How to provide Reports to SonarQube from Jenkins Pipeline

Hello everybody,

i’m trying to push some reports (checkstyle, jacoco, surefire) of my maven project from jenkins pipeline to sonarqube.
everything runs on seperate docker agents, the sonarqube-analysis is working and the results are shown in the dashboard.
but we have custom rules for checkstyle and the checkstyle-results do not import into sonarqube.
neither the reports from jacoco or surefire.

i’m running sonarqube version 9.4 and jenkins 2.3

this is the SonarQube stage of my pipeline:

    		withSonarQubeEnv('SonarQubeServer') {
                    dir("${env.WORKSPACE}/com.private.project/"){
                        sh '''
                        mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar\
			-Dsonar.projectKey=${PRODUCT}:${JAVA_PROJECT_NAME}\
			-Dsonar.projectName=${SONAR_PROJECT_NAME} \
                        -Dsonar.java.coveragePlugin=jacoco \
                        -Dsonar.jacoco.reportPaths=target/jacoco.exec \
    			-Dsonar.junit.reportsPaths=target/surefire-reports
    			'''
                   }
                }

I think i’m messing up the paths for the reports and i don’t understand how the containers communicate.
Also i don’t know how to find the path in the maven-build-container for the reports that sonarqube can work with.
And how about the jacoco reports? if exec-files are not supported anymore, where do i find the xml-reports?

help is appreciated!
thanks in advance
laura

Hi laura,

Welcome to the community!

Do none of the Checkstyle results show up, or just the issues from your custom rules? Also, have you installed the Checkstyle plugin, or are you expecting this to Maven-just-work?

If you’re expecting your custom rules to come in via the Checkstyle plugin, then… I’ll have to refer you to the Checkstyle folks because I have no expertise there. But…

If you haven’t installed the plugin & are generating reports to import, then I think you just need to add -Dsonar.java.checkstyle.reportPaths=[path to report] to your analysis command.

Now about coverage…

That’s easy to do, and your analysis logs will tell us if that’s the case. Can you post them, please?

Do you mean the separate docker agents on which you run various parts of your job? From a SonarQube perspective, they don’t. You’ll need to consolidate everything into the directory from which you run analysis. And that implies that the paths need to match up in all the different places where you execute those steps. Hopefully that’s already the case.

They should be next to the other formats.

 
HTH,
Ann

Thanks Ann for your fast reply!

I have installed the Checkstyle and PMD plugin within SonarQube, tried to import the checkstyle-rules into a custom quality-profile and also tried to import the paths via -Dsonar.java.checkstyle.reportPaths.
Where can i see if the used rules (or shown issues) are from my import or from SonarQube itself?

Referring to JaCoCo, maybe this is the relevant part of the log?

[INFO] 11:29:04.381 Sensor JaCoCo XML Report Importer [jacoco]
[INFO] 11:29:04.382 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
[INFO] 11:29:04.382 No report imported, no coverage information will be imported by JaCoCo XML Report Importer
[INFO] 11:29:04.382 Sensor JaCoCo XML Report Importer [jacoco] (done) | time=1ms

[INFO] 11:27:31.419 Sensor FindBugs Sensor [findbugs]
[INFO] 11:27:31.420 Sensor FindBugs Sensor [findbugs] (done) | time=1ms
[INFO] 11:27:31.420 Sensor SurefireSensor [java]
[INFO] 11:27:31.423 parsing [/workspace/my-test-project-arquillian-tests/com.private.project/module-one/test/arquillian/target/surefire-reports]
[INFO] 11:27:32.004 Sensor SurefireSensor [java] (done) | time=584ms

[DEBUG] 11:29:04.888 'Import of Checkstyle issues' skipped because one of the required properties is missing
[DEBUG] 11:29:04.888 'Import of PMD issues' skipped because one of the required properties is missing

On the other hand (regarding the checkstyle problem), there is this part:

[INFO] 11:27:32.586 Sensor CheckstyleSensor [checkstyle]
[INFO] 11:27:32.617 Checkstyle output report: /workspace/my-test-project-arquillian-tests/com.private.project/module-one/test/arquillian/target/sonar/checkstyle-result.xml
[INFO] 11:27:32.634 Checkstyle configuration: /workspace/my-test-project-arquillian-tests/com.private.project/module-one/test/arquillian/target/sonar/checkstyle.xml
[INFO] 11:27:32.680 Checkstyle charset: UTF-8
[INFO] 11:27:32.943 Sensor CheckstyleSensor [checkstyle] (done) | time=357ms

Do I have to modify the pom.xml of my project or do some other configuration to generate jacoco.xml?
I already included a report-goal to the jacoco-maven-plugin:

<plugin>
	<groupId>org.jacoco</groupId>
	<artifactId>jacoco-maven-plugin</artifactId>
	<version>0.8.7</version>
	<configuration>
		<fileSets></fileSets>
		<haltOnFailure>false</haltOnFailure>
	</configuration>
	<executions>
		<execution>
			<goals>
				<goal>report</goal>
			</goals>
		</execution>
	</executions>
</plugin>

For debugging I’ve also added an output of the following ‘findFiles’ in the Jenkins-Pipeline:

def jacocoResults = findFiles(glob: '**/jacoco.*') 
def junitResults = findFiles(glob: '**/surefire-reports/*.xml')
def jacocoXMLResults = findFiles(glob: '**/*jacoco*.xml')

A lot of jacoco.exec and surefire-reports are found, but no jacoco.xml.

Hi,

We generally try to keep it to one topic per thread (otherwise, it gets messy) and I made a mistake in trying to respond to all your points initially. Let’s focus on PMD & Checkstyle here. This is already a lot:

First, it should be either/or for Checkstyle rules in your profile or importing a Checkstyle report.

To see if your Checkstyle profile was properly populated, you can check the Quality Profiles page. Under Java, click through on your profile to see the numbers/types of rules. Then click through on the rule counts to see what they are. You should be able to tell from the Repository facet (in the left rail) whether the rules are from the Checkstyle plugin or not.

Assuming your profile was correctly populated, the next question is whether it was used during analysis. Only one profile for a given language will be used during analysis. Your project’s Project Information pop-out (top-right of the project homepage) will tell you what profile was used was used for each language in the last analysis.

The next question is about your Checkstyle report. With the Checkstyle plugin installed, there’s no need to generate a report before analysis and import it: analysis is just going to re-run (presumably) the same rules. You can probably save your pipeline a few minutes and drop the generation of the report.

But as to determining whether the issues came from the report import or from the Checkstyle plugin, if there’s an External label on an issue, it came from the report. Otherwise it came from the plugin.

So those are generalities. Now, moving on to the log snippets you’ve provided:

This is pretty clear evidence that your Checktyle report wasn’t imported, and Checkstyle rules did run (from the plugin) during analysis. So then any Checkstyle rules raised against your project would be from the plugin.

For JaCoCo, please create a new thread with all the relevant details.

 
Ann