===== Sonarqube =====
The sonarqube is the static code analysis tool.
=== Jenkins ===
== Scan==
=== In Jenkins ===
To scan the code use the Jenkins plugin "SonarQube Scanner"
=== via console ===
https://techexpert.tips/sonarqube/sonarqube-scanner-installation-ubuntu-linux/
== Break build==
To break the build, when the sonarqube-project "workspaceteam1-project1team1" is red - one could use the following script:
#!/bin/bash
CURL='/usr/bin/curl'
RVMHTTP="http://sonar:9000/sonar/api/qualitygates/project_status?projectKey=workspaceteam1-project1team1"
CURLARGS="-u adop:123abc123"
# you can store the result in a variable
raw="$($CURL $CURLARGS $RVMHTTP)"
if [[ $raw = *"\"status\":\"ERROR\""* ]]; then
exit 1
else
exit 0
fi
Here we can retrieve the project key by using the following api:
curl -u adop:123abc123 http://52.210.126.173/sonar/api/projects/index?search="team1"
[{"id":"1","k":"workspaceteam1-project1team1","nm":"WorkspaceTeam1/Project1Team1","sc":"PRJ","qu":"TRK"}]
The next step is the request of the project state
curl -u adop:123abc123 http://52.210.126.173/sonar/api/qualitygates/project_status?projectKey=workspaceteam1-project1team1
{
"projectStatus":{
"status":"ERROR",
"conditions":[
{
"status":"OK",
"metricKey":"new_vulnerabilities",
"comparator":"GT",
"periodIndex":1,
"errorThreshold":"0",
"actualValue":"0"
},
{
"status":"OK",
"metricKey":"new_bugs",
"comparator":"GT",
"periodIndex":1,
"errorThreshold":"0",
"actualValue":"0"
},
{
"status":"OK",
"metricKey":"new_sqale_debt_ratio",
"comparator":"GT",
"periodIndex":1,
"errorThreshold":"1",
"actualValue":"0.0"
},
{
"status":"ERROR",
"metricKey":"bugs",
"comparator":"NE",
"errorThreshold":"0",
"actualValue":"1"
}
],
"periods":[
{
"index":1,
"mode":"previous_version",
"date":"2018-05-09T14:19:38+0000"
},
{
"index":2,
"mode":"previous_analysis",
"date":"2018-05-10T09:38:00+0000",
"parameter":"2018-05-10"
},
{
"index":3,
"mode":"days",
"date":"2018-05-09T14:19:38+0000",
"parameter":"30"
}
]
}
}