Situation:
I want to analyze my project with SonarQube (5.4) triggered by Jenkins (1.642.4). It is a java project build with maven.
I see two ways to trigger the analysis:
Problem:
If I use the deprecated Post Build Action, the properties for sonar project configuration are derived automatically from the project pom.
It I use the recommended Post Build Step, I receive the Exception
You must define the following mandatory properties for 'Unknown': sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources
Undesired Solution:
The solution is to provide the required properties, via sonar-project.properties file in the java project or via parameters in Jenkins step.
IMHO: this is duplication. All relevant information is defined in the Maven pom: projectKey can be derived from artifactId, projectName and projectVerstion are same properties in maven. Especially the projectVersion is critical. I don't want to update the project version after each release (or write some code in release plugin to update it automatically).
What I want
I want to use the recommended Post Build Step in Jenkins, without redefine all project properties for all my project to make sonar happy. Instead sonar/jenkins/plugin/whatever should derive the properties from my maven pom file. Is there an additional plugin I can use? Can I reconfigure my Jenkins-Sonar-Plugin?
I don't want to provide any sonar specific information in my pom/project, because the project shouldn't care about sonar. It should contain only information required to build the project.
The documentation (although slightly confusing, see edit below) explains how to use a generic post-build step (leveraging environment variables), instead of the deprecated post-build action. in short:
Enable injection of SonarQube server configuration as build environment variables
Prepare SonarQube Scanner environment
Invoke top-level Maven targets
and leverage the injected environment variables in the Goals
field e.g.:
$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_AUTH_TOKEN
Edit: when the documentation says The Post-build Action for Maven analysis is deprecated.
, it refers to the old post-build action which is not documented anymore. The paragraph after that warning (summarized in this answer) really is the recommended procedure. Illustration here if it's still not clear.