How to use REST API to know if the report is finished from SONAR

Daniel_Garcia · September 11, 2023, 8:43am

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
Using version : Community Edition Version 9.9 (build 65466)
how is SonarQube deployed: zip, Docker, Helm
It is a centralized deployment in our company so don’t know
what are you trying to achieve:
We are using Jenkins and a Git event trigger on Jenkins for SonarQube
And that works fine but right now in our script in Jenkins we are just waiting for the report to be finished.
We have put in a 3 minute sleep and that works but would be nice to be able to poll the SONAR API to instead know when it is ready? Maybe with a check every 10 seconds but I can’t find any API request that is suitable?

This is how the script looks like right now:

#!/bin/bash -e

# # Load required software modules (see ~/.modules file for account)
#module add jq/1.6        # <== MAY NOT EXIST ON DESIRED MACHINES
#module add git/2.9.3     # <== VERSION IS TOO OLD

BASH_MODULE_LOCATION="/app/modules/0/init/bash"

MAVEN_MODULE="maven/3.6.0"
MAVEN_PHASE="clean compile"

# Project key for this project.
PROJECT_KEY="nwstjcat"

# Page size is set to maximum during get data from Sonarqube server
PAGE_SIZE=500

# Set of filter rule to filter sonar report got from Sonarqube DB
SONAR_REPORT_BUILDER="ci/sonar-report-builder.jq"

# Output file after filter to pass Sonar Gerrit plugin
JSON_OUTPUT_FILE="target/sonar/sonar-report.json"

# Define Sonarqube server
SONARQUBE_URL="https://sonarqube.lmera.ericsson.se"
# Define Sonarqube API URL
SONARQUBE_API_URL="${SONARQUBE_URL}/api"
# Credential to access Sonarqube
SONARQUBE_CREDENTIAL="25afb75422b4ddf7827692669da83bcf70207c7e"

# Sonar plugin
SONAR_MAVEN_PLUGIN="org.sonarsource.scanner.maven"
# Sonar maven plugin version
SONAR_MAVEN_PLUGIN_VERSION="3.9.0.2155"
# Sonar maven plugin goal
SONAR_MAVEN_PLUGIN_GOAL="sonar"
# Sonar maven plugin id
SONAR_MAVEN_PLUGIN_ID="sonar-maven-plugin"

source ${BASH_MODULE_LOCATION}

module add ${MAVEN_MODULE}

# Trigger a sonar scanner to check the code
mvn -version; mvn ${MAVEN_PHASE} ${SONAR_MAVEN_PLUGIN}:${SONAR_MAVEN_PLUGIN_ID}:${SONAR_MAVEN_PLUGIN_VERSION}:${SONAR_MAVEN_PLUGIN_GOAL} \
-Dsonar.host.url=${SONARQUBE_URL} \
-Dsonar.login=${SONARQUBE_CREDENTIAL} \
-Dsonar.analysis.mode=publish \
-Dsonar.projectKey=${PROJECT_KEY}

# Sleep a certain time to wait for sonar report is ready
# The time was chosen by a 'hacked' number. Not to have any standard
# TODO:
#  Choose a reasonable time instead of 'hacked' time OR
#  Find a reasonable mechanism to wait
echo -e "\nSleeping 3 minute before get report to 'hope' it's ready.\n"
sleep 180



# Get the date of commit with specific format base on patchset revision
# E.g 2020-08-06T13:07:08+02:00
echo -e "\nGERRIT_PS_REVISION: ${GERRIT_PATCHSET_REVISION}\n"
commit_date=$(git show -s --format=%aI ${GERRIT_PATCHSET_REVISION})

# Reformat the datetime to fit with Sonarqube server API
# E.g 2020-08-06T13:07:08%2b0200
commit_date=$(sed -e "s/\(.*\)[+-]\(.*\):\(.*\)/\1%2b\2\3/" <<< ${commit_date})

# Parameters for search action
search_params="componentKeys=${PROJECT_KEY}&resolved=false&ps=${PAGE_SIZE}&createdAfter=${commit_date}"

echo -e "\nSEARCH_PARAM: ${search_params}\n"

# Create JSON report file and store into target/sonar directory
curl --netrc-file ~/.netrc-sonarqube "${SONARQUBE_API_URL}/issues/search?${search_params}" | jq -f ${SONAR_REPORT_BUILDER} > ${JSON_OUTPUT_FILE}

As I mentioned this works but would be better to have like a poll instead to the REST API of some sort instead of a the sleep for 3 minutes.

