I have two questions on quality gates in Sonarqube. Could you help me out on below questions.
1st:
I have a jenkins pipeline which runs the sonar scanning for the repo and publish the reports to sonarqube.
In the sonarqube we define some quality gates with specific conditions.
I want to fail the build automatically if that quality gates condition evaluates to true. How is this possible?
2nd:
if the quality gates condition is evaluates to true, we don’t want to fail the build right away.
We want to give a specific amount of time to developer until he fixes the issues.
and till then we want to pass the build though quality gates condition is met and only want to fail the build when developer don’t fix
the issues within stipulated time.
You can easily accomplish the first part (the docs should get you started), but not the second. But that’s okay, because what you lay out in the second part requires action from the developer which will necessarily trigger another build.
@ganncamp Could you elaborate more on the second one?
Need to keep an exception of n num of days around the quality gates until then pipeline should pass and should proceed to build stage, once n num days expired, pipeline should fail.
That’s just not how it works. Each analysis passes or fails the Quality Gate. Immediately. Period.
If it fails, and the developer subsequently “fixes the issue”, that fix will require making changes in code. And those changes will (should) trigger another analysis. Which will (hopefully) pass the Quality Gate. Problem solved. No big deal.
I guess you’re trying to build in a grace period before a problem is seen as a “black mark” on the developer? If I’m reading that right, I respect and appreciate the sentiment, but suggest that a change of mindset is called for.
Developers are human. Demanding perfection (which is implicit in counting a quality problem as a black mark) is just going to make them paranoid and less productive. Mistakes (QG failures) happen. As long as they’re acknowledged & fixed in a timely manner, it’s not a big deal.
Now, I’ve just read a lot into what you wrote & if I’ve misinterpreted, I apologize. But I’ve recently been reminded that SonarQube and it’s metrics are sometimes “used as a bludgeon”. So if I have the opportunity I want to steer people to more productive patterns.