waitForQualityGate can't find task id

SonarQube Server / Community Build
, ,
1

Jenkins 2.138.4
SonarQube scanner 3.3.0.1492
SonarQube server 6.7.5

Trying to gate on SQ results. Using a minimal pipeline, and withSonarQubeEnv, the output file seems to be missing. Subsequent steps fail getting the task id.

Pipeline (some date redacted with *):

stage('build and test') {
    node('mesos') {
        checkout([$class: 'GitSCM', branches: [[name: '**']], doGenerateSubmoduleConfigurations: false, extensions: [[$class: 'WipeWorkspace']], submoduleCfg: [], userRemoteConfigs: [[name: 'origin', refspec: '+refs/pull/${ghprbPullId}/*:refs/remotes/origin/pr/${ghprbPullId}/*', url: '*']]])

        sh "mvn clean test -B -U -T 4 -s ${WORKSPACE}/settings.xml cobertura:cobertura -Dcobertura.report.format=xml -Dmaven.test.failure.ignore=true"

        def scannerHome = tool 'Sonar-QA'
        withSonarQubeEnv('SonarQA') {
            sh """
                ${scannerHome}/bin/sonar-scanner \
               -Dsonar.projectKey=* \
               -Dsonar.projectName=* \
               -Dsonar.sourceEncoding=UTF-8 \
               -Dsonar.java.source=1.8 \
               -Dsonar.sources=src/main/java \
               -Dsonar.tests=src/test \
               -Dsonar.modules=* \
               -Dsonar.java.binaries=${WORKSPACE}/*/target/classes \
               -Dsonar.analysis.mode=preview \
               -Dsonar.github.disableInlineComments=false \
               -Dsonar.github.pullRequest=${ghprbPullId} \
               -Dsonar.github.repository=* \
               -Dsonar.github.oauth=* \
               """
        }

        timeout(time: 15, unit: 'MINUTES') {
            withSonarQubeEnv('SonarQA') {
                def gate = waitForQualityGate() // Reuse taskId previously collected by withSonarQubeEnv

                if (gate.status != 'OK') {
                    error "Pipeline aborted due to quality gate failure: ${gate.status}"
                }

                echo "gate: ${gate.toString()}"
            }
        }
    }
}


INFO: 888/888 components tracked
INFO: ANALYSIS SUCCESSFUL
INFO: Executing post-job GitHub Pull Request Issue Publisher
INFO: Task total time: 1:36.467 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 1:42.234s
INFO: Final Memory: 61M/3005M
INFO: ------------------------------------------------------------------------
[Pipeline] }
WARN: Unable to locate 'report-task.txt' in the workspace. Did the SonarScanner succeeded?
2

Hi,

Let’s start with your analysis. First, you’re building with Maven, why not analyze with it too? That way you don’t have to provide that long list of properties. Speaking of your properties…

-Dsonar.projectKey=* \ -Dsonar.projectName=* \

I guess you’ve obfuscated here & you aren’t really passing * for these values?

-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.source=1.8 \
-Dsonar.sources=src/main/java \
-Dsonar.tests=src/test \
-Dsonar.modules=* \
-Dsonar.java.binaries=${WORKSPACE}/*/target/classes \

These will be read from your pom once you switch scanners

-Dsonar.analysis.mode=preview \

I think this is probably your problem. I think it still works in 6.7.* (it’s been a while and I’m too lazy to look it up). Among other things, it prevents the analysis report from being sent to the server. No analysis report > no server-side analysis > no Quality Gate status

-Dsonar.github.disableInlineComments=false \

I don’t recognize this one

-Dsonar.github.pullRequest=${ghprbPullId} \

I guess the goal is to get the QG status of your PR?

-Dsonar.github.repository=* \

This needs to be set server-side. No point in setting it here. It’s used post-analysis for PR decoration, by which time these values are out of scope.

-Dsonar.github.oauth=* \

Wha? Why…?

 
HTH,
Ann

3

After trying your suggestions, using mvn sonar:sonar is correctly wiring up waiting for a task to report. However, the webhook never fires – or at least, the jenkins job never receives it. Is there a spot that I can see what webhooks SQ thinks that it has sent?

That aside, I think there’s a bigger issue that I need to understand. If I’m trying to gate on a PR, I don’t want the report for that PR stored on the server – there’s really no need. Do you have suggestions how to achieve this?

Using mvn sonar:sonar for a PR seems to, by default:
a) record the analysis against the master branch;
b) throw an exception if multiple PR builds are running, because there’s already an analysis in process (presumably because both builds are trying to run the analysis against master)

Thoughts?

4

Hi,

You’ve got two places to check: the Jenkins log, and the project Webhooks interface: Administration > Webhooks.

We humbly beg to disagree. :slightly_smiling_face: For PR markup we can tell you there are issues but in-ALM we can’t give you the rich issue experience that we’ve built in SonarQube. Specifically I’m talking about issue flows (think null-pointer dereference issues) and secondary locations (think Cognitive Complexity).

I guess you mean compare the PR to the master branch?

That shouldn’t be happening. Sounds like more setup issues…

 
Ann