I have tried this this instead of the sleep but that was not really the full report that was finished.

# Poll SonarQube API to check analysis status
MAX_POLL_ATTEMPTS=30  # Set your desired number of polling attempts
POLL_INTERVAL_SECONDS=10  # Set your desired polling interval in seconds
poll_attempts=0
analysis_status="PENDING"

while [ $poll_attempts -lt $MAX_POLL_ATTEMPTS ] && [ "$analysis_status" != "SUCCESS" ]; do
    sleep $POLL_INTERVAL_SECONDS
    poll_attempts=$((poll_attempts + 1))
    analysis_status=$(curl -s "${SONARQUBE_API_URL}/ce/component?component=${PROJECT_KEY}" | jq -r '.current.status')
done

if [ "$analysis_status" == "SUCCESS" ]; then
    echo "SonarQube analysis is complete. Proceed with further actions."
else
    echo "SonarQube analysis did not complete successfully after $MAX_POLL_ATTEMPTS attempts. Check SonarQube server logs for details."
    exit 1
fi

Maybe we are doing this wrong

Sorry for long post

Rebse · September 11, 2023, 12:44pm

Welcome Daniel

you don’t need to use the rest api.

Normally in Jenkins you use the Sonarqube for Jenkins extension which provides a
waitForQualityGate() Jenkins pipeline step - this requires a configured webhook in Sonarqube server.
see Jenkins extension for SonarQube
Jenkins integration

As an alternative you may use the property sonar.qualitygate.wait which is meant as a generic
CI solution for the polling - no need for a selfimplemented solution.
see CI integration overview

We use the first solution with Sonarqube Enterprise and it works fine.

Gilbert

Daniel_Garcia · September 11, 2023, 1:26pm

not really sure I understand you answer completely but will try to read and see if I get it

As you see in the script we create a SONAR json report file. Would your suggestion do the same?
Also as you may have seen that we use a SONAR community edition so maybe the way you do it will not work for us?

Rebse · September 11, 2023, 1:42pm

Check the docs and come back if any questions

AFAIK, the sonar json report was available in older Sonarqube 7.x versions, but doesn’t work anymore.
If you need reporting for Community edition you may:

use the rest api and do it yourself
use GitHub - cnescatlab/sonar-cnes-report: Generates analysis reports from SonarQube web API.
use the bitegarden reporting plugins ($) Our SonarQube and SonarCloud plugins and products | bitegarden - Plugins for SonarQube and SonarCloud

If something is only available starting with Developer or Enterprise edition it should be mentioned in the docs, i.e.

but the webhooks page has no such hint

For property sonar.qualitygate.wait the https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/analysis-parameters/ doc has

Forces the analysis step to poll the SonarQube instance and wait for the Quality Gate status. If there are no other options, you can use this to fail a pipeline build when the Quality Gate is failing. See the CI integration page for more information.

and there’s also sonar.qualitygate.timeout

Sets the number of seconds that the scanner should wait for a report to be processed, default 300

Daniel_Garcia · September 13, 2023, 6:52am

Thx for the answer I will check it out but that is why we tried to do it our self with REST API and that was really what my question was about.
How to do it with the REST API because I have not found a good way.

We are using the community edition so cant use the webhooks.
And I am not in charge of our Sonarqube instance so I am not allowed to manipulate Sonarqube.

I appreciate your answers but I am still looking for how to do this report with API. So far we do it as the script I posted it works fine I just wanted to remove the 3 minute wait and make that more dynamic.
But maybe there is no way really with REST API to understand when we can create the json report.

So if anyone has a good idea on how to know when the issues “report” is finished and then after that can create the json sonar report as we do now with a script .

As I said the script works and we create the sonare json report ourselves but we now randomly wait 3 seconds before we can start creating the report. Would be good to know when we can start creating the report instead of the wait.