We are happily running the managed SonarQube 10.3 and the Azure DevOps SonarQubeAnalyze@5 task in our pipeline. We’re now getting warnings about v5 being deprecated in favour of v6 (I think this is the changelog). In order to upgrade to v6, we have to get a newer version of Java on the self hosted DevOps agents. This is sounds like a trivial task, but at this company it is mission impossible.
Is it safe to upgrade to a newer version of SonarQube (current version is 10.6) and will there be a point where we have to upgrade the DevOps task?
To answer the question in the title: v5 of the Azure DevOps tasks aren’t going anywhere anytime soon (v4 is still kicking).
SonarQube v10.6 requires Java 17 to run analysis, so if installing it in your environment is going to be painful, I wouldn’t call it a “safe” upgrade.
SonarQube v10.6 does help, in some ways, because now the SonarScanner CLI (as of v6.0, the default version when using v6 of the Azure DevOps tasks) can download a compatible JRE from the SonarQube server instead of relying on what’s in your build environment. We’re doing this so that future upgrades, especially in scenarios like yours, are much easier.
However, this change doesn’t affect the requirements of the Scanner for Maven, Gradle, or the Scanner for .NET quite yet (they haven’t been upgraded to v6 of the scanner), so it’s not perfect yet.
Thanks for confirming! It seems the agent is running Java 11 and that works with SonarQube 10.3, when the requirement change to Java 18? Is it safe to upgrade to 10.4 or 10.5? There might be hope when they update the agent base image to a newer version of Linux.
