My Jenkins is integrated with SonarQube. Jenkins pipelines have a stage to scan the code using SonarQube and one more stage to get Quality Gate status from SonarQube.
For getting the QG status, we use webhooks in SonarQube. But recently we have observed that some pipelines are able to receive the QG status from SonarQube even if the webhook is not added in the respective SonarQube project.
We have also faced an issue for a few of our Jenkins pipelines where the SonarQube does not send back the status of Quality Gate even if the webhook is added. After running the Jenkins pipeline a few times, SonarQube starts sending back the QG status.
Recently we have upgraded both Jenkins and SonarQube applications
SonarQube : 9.9 LTS
Jenkins : 2.401.1
Please respond to this query on high priority as our work is being affected due to it.
I suppose the pipelines that get the Quality Gate status without a webhook are using sonar.qualitygate.wait=true. Per the docs this forces your Jenkins agent to continue running with the analysis report is being processed server-side, so it can poll the server for the results. Using a webhook instead allows the pipeline to be suspended until the message is pushed back from the server, saving cycles.
Without more detail, it’s difficult to know what’s going on with your pipelines that use webhooks.
Our Jenkins pipelines don’t use the sonar. quality gate.wait=truebecause The script that we use uses method waitForQualityGate() itself waits for the quality gate. please refer the script:
void call(){
timeout(time: 15, unit: 'MINUTES') {
def qualityGate = waitForQualityGate() // Reuse taskId previously collected by withSonarQubeEnv
if (qualityGate.status != 'OK') {
error("Pipeline aborted due to quality gate failure: ${qualityGate.status}")
}
}
}
waitForQualityGate() needs webhook as a pre-requisite but it is working without it in some cases.
Please advice.
When you say these projects don’t have webhooks, are you basing that off of an empty webhooks page at the project level? Because webhooks can be set globally as well.
At any rate, the answer is probably in your Jenkins logging, since you’ve established that your pipelines are getting the message from SonarQube somehow.
Yes, my requirement is to set the webhook on the project level. And on some projects, we see the webhook is not added and still we see the message from SonarQube.
I wanted to ask if there is a chance that, SonarQube might somehow be storing cache at the Jenkins side (specifically the webhook information)
did you check the computing times of the background task for the jobs in question = no webhook added ?
the scanner workflow
After analysis is finished, the report archive is uploaded to Sonarqube server, you should see the
analysis id on the administration / background tasks page.
waitForQualityGate() does an initial call to Sonarqube server to see if the background task is already
done - if yes, there’s no need to wait for webhook.
You will see such entry in the Jenkins console log, status is SUCCESS or FAILED
Checking status of SonarQube task ‘XXXXXXXXXX’ on server ‘Sonar’
SonarQube task ‘XXXXXXXXXXXX’ status is ‘SUCCESS’
If the background task compution takes longer, Jenkins console has
SonarQube task ‘XXXXXXXXXX’ status is ‘PENDING’
means a listener is created waiting for the webhook with the related analysis id until the configured timeout strikes.
Guess the jobs in question have a short background task computing duration, so no webhook needed.
I’ve seen also cases of using a sleep before the waitForQualityGate() step, i.e. sleep 10
Using sleep increases the chances to camouflage a webhook problem - or no configured webhook -, as the initial call is delayed and the background task might be finished meanwhile.
To see what’s going on in Jenkins you should create a custom Jenkins Sonarqube logger
(/manage/log/new) with configuration logger hudson.plugins.sonar and org.sonarsource.