Jenkins Declarative pipeline with Sonarcube and MSBuild

SonarQube
,
1

I am trying to setup a Jenkins declarative pipeline that also includes SonarQube scan as part of the stages but i have not come across a fairly straghtforward guide for the process.

This is my toolset :
Jenkins – ver 2.223
SonarQube – ver 8.6.0.39681
Sonar Runner – sonar-runner-dist-2.4
SonarScanner for MSBuild 4.6.1.2049
.Net Framework 4.6 (same as my project’s version)

I have a couple of questions regarding how i can setup this :

  1. Do i need to add a sonar-project.properties file also and if so where should i place it … at the Project root in my VS workspace or ONLY in the Jenkins workspace
  2. If mantained in VS workspace do i need to checkout this file into source control
  3. If i have to add a sonar-project.properties file is the content below sufficient :
sonar.projectKey=<*****>
sonar.projectName=<project name>
sonar.projectVersion=1.0
sonar.login=<sonar-login-token>
sonar.sources=src
sonar.exclusions=**/*.doc,**/*.docx,**/*.ipch,/node_modules/,
sonar.host.url=http://<url>/
  1. If i am going to need the file what values should i use for the following :
sonar.projectKey=<*****>       (Where do i get this ? Do i need to create a project in SonarQube server and if so any links for the procedure)
sonar.projectName=<project name>   (I am going to put the name of my project . Is this correct ?)
sonar.projectVersion=1.0 (Can i skip this. If not what should i put here)
onar.login=<sonar-login-token>   (What value is this? Should i put the Jenkins token generated in SonarQube webhook. If not what do i put here)
sonar.sources=src (What value should i put here? My project is a .net mvc project. No idea what path to use )
sonar.exclusions=**/*.doc,**/*.docx,**/*.ipch,/node_modules/, (What value should i put here? Can i skip this )
sonar.host.url=http://<url>/  (What value should i put here? Is  http://localhost:9000 correct ? )
  1. I have written my pipeline in Jenkins as below :
pipeline {
			agent any
			stages {
				stage('Checkout'){
					steps{                       
						checkout([$class: 'GitSCM', branches: [[name: '*/develop']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'Fredo', url: 'https://github.com/Ed877/FinSys.git
                        ']]])
					}
				}
				stage('Build') {
    					steps {
    					    bat "\"${tool 'MSBuild'}\" PaySys.sln /p:DeployOnBuild=true /p:DeployDefaultTarget=WebPublish /p:WebPublishMethod=FileSystem /p:SkipInvalidConfigurations=true /t:build /p:Configuration=Release /p:Platform=\"Any CPU\" /p:DeleteExistingFiles=True /p:publishUrl=c:\\inetpub\\wwwroot\\"
    					}
				}
				stage('Quality Gate') {
				environment {
    scannerHome = tool 'MSBuild_SonarScanner'
  }
  steps {
    withSonarQubeEnv('LocalSonar') {
      echo "${scannerHome}"
      bat "${scannerHome}\\SonarScanner.MSBuild.exe begin /k:{project-key} /n:{project-name} /v:build"
      bat 'msbuild project.sln /t:Rebuild /p:Configuration=Release'
      bat "${scannerHome}\\SonarScanner.MSBuild.exe end"
    }
  }
  
   }
			}
}

Is it sufficient/correct ? If so what values should i use for :
/k:{project-key} (Do i use project key as in sonar-project.properties file )
/n:{project-name} (Do i use project name as in sonar-project.properties file )
bat 'msbuild project.sln … ’ (Do i need to put full path of project here and if so is this path correct : C:\Users\username\source\repos\PaySys\PaySys.sln)

2

Hi,

Welcome to the community!

I’m sorry this seems so confusing! Since you’re working on a .NET project, you’ll use SonarScanner for .NET.

As discussed in the docs, make sure your pipeline includes a begin step before the build, and an end step after the build. The pipeline code you’ve provided seems to build and then rebuild inside the begin/end steps. No need to build twice! Just move your begin to before the build.

Since you’re not using the vanilla SonarScanner, you don’t need a sonar-project.properties. Many of the values you would set it in are read from the project. The rest are the ones the docs tell you to pass on the command line. They do correspond to the values that folks using the vanilla SonarScanner would put in the properties file.

