Jenkins quality gate plugin checking the wrong scan

KC_Baltz · November 10, 2023, 1:51am

Community Edition Version 8.6.1 (build 40680)
Jenkins 2.356 with the 2.14 version of the Sonar Qube Scanner plugin
Trying to scan 3 separate folders in a monorepo
I have a sequential pipeline that scans one project, then waits for the Quality Gate before scanning the next project.

What I’m seeing is that all three scans produce different scan IDs but the waitForQualityGate step doesn’t always pick the most recent ID to wait for.

I see this was supposed to have been fixed in 2.8 as part of https://sonarsource.atlassian.net/browse/SONARJNKNS-299 but the fix doesn’t seem to be working in version 2.14 for me.

Here’s an anonymized version of our pipeline code:


stage("SonarQube-batch"){
  when {
  expression { env.BRANCH_NAME.startsWith("PR-") }
  }
  agent {
    node {
      label 'docker_node'
    }
  }
  steps{
    withSonarQubeEnv(credentialsId: '...',
    installationName:'Sonar' ){
      sh """
      cd project-batch
      mvn clean compile sonar:sonar
      """
  }
}
}

stage("Quality Gate-batch") {
  when {
  expression { env.BRANCH_NAME.startsWith("PR-") }
  }
        steps {
          timeout(time: 10, unit: 'MINUTES') {
            waitForQualityGate(webhookSecretId: 'Sonar-Secret' , abortPipeline: true)
          }
      }
}



stage("SonarQube-services"){
  when {
  expression { env.BRANCH_NAME.startsWith("PR-") }
  }
  agent {
    node {
      label 'docker_node'
    }
  }
  steps{
    withSonarQubeEnv(credentialsId: '...',
    installationName:'Sonar' ){
      sh """
      cd project-services
      mvn clean compile sonar:sonar
      """
  }
}
}

stage("Quality Gate-services") {
  when {
  expression { env.BRANCH_NAME.startsWith("PR-") }
  }
        steps {
          timeout(time: 10, unit: 'MINUTES') {
            waitForQualityGate(webhookSecretId: 'Sonar-Secret' , abortPipeline: true)
          }
      }
}

The maven logs for the scan have a line like this
https://sonarqube.example.com/api/ce/task?id=AYu2zeQ6279zphjWv_Cn

But the Wait step shows this:
Checking status of SonarQube task 'AYu2O_z5279zphjWv_CU' on server 'Sonar'

Colin · November 13, 2023, 4:33pm

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.6.1 → 8.9.10 → 9.9.2 → 10.2.1 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

If your error persists after upgrade, please come back to us.

KC_Baltz · November 30, 2023, 5:07pm

OK, we’ve updated to “Community Edition Version 10.1 (build 73491)” and we’re still seeing the same issue (which doesn’t surprise me as I suspect the problem is with the SonarQube Quality Gate plugin, not the SQ server itself).

dozGrou · December 6, 2023, 10:35pm

Hi,

You should try to do the scan inside the method dir() for both scans :

stage("SonarQube-batch"){
  when {
    expression { env.BRANCH_NAME.startsWith("PR-") }
  }
  agent {
    node {
      label 'docker_node'
    }
  }
  steps{
    dir('project-batch') {
      withSonarQubeEnv(credentialsId: '...', installationName:'Sonar'){
        sh "mvn clean compile sonar:sonar"
      }
    }
}

stage("Quality Gate-batch") {
  when {
    expression { env.BRANCH_NAME.startsWith("PR-") }
  }
  steps {
    dir('project-batch') {
      timeout(time: 10, unit: 'MINUTES') {
        waitForQualityGate(webhookSecretId: 'Sonar-Secret' , abortPipeline: true)
      }
    }
  }
}

That’s how I solved it. It appears that the waitForQualityGate method is missreading the .scannerwork as there are multiples .scannerwork, it always picks the first one.
I guess that only putting the waitForQualityGate inside the dir method should work.

KC_Baltz · December 7, 2023, 12:24am

This worked, thanks!