Is Gradle sonarqube task synchronous?

We use the sonarqube sonarqube-gradle-plugin and run the sonarqube task at the end of each Gradle build.
We want the build to fail and the pipeline to break in case there was any QG which didn’t pass.
We are thinking of implementing this by creating a custom task in Gradle which parses the analysis report page and fails the build in case the analysis is red.
This task is going to run immediately after the sonarqube task.

Is this approach reliable?
We realize this can be reliable only in case once the sonarqube task finishes, the analysis is ready (i.e. that the task is synchronous).

We’ve found conflicting information about this: some forum threads here are talking about anlalisys being asynchronous, however the gradle plugin manual (https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-gradle/) says:

Execute gradle sonarqube and wait until the build has completed, then open the web page indicated at the bottom of the console output. You should now be able to browse the analysis results.

The above leads to the impression that the task is synchronous and that the anlysis report is ready once the task is done.

We would appreciate some clarification for this confusion.

SonarQube Enterprise Edition Version 7.9.1
sonarqube-gradle-plugin version 2.6
Gradle version 5.6.4

Hi,

The language you find confusing is a holdover from when analysis was synchronous. It’s not any more. We’ll get that fixed.

As described here, an analysis report is collected by the scanner and submitted to the server [all synchronous up to this point], where it’s queued and [asynchronous here] processed sequentially by the server.

You mentioned “pipeline” but not which CI server. Achieving your goal is documented for Jenkins with the use of a webhook, and surely doable for other servers with a wait/poll loop if nothing else.

 
HTH,
Ann

@ganncamp Thanks for the clarification.
This means that we have no way of failing the build and breaking the pipeline from Gradle.
We use GitLab CI ( GitLab Enterprise Edition 11.11.8-ee)
I have found this post: How to block the merge of Merge Requests when SonarQube Quality Gate is failed, with GitLab
But it’s mentioned that the feature is only availble on GitLab 12.5 and higher.
Is there any other way you can recommend to block Merge Requests in case of QG failure?

Hi,

Since you can’t take advantage of the built-in integration, I think you’ll have to build it yourself with - as I mentioned - a wait/poll loop. I think you want the api/ce/task web service to see if analysis is complete. Then you can pull api/project_analyses/search to get the QG status of the analysis in question. (There will be some work in the middle to get the right IDs to pass to these services).

 
HTH,
Ann

Hi,

Im also interested in this issue. I did take a more detailed look at the output of the api/ce/task` for example API REST calls GET https://sonrXXX.com/api/ce/task?id=XXXXXXXXXX returns:

{
  "task": {
    "id": "AXFByGk-dxrgASgOu7N8",
    "type": "REPORT",
    "componentId": "AXDOi0IwtxXSIR6bGjOk",
    "componentKey": "XXX",
    "componentName": "XXX",
    "componentQualifier": "TRK",
    "analysisId": "AXFByHCo4k3OQL0i2GFd",
    "status": "SUCCESS",
    "submittedAt": "2020-04-03T15:43:05-0500",
    "submitterLogin": "XXXX",
    "startedAt": "2020-04-03T15:43:07-0500",
    "executedAt": "2020-04-03T15:43:09-0500",
    "executionTimeMs": 2607,
    "logs": false,
    "hasScannerContext": true,
    "organization": "default-organization",
    "warningCount": 3,
    "warnings": []
  }
}

Does it means “status”: “SUCCESS” that the analyz of the code is already done and finished succesfuly?

Hi @KaizerF,

Welcome to the community!

Yes.

 
Ann