Files

105 lines
4.2 KiB
Markdown

---
title: SonarQube
source: http://localhost:9000/tutorials?id=tpeetz-kontor_kontor-spring_f9cc9061-e2c2-4cf5-8c47-b8a58c9f11fe&selectedTutorial=jenkins
author:
- "[[Posteingang/SonarQube]]"
published:
created: 2024-10-12
description:
tags:
- clippings
---
- [Projects](http://localhost:9000/projects)
- [Issues](http://localhost:9000/issues?issueStatuses=OPEN%2CCONFIRMED)
- [Rules](http://localhost:9000/coding_rules)
- [Quality Profiles](http://localhost:9000/profiles)
- [Quality Gates](http://localhost:9000/quality_gates)
- [Administration](http://localhost:9000/admin/settings)
- [More](http://localhost:9000/tutorials?id=tpeetz-kontor_kontor-spring_f9cc9061-e2c2-4cf5-8c47-b8a58c9f11fe&selectedTutorial=jenkins/#)
- Overview
- Issues
- Security Hotspots
- Measures
- Code
- Activity
- [Project Settings](http://localhost:9000/tutorials?id=tpeetz-kontor_kontor-spring_f9cc9061-e2c2-4cf5-8c47-b8a58c9f11fe)
- [Project Information](http://localhost:9000/project/information?id=tpeetz-kontor_kontor-spring_f9cc9061-e2c2-4cf5-8c47-b8a58c9f11fe)
- [Analysis Method](http://localhost:9000/tutorials?id=tpeetz-kontor_kontor-spring_f9cc9061-e2c2-4cf5-8c47-b8a58c9f11fe)
- [Jenkins](http://localhost:9000/tutorials?id=tpeetz-kontor_kontor-spring_f9cc9061-e2c2-4cf5-8c47-b8a58c9f11fe&selectedTutorial=jenkins)
1. ## Prerequisites
To run your project analyses with Jenkins, the following plugins must be **installed** and **configured**.
- GitLab plugin for Jenkins - version 1.5.13 or later
- SonarQube Scanner plugin for Jenkins - version 2.11 or later
For a step by step guide on installing and configuring those plugins in Jenkins, visit the [Analysis Prerequisites](https://docs.sonarsource.com/sonarqube/10.7/analyzing-source-code/ci-integration/jenkins-integration/key-features/) documentation page.
We recommend using the configuration in the following steps for the best results, but you can customize it as needed.
2. ## Create a Pipeline Job
Create a Pipeline in order to automatically analyze your project.
1. From Jenkins' dashboard, click **New Item** and create a **Pipeline Job**.
2. Under **Build Triggers**, choose **Build when a change is pushed to GitLab**. Write down the webhook URL provided. You will need it when configuring the webhook in GitLab.
- Under **Enabled GitLab triggers**, only select **Push events**.
- Click on **Advanced...**
- Find the **Secret token** text field, and click on **Generate**. Write down the secret token. You will need it when configuring the webhook in GitLab.
3. Under **Pipeline**, make sure the parameters are set as follows:
- **Definition:** Pipeline script from SCM
- **SCM:** Configure your SCM. Make sure to only build your main branch. For example, if your main branch is called "main", put "\*/main" under **Branches to build**.
- **Script Path:** Jenkinsfile
4. Click **Save**.
3. ## Create a GitLab Webhook
Create a Webhook in your repository to trigger the Jenkins job on push. You may skip this step if you already have a Webhook configured.
1. Go to the GitLab Webhook creation page for your repository and enter the following information:
- **URL:** Enter the URL you wrote down in the previous step.
- **Secret Token:** Enter the generated token you wrote down in the previous step.
2. Under **Trigger** check the following:
- **Push events**
3. Click **Add webhook**.
4. ## Create a Jenkinsfile
1. What option best describes your project?
2. Add the following to your `build.gradle` or `build.gradle.kts` file:
```
plugins {
id "org.sonarqube" version "5.1.0.4882"
}
sonar {
properties {
property "sonar.projectKey", "tpeetz-kontor_kontor-spring_f9cc9061-e2c2-4cf5-8c47-b8a58c9f11fe"
property "sonar.projectName", "kontor-spring"
}
}
```
3. Create a `Jenkinsfile` file in your repository and paste the following code:
```
node {
stage('SCM') {
checkout scm
}
stage('SonarQube Analysis') {
withSonarQubeEnv() {
sh "./gradlew sonar"
}
}
}
```
---
## And you are done!
If everything is running successfully, once the analysis is complete you'll be redirected to the Overview page of your project where the new analysis results will be displayed. This can take a few minutes.
- Each new push you make on your main branch will trigger a new analysis in SonarQube.