i had to implement a check, whether an artifact in Sonatype Nexus is Sonarqube approved, means
Sonarqube must have a projectKey = groupid:artifactid with projectVersion = artifactversion and
Quality gate status OK.
A Jenkins pipeline has the stages checkout, build, SQ scan, check SQ Quality gate,publish,deploy
The problem occurs when a Jenkins Maven pipeline is using the mvn release plugin inside of another conditional stage release (only run if BRANCH_NAME == ‘master’)
Sonarqube scan and QG stages run only after the snapshot build, thus the artifact with release version published by the mvn release plugin has no equivalent in Sonarqube. The check will always fail and the artifact will not get deployed.
My idea to fix that problem:
if BRANCH_NAME = ‘master’
- no SQ part after the build stage, but in the release stage instead
- determine the
sonar.projectVersion = pom.version - '-SNAPSHOT',
has to be done before the release stage, as
release:preparealready changes the pom.version
for the next snapshot,
- the release stage will call
mvn sonar:sonar -Dsonar.projectVersion=theversiondeterminedabove
Does anyone had this problem before and how did you solve it ?