SonarScanner for Jenkins - incorrect analysis ID referred by waitForQualityGate step

SpikeBlues · June 1, 2022, 7:32am

Must-share information

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
- SonarQube: Developer Edition Version 9.2.4 (build 50792)
- Scanner for Jenkins: 2.7
what are you trying to achieve
We would like to run multiple Sonarqube analyses and check the corresponding quality gate results in our monorepo projects.
We are aware that analyses in parallel is not yet supported by Scanner plugin at this point, ref: Sonarqube Scanner for Jenkins, analysis in parallel ? [SONARJNKNS-316]
Whereas sequantial analyses is supported per Sonarqube documentation:
Jenkins extension for SonarQube

If you want to run multiple analysis in the same pipeline and use waitForQualityGate you have to do everything in order

what have you tried so far to achieve this
However, we noticed that waitForQualityGate step still refres to the very first analysis task when there are multiple analyses in sequence. For example, with the following pipeline code:

pipeline {
    agent none
    stages {
        stage("matrix: build & test") {
            matrix {
                axes {
                    axis {
                        name "APP_NAME"
                        values "project_A", "project_B" // etc
                    }
                }
                agent {
                    kubernetes {
                        // cloud k8s definitions
                    }
                }
                stages("build -> test -> stash") {
                    stage('build') {
                        // build gradle project in parallel
                        sh('gradlew -p ${APP_NAME} clean build test')
                        // stash built project for sonar stages
                        stash "built_project_${APP_NAME}"
                    }
                }
            }
        }

        stage("sequential: sonar") {
            agent {
                kubernetes {
                    // cloud k8s definitions
                }
            }
            stages {
                stage("SonarQube - Project_A") {
                    steps {
                        unstash "built_project_Project_A"
                        container('jdk11') {
                            withCredentials([]) {
                                withSonarQubeEnv() {
                                    sh "gradlew -p Project_A sonarqube"
                                }
                            }
                        }
                    }
                }
                stage("QG - Project_A") {
                    steps {
                        waitForQualityGate abortPipeline: false
                    }
                }
                stage("SonarQube - Project_B") {
                    steps {
                        unstash "built_project_Project_B"
                        container('jdk11') {
                            withCredentials([]) {
                                withSonarQubeEnv() {
                                    sh "gradlew -p Project_B sonarqube"
                                }
                            }
                        }
                    }
                }
                stage("QG - Project_B") {
                    steps {
                        waitForQualityGate abortPipeline: false
                    }
                }
            }
        }
    }
}

I can see that sonarqube analyze generated two different task IDs correctly, but only the first task was picked up by waitForQualityGate. Resulting in the same quality gate result being referred twice.

I am curious if it’s due to the plugin version currently used by our infrastructure team being too old, or a bug/limitation from the scanner for multiple analyses in general (not limited to parallel execution).

Colin · June 1, 2022, 8:10am

Hey there.

Indeed, it looks like you’re facing SONARJNKNS-299 which was fixed in v2.8 of the Scanner for Jenkins. The latest version is v2.13.1.

SpikeBlues · June 2, 2022, 4:25am

Hi @Colin ,
Thanks for the quick reply.
I see, I will ask our infra guys to update scanner plugin to the latest compatible and test it out.
Best

Rebse · June 2, 2022, 10:38am

Hi,

there’s an alternative solution.
Instead of using the waitForQualityGate() Jenkins pipeline step, you might use a new generic
feature, working for all CI servers.

It works the other way around, polling for the quality gate result instead of waiting for webhook
with the matching analysisid from Sonarqube server.

That’s what we did for Sonarqube scans in Jenkins parallel step, as this is still not officially
supported =
[SONARJNKNS-316] - Jira (which was created after we raised
a ticket for Sonarsourc support)

and it works.

Simply use property sonar.qualitygate.wait=true
There is an additional property sonar.qualitygate.timeout with default 300 / 5 mins

For details see
CI integration overview => Failing a pipeline job when the Quality Gate fails
Broken pipelines for everyone!

The docs have

[…]
This increases the pipeline duration and causes the analysis step to fail any time the Quality Gate fails, even if the actual analysis is successful. You should only use this parameter if it’s necessary.

but it works for us and in fact it decreased the pipeline duration, as there were hacks like an additional sleep before the waitForQualityGate() step to make it work with Jenkins parallel step.
Using sonar.qualitygate.wait=true was also the recommendation from Sonarsource itself for our use case.

Gilbert

system · July 8, 2022, 2:01am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.