Almost breaking my head over this for last few days but the github plugin for sonarqube (v 5.3) just does not seem to work.
I have my java app code in github, and have configured Jenkins to run mvn sonar:sonar goal on pull request.
The maven settings are:
clean site sonar:sonar
-Dsonar.analysis.mode=preview
-Dsonar.github.oauth=<OAUTH_TOKEN>
-Dsonar.github.repository=<ORG>/<REPO>
-Dsonar.github.pullRequest=${ghprbPullId}
-Dsonar.github.endpoint=<ENT_GITHUB_API_BASE__URI>
For sonar.analysis.mode, I tried 'issues' too
Now I perform foll:
make change to a fork (introduce a violation as per configured quality gate)
commit and push to fork repo
Create a pull request
run the jenkins job using above configuration
The analysis is successful, and the plugin always reports that all checks have passed and changes can be merged. I am just not able to understand why the github plugin in sonar is not able to show violation occured and checks have failed.
Now if I merge the pull request and run sonar analysis in publish mode on the master repo, it says quality gate failed and I am able to see this in SonarQube dashboard for the project with the statement that Quality gate has failed
What am I doing wrong here? My guess is the github plugin not able to compare the changes in the pull request with that in the master repo and hence not able to report the violation. How do I fix that?
Update:
If at the end, I merge the pull request to master repo and re-run the sonar analysis on the original pull request (the one that got merged), it does report the violation as comments in the Pull Request conversation. (But what is the point if sonar is going to report the violations after the pull request is merged???)
Related
The idea is that I want to block pull requests on GitHub if a build fails on Jenkins so that potential bad code doesn't get merged
I had originally found a plugin called Pipeline GitHub Notify Step: https://www.jenkins.io/doc/pipeline/steps/pipeline-githubnotify-step/ that uses
githubNotify
but then I found out from this link https://plugins.jenkins.io/pipeline-githubnotify-step/ that we should use the github-checks-plugin instead of the Pipeline GitHub Notify. I don't know if its because its depreciated or they just added similar features to the github-checks-plugin but I decided to just install the GitHub Checks Plugin. Afterwards I opened a PR on GitHub with code I knew would fail the build then ran a test build on Jenkins with the impression that GitHub would block my PR due to the bad build but it didn't I went under settings->branch and enabled Require status checks to pass before merging but it didn't block my PR because of the failed build. In fact it still doesn't even notice the failed build. Maybe I'm missing another plugin or perhaps there was something I forgot to enable.
Currently, I'm using SonarCloud to analyze some of the repositories in my project. But in some of them, the check status is not present (I want to make this mandatory).
The CI/CD server is CircleCI and SonarCloud it is working ok (PR branch is available).
In order to activate Github webhook, you must check that
The project in sonar has the icon of GitHub (relationship it's ok)
You have to create another branch and make a Pull Request
Call the Gradle task with PR params
./gradlew -Dsonar.pullrequest.branch=${CIRCLE_BRANCH} -Dsonar.pullrequest.base=master -Dsonar.pullrequest.key=${CIRCLE_PULL_REQUEST##*/}
Make sure that any of your repos don't override project keys
My TeamCity CI has the plugin GitHub Commit Hooks provided by Jetbrains to detect new pull requests and trigger a run. I've installed this plugin and configured it clicking here:
After that, the web hook is created on GitHub but the address is 0000:8111 which is wrong. So I change to the correct DNS and redeliver the request.
It seems to work, the server returns 202 with the message Scheduled checking for changes for 2 VCS roots. (Server time: 20180615T122359.142+0100) but the trigger is not working.
After a while another problem happens, the server starts rejecting the requests and GitHub returns this:
No stored auth data (secret key) found for public key "72WE45221-19fe-433b-9265-66b2168EW6c". Seems hook created not by this TeamCity server. Reinstall hook via TeamCity UI.
Environment:
TeamCity version: 2017.2.4 (build 51228)
GitHub Commit Hooks version: 62
What I can do to solve this issue? Is there any issue with my DNS?
EDIT 1:
Now I am able to trigger the build by commits and solved the secret key issue. But pull requests are not triggering the CI.
To solve the secret key issue, you need to change the Server URL on Global Settings.
A bit of a workaround, but have you tried using a VCS trigger to detect and build pull requests rather than a commit hook? This works the same as any other VCS check in trigger, so if your current configuration is already detecting VCS changes from Github it should be more straightforward to setup.
Pull requests on Github are automatically referenced using the following pattern +:refs/pull/*/head so with a VCS branch specification you can have a TeamCity build project that's dedicated to building pull requests.
See https://blog.jetbrains.com/teamcity/2013/02/automatically-building-pull-requests-from-github-with-teamcity/
I had a similar issue; the solution is to change the TC installation's settings so it's aware of its correct URL, and then re-adding the webhook through the plugin. The setting in question is Administration > Server Administration > Global Settings > Server Url:
I know there were a lot of conversations to this topic but any of those was helpful to me. So what I'm doing is configuring Jenkins CI to work properly with Github.
We want next:
When someone creates new PR or add commit to existing PR, Github
triggers Jenkins build.
During build is processing we want to see status - pending
Merge button should be disabled till build is completed
After build is completed, we want to see what is the status of that build - successful or failed
Right now, only step 1 works correctly but we can't figure out what is the problem with Jenkins requests to Github!
Also in console output I see error:
ERROR: Build step failed with exception java.lang.IllegalStateException: Can't get remote GH repo for project1 build and don't know what is the problem.
Any help would be really appreciated !
Regards
If you are using GitHub Pull Request Builder , go to trigger setup -> Update commit status during build
I'm setting up a project with Travis CI and SonarQube.com, everything goes smoothly when a pull request comes out of a branch from the repository but it is failing when Travis runs a build off a pull request from a forked repository.
A build out of a PR from the repository: https://travis-ci.org/PistachoSoft/dummy-calculator/builds/162905730
A build out of a PR from a forked repository: https://travis-ci.org/PistachoSoft/dummy-calculator/builds/162892678
The repository: https://github.com/PistachoSoft/dummy-calculator
As it can be seen in the build log this is the error:
You're not authorized to execute any SonarQube analysis. Please contact your SonarQube administrator.
Things I've tried out but didn't work out:
Updating the sonar token.
Using an encrypted token granted by another person from the organization.
Granting 'sonar-users' and 'Anyone' the 'Execute Analysis' permission on the SonarQube project.
What can I do to fix this?
First, I raise your attention on one important point: you should not run a "standard" SonarQube analysis on PR - otherwise your project on SonarQube.com will be "polluted" by intermediate analyses that have nothing to do with each other. Standard analyses must be executed only on the main development branch - which is usually the "master" branch. Please read the runSonarQubeAnalysis.sh file of our sample projects to see how to achieve that.
Now, why your attempt does not work? Simply because the SONAR_TOKEN environment variable (that you've set as "secure" in your YML file) will not be decoded by Travis when the PR is coming "from the outside world" (i.e when it's not a PR of your own). This is a security constraint to prevent anybody to fork your repo, update the YML file with a echo $SONAR_TOKEN, submit a PR and genlty wait that Travis executes it to unveil the secured environment variable.
Analyzing "external" PR is something that we'll soon be working on so that this is easy, straightforward and yet secured for OSS projects to benefit from this feature.