devops:sonarqube
Table of Contents
Sonarqube
The sonarqube is the static code analysis tool.
Jenkins
Scan
In Jenkins
To scan the code use the Jenkins plugin “SonarQube Scanner”
via console
Break build
To break the build, when the sonarqube-project “workspaceteam1-project1team1” is red - one could use the following script:
#!/bin/bash CURL='/usr/bin/curl' RVMHTTP="http://sonar:9000/sonar/api/qualitygates/project_status?projectKey=workspaceteam1-project1team1" CURLARGS="-u adop:123abc123" # you can store the result in a variable raw="$($CURL $CURLARGS $RVMHTTP)" if [[ $raw = *"\"status\":\"ERROR\""* ]]; then exit 1 else exit 0 fi
Here we can retrieve the project key by using the following api:
curl -u adop:123abc123 http://52.210.126.173/sonar/api/projects/index?search="team1"
[{"id":"1","k":"workspaceteam1-project1team1","nm":"WorkspaceTeam1/Project1Team1","sc":"PRJ","qu":"TRK"}]
The next step is the request of the project state
curl -u adop:123abc123 http://52.210.126.173/sonar/api/qualitygates/project_status?projectKey=workspaceteam1-project1team1
{
"projectStatus":{
"status":"ERROR",
"conditions":[
{
"status":"OK",
"metricKey":"new_vulnerabilities",
"comparator":"GT",
"periodIndex":1,
"errorThreshold":"0",
"actualValue":"0"
},
{
"status":"OK",
"metricKey":"new_bugs",
"comparator":"GT",
"periodIndex":1,
"errorThreshold":"0",
"actualValue":"0"
},
{
"status":"OK",
"metricKey":"new_sqale_debt_ratio",
"comparator":"GT",
"periodIndex":1,
"errorThreshold":"1",
"actualValue":"0.0"
},
{
"status":"ERROR",
"metricKey":"bugs",
"comparator":"NE",
"errorThreshold":"0",
"actualValue":"1"
}
],
"periods":[
{
"index":1,
"mode":"previous_version",
"date":"2018-05-09T14:19:38+0000"
},
{
"index":2,
"mode":"previous_analysis",
"date":"2018-05-10T09:38:00+0000",
"parameter":"2018-05-10"
},
{
"index":3,
"mode":"days",
"date":"2018-05-09T14:19:38+0000",
"parameter":"30"
}
]
}
}
devops/sonarqube.txt · Last modified: 2023/11/01 07:15 by skipidar