Automatically derive mandatory SonarQube properties from pom file in Jenkins

maven jenkins continuous-integration sonarqube sonarqube-scan
Sergej Werfel picture Sergej Werfel · Apr 27, 2016 · Viewed 9.4k times · Source

Situation:

I want to analyze my project with SonarQube (5.4) triggered by Jenkins (1.642.4). It is a java project build with maven.

I see two ways to trigger the analysis:

  1. Post Build Action "SonarQube analysis with maven" but it's deprecated, so I don't want to use it
  2. Post Build Step "Execute SonarQube Scanner", is the recommended way.

Problem:

If I use the deprecated Post Build Action, the properties for sonar project configuration are derived automatically from the project pom.

It I use the recommended Post Build Step, I receive the Exception

You must define the following mandatory properties for 'Unknown': sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources

Undesired Solution:

The solution is to provide the required properties, via sonar-project.properties file in the java project or via parameters in Jenkins step.

IMHO: this is duplication. All relevant information is defined in the Maven pom: projectKey can be derived from artifactId, projectName and projectVerstion are same properties in maven. Especially the projectVersion is critical. I don't want to update the project version after each release (or write some code in release plugin to update it automatically).

What I want

I want to use the recommended Post Build Step in Jenkins, without redefine all project properties for all my project to make sonar happy. Instead sonar/jenkins/plugin/whatever should derive the properties from my maven pom file. Is there an additional plugin I can use? Can I reconfigure my Jenkins-Sonar-Plugin?

I don't want to provide any sonar specific information in my pom/project, because the project shouldn't care about sonar. It should contain only information required to build the project.

Answer

Nicolas B. - SonarSource Team picture Nicolas B. - SonarSource Team · Apr 27, 2016

The documentation (although slightly confusing, see edit below) explains how to use a generic post-build step (leveraging environment variables), instead of the deprecated post-build action. in short:

  • install latest SonarQube Plugin (v2.4 as of now) in Jenkins
  • in System Config under SonarQube servers: check Enable injection of SonarQube server configuration as build environment variables
  • in the configuration of your Maven project:
    • check Prepare SonarQube Scanner environment
    • add a post-build step Invoke top-level Maven targets and leverage the injected environment variables in the Goals field e.g.:

      $SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_AUTH_TOKEN

Edit: when the documentation says The Post-build Action for Maven analysis is deprecated. , it refers to the old post-build action which is not documented anymore. The paragraph after that warning (summarized in this answer) really is the recommended procedure. Illustration here if it's still not clear.

Related questions

How do I correctly integrate Maven, Jenkins, Sonar and Cobertura?

hope someone can help. our project is an Eclipse plug-in project we have a Jenkins server our project uses Maven and Tycho (for plug-in projects) for build management we installed a Sonar server we integrated Sonar into Jenkins by using …

Read More
Jenkins CI Pipeline Scripts not permitted to use method groovy.lang.GroovyObject

I am Using Jenkins 2 for compiling Java Projects, I want to read the version from a pom.xml, I was following this example: https://github.com/jenkinsci/pipeline-plugin/blob/master/TUTORIAL.md The example suggest: It seems that there is …

Read More
Skip a submodule during a Maven build

We have a need to be able to skip a submodule in certain environments. The module in question contains integration tests and takes half an hour to run. So we want to include it when building on the CI server, …

Read More