALYSIS SUCCESSFUL...ANALYSING RESULTS";
            curl -k -u "$SONAR_LOGIN_TOKEN":"" https://yourSonarURI/api/qualitygates/project_status?analysisId=$analysisId -o result.txt; #Analysis result like critical, major and minor issues
            export result=$(cat result.txt | jq -r '.projectStatus.status');
    
            if [ "$result" == "ERROR" ];then
              echo -e "91mSONAR RESULTS FAILED";
              echo "$(cat result.txt | jq -r '.projectStatus.conditions')"; #prints the critical, major and minor violations
              exit 1 #breaks the build for violations
            else
              echo -e "SONAR RESULTS SUCCESSFUL";
              echo "$(cat result.txt | jq -r '.projectStatus.conditions')";
              exit 0 
            fi
        else 
            echo -e "\e[91mSONAR ANALYSIS FAILED\e[0m";
            exit 1 #breaks the build for failure in Step2
         fi