So yes:

You should be doing everything from project root, so there’s no need to supply a full path.

 
HTH,
Ann

3

Thanks for the response.
Which value do i use for /k:{project-key}. Is it an arbitrary value i just set or its configured elsewhere and if so where?

I have not seen any sample pipeline in the docs where there is usage of begin step and end step. Nothing here either.

May you assist with a link with usage.

4

Hi,

TBH I would have expected it to be read from your .NET project & /k: used only for overrides. If you must set it manually, then yeah it’s basically arbitrary. Use your project name & sub-in dashes or underscores for spaces and non-ascii characters.

Regarding documentation, I liked above to the SonarScanner for .NET docs page. It gives you the commands. Just stick those into your pipeline, the same way you did your build command.

 
HTH,
Ann

5

. I am using SonarScanner for Jenkins SonarScanner for Jenkins. This is also appropriate right ?.

Sorry for the many questions – im still trying to find my way around how this works.
I am also not sure if im referencing the correct .exe here :

bat "${scannerHome}\SonarScanner.MSBuild.exe

Should i not be using the referenced exe below instead (as in the docs):
bat "${scannerHome}\SonarQube.Scanner.MSBuild

This is what i have after your recommendations :

         pipeline {
    			agent any
    			stages {
    				stage('Checkout'){
    					steps{                       
    						checkout([$class: 'GitSCM', branches: [[name: '*/develop']], 
         doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: 
        [[credentialsId: 'Fredo', url: 'https://github.com/Ed877/FinSys.git
                            ']]])
    					}
    				}
				
				stage('Build + SonarQube Analysis') {
				environment {
    scannerHome = tool 'MSBuild_SonarScanner'
      }
      steps {
    withSonarQubeEnv('LocalSonar') {
      echo "${scannerHome}"
      bat "${scannerHome}\\SonarScanner.MSBuild.exe begin /k:"PaySys" /n:"PaySys""
      bat 'MSBuild.exe PaySys.sln /t:Rebuild /p:Configuration=Release'
      bat "${scannerHome}\\SonarScanner.MSBuild.exe end"
    }
  }
  
   }
   
       stage("Quality Gate") {
            steps {
                timeout(time: 1, unit: 'HOURS') {
                    
                    waitForQualityGate abortPipeline: true
                }
            }
        }
		stage('Build + Deploy') {
    					steps {
    					    bat "\"${tool 'MSBuild'}\" PaySys.sln /p:DeployOnBuild=true /p:DeployDefaultTarget=WebPublish /p:WebPublishMethod=FileSystem /p:SkipInvalidConfigurations=true /t:build /p:Configuration=Release /p:Platform=\"Any CPU\" /p:DeleteExistingFiles=True /p:publishUrl=c:\\inetpub\\wwwroot\\"
    					}
				}
			}
}
8

I’ll be super honest here. It’s been a million years since I configured a job in Jenkins & never with a pipeline. I still know enough to say that under the hood, even the Jenkins scanner will/would be using .NET scanner. So those docs are relevant for you.

I’m sorry you have to ask them. I think it’s obvious that things could be clearer on our side.

Regarding the exe name, the Jenkins scanner docs tell you to run a separate install for this piece. That’s the executable you’ll use.

Regarding your pipeline code, the order of your steps looks correct to me. (Altho I still question Rebuild versus a plain build).

On a final note, a colleague has gently and privately pointed out that you do indeed need to specify project key on the command line.

 
HTH,
Ann

9

I will run the separate install as in the docs but my confusion still persists … Is this install automatically detected by my Jenkins installation “under the hood” as you say or will need additional configuration also.

So it means the setup will need both SonarScanner for MSBuild/SonarScanner for Jenkins ( below)

SonarScanner
SonarScanner859×295 23.5 KB

… as well as the SonarScanner for .NET.

As for the private key i have already referenced it here :
bat “${scannerHome}\SonarScanner.MSBuild.exe begin /k:“PaySys” /n:“PaySys””

11

Hi, We are using .net project using msbuild . Getting error and analysis the Sonarqube

12

Hi @chandrakumar_s,

Welcome to the community!

This topic is 1.5y old. Please create a new topic and include all relevant details, including your full analysis log.

 
Ann