SonarQube Version: Data Center Edition v10.2.1
Deployed through Zip
From the documentation (Jenkins extension for SonarQube), I can see that to pause a pipeline in case of a QG failure, you’ll have to use the withSonarQubeEnv('My SonarQube Server') { }, which means the Sonarqube Server(s) has to be configured in the Jenkins.
Is there a way to pause a pipeline without having to configure the SonarQube Server(s) in Jenkins? Also, in case that is not possible, how much privilege should the Auth token have, that is used for the configuration in Jenkins?
Any advice/suggestion would be very much appreciated.
We have many teams that use Jenkins and Sonarqube. We don’t allow teams to have individual Sonarqube server configurations in Jenkins, instead, we make one configuration and ask all the teams to use the same.
We had configured a Sonarqube configuration in Jenkins, but that configuration had too much privilege. So we decided to remove this configuration altogether since all the teams were providing Server URL to run their analysis. Later we noticed that some teams were using withSonarQubeEnv('My SonarQube Server') to abort their pipeline in case of a QG failure.
So, just wanted to check what other options we have if we decide to remove this configuration from Jenkins but still want to pause a pipeline or what would be the right privilege for the Auth Token that is used to make this configuration.
So this means that each(?) team has its own SonarQube instance? But you have one, central Jenkins?
Because if it’s all one SonarQube, you could easily create a technical user that had global analysis permissions but nothing else, and configure a token from it on the Jenkins side in the global SonarQube instance config…
When we create a user with just Global Execute Analysis Permissions and create a token from that user account and have that configured in Jenkins, creates a different problem for us.
When users use withSonarQubeEnv('My SonarQube Server') and not provide the Auth Token, it uses the token that is configured with Jenkins and they are able to push analysis to their/any project.
Ref. - How much privilege does the GLOBAL ACCESS TOKEN have?
Is there any other option instead of having to provide this technical user Global Execute Analysis Permissions?
Your choices are using a global analysis token, with the hazard that you’ve mentioned, or generating an analysis token per project, with the headache of managing them all.