SonarQube 8 Gitlab-ci scan always succeeds

SonarQube 8.0
SonarQube Scanner 4.2.0.1873

I have Sonarqube 8 setup with a local Gitlab. SSO login works fine, but when pushing to Gitlab, Sonarqube starts a scan and then reports a success to Gitlab regardless of the results of the scan.

Anyone have any ideas how we can get the scanner to exit with a fail when the results of the scan fail?

Is anyone else having this issue?

Cheers

Relevant gitlab-ci.yml section:

sonarqube_tests:
    except:
        - master
    stage: test
    tags:
        - rom
        - sonar
    script:
        - sonar-scanner -Dsonar.login=688430862e5a3cbfedc33901369835a74664da73 -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.project_id=$CI_PROJECT_ID -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME -Dsonar.projectKey="rom:$CI_COMMIT_REF_NAME" -Dsonar.projectName="Rom $CI_COMMIT_REF_NAME" -Dsonar.gitlab.max_major_issues_gate=0

sonar-project.properties:

sonar.projectKey=rom
sonar.projectName=Rom
sonar.projectVersion=8.2.1

sonar.sources=modules,public_html
sonar.host.url=http://10.0.0.41:9000
#sonar.analysis.mode=publish
sonar.issuesReport.console.enable=true
sonar.issuesReport.html.enable=true
sonar.issuesReport.json.enable=true

A bit more info.

Here is the json report from the scan:

{"task":{"id":"AW4Wv3B4IzqEuFqgBsZm","type":"REPORT","componentId":"AW38txkEuaHlET-mjWVM","componentKey":"rom:feature/vouchers","componentName":"Rom feature/vouchers","componentQualifier":"TRK","analysisId":"AW4Wv3nph-jLVrNLHe7A","status":"SUCCESS","submittedAt":"2019-10-29T09:01:15+0000","submitterLogin":"admin","startedAt":"2019-10-29T09:01:17+0000","executedAt":"2019-10-29T09:01:42+0000","executionTimeMs":25012,"logs":false,"hasScannerContext":true,"organization":"default-organization","warningCount":0,"warnings":[]}}

You’ll notice it says "status":"SUCCESS" but although the scan succeeded in scanning, it failed to pass the quality gate. Going to the project in SonarQube reveals: “Quality Gate Failed”

Right now, the integration to fail a Gitlab Pipeline based on the QG result hasn’t been developed yet. Keep an eye on MMF-1791, because it’s in our plans :wink:

Ahhh okay, thanks for that :slight_smile:

@Colin_SonarSource, will the comments posting to the Merge Request will be coming later as well?

Hello! When it is planned to be released Sonar 8.1? We are planning to migrate to Developer edition, but we are waiting for this functionality to be available. Thanks

Keep an eye on MMF-1840

It’ll be out as soon as it’s ready. :slight_smile: There’s typically a 2-month release cadence for SonarQube, so history says ~December

That will be great. Thanks for reply back so soon.

To prevent this becoming a thread for fielding all questions about our Gitlab integration / roadmap, I’m going to close this thread. All questions have been answered. :slight_smile: