Automatically derive mandatory SonarQube properties from pom file in Jenkins

11
votes

Situation:

I want to analyze my project with SonarQube (5.4) triggered by Jenkins (1.642.4). It is a java project build with maven.

I see two ways to trigger the analysis:

  1. Post Build Action "SonarQube analysis with maven" but it's deprecated, so I don't want to use it
  2. Post Build Step "Execute SonarQube Scanner", is the recommended way.

Problem:

If I use the deprecated Post Build Action, the properties for sonar project configuration are derived automatically from the project pom.

It I use the recommended Post Build Step, I receive the Exception

You must define the following mandatory properties for 'Unknown': sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources

Undesired Solution:

The solution is to provide the required properties, via sonar-project.properties file in the java project or via parameters in Jenkins step.

IMHO: this is duplication. All relevant information is defined in the Maven pom: projectKey can be derived from artifactId, projectName and projectVerstion are same properties in maven. Especially the projectVersion is critical. I don't want to update the project version after each release (or write some code in release plugin to update it automatically).

What I want

I want to use the recommended Post Build Step in Jenkins, without redefine all project properties for all my project to make sonar happy. Instead sonar/jenkins/plugin/whatever should derive the properties from my maven pom file. Is there an additional plugin I can use? Can I reconfigure my Jenkins-Sonar-Plugin?

I don't want to provide any sonar specific information in my pom/project, because the project shouldn't care about sonar. It should contain only information required to build the project.

2
mavenjenkinscontinuous-integrationsonarqubesonarqube-scan

2 Answers

19
votes

The documentation (although slightly confusing, see edit below) explains how to use a generic post-build step (leveraging environment variables), instead of the deprecated post-build action. in short:

  • install latest SonarQube Plugin (v2.4 as of now) in Jenkins
  • in System Config under SonarQube servers: check Enable injection of SonarQube server configuration as build environment variables
  • in the configuration of your Maven project:
    • check Prepare SonarQube Scanner environment
    • add a post-build step Invoke top-level Maven targets and leverage the injected environment variables in the Goals field e.g.:

      $SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_AUTH_TOKEN

Edit: when the documentation says The Post-build Action for Maven analysis is deprecated. , it refers to the old post-build action which is not documented anymore. The paragraph after that warning (summarized in this answer) really is the recommended procedure. Illustration here if it's still not clear.

3
votes

Using SonarQube Scanner as a post build step you can configure it with at least this properties in Analysis properties:

sonar.projectKey=${POM_ARTIFACTID}
sonar.projectName=${POM_DISPLAYNAME}
sonar.projectVersion=${POM_VERSION}
sonar.sources=src
sonar.java.binaries=target
sonar.language=java
sonar.sourceEncoding=UTF-8

POM_* variables are mapped by Jenkins from Maven GAV info, look here: https://github.com/jenkinsci/jenkins/pull/933/files