Skip to content

Latest commit

 

History

History
138 lines (119 loc) · 5.36 KB

DOCS.md

File metadata and controls

138 lines (119 loc) · 5.36 KB
date title author tags logo repo image
2021-09-26 13:36:00 +0000
SonarQube
diegopereiraeng
Sonar
SonarQube
Analysis
report
sonarqube.svg
drone-plugins/sonarqube-scanner
drone-plugins/sonarqube-scanner:latest

This plugin can scan your code quality and post the analysis report to your SonarQube server. SonarQube (previously called Sonar), is an open source code quality management platform.

The below pipeline configuration demonstrates simple usage:

steps:
- name: code-analysis
  image: drone-plugins/sonarqube-scanner:latest
  settings:
    sonar_host:
      from_secret: sonar_host
    sonar_token:
      from_secret: sonar_token

Customized parameters could be specified:

steps:
- name: code-analysis
  image: drone-plugins/sonarqube-scanner
  settings:
    sonar_host:
      from_secret: sonar_host
    sonar_token:
      from_secret: sonar_token
    sonar_name: project-harness
    sonar_key: project-harness
    build_number: 1.0
    timeout: 20
    sources: .
    level: DEBUG
    showProfiling: true
    exclusions: **/static/**/*,**/dist/**/*.js
    usingProperties: false
    binaries: .
    sonar_config_file: true
    sonar_config_file_override: false
    quality_gate_error_exit_code: 5
    sonar_qualitygate_timeout: 300
    branch: master
    inclusions: "*.go, *.java"
    sonar_quality_enabled: true
    artifact_file: artifact.json
    javascript_icov_reportPath: /path/to/icov/report
    java_coverage_plugin: jacoco
    jacoco_report_path: /path/to/jacoco/report
    ssl_keystore_pwd: your-keystore-password
    cacerts_location: /path/to/cacerts
    junit_reportpaths: /path/to/junit/reports
    source_encoding: UTF-8
    tests: /path/to/tests
    java_test: /path/to/java/test
    pr_key: 123
    pr_branch: your-pr-branch
    pr_base: your-pr-base
    coverage_exclusion: **/test/**/*.*,**/*.test.go
    java_source: 1.8
    java_libraries: /path/to/libraries
    surefire_reportsPath: /path/to/surefire/reports
    typescript_lcov_reportPaths: /path/to/typescript/lcov/reports
    verbose: true
    custom_jvm_params: "-Dsonar.java.source='value_you_want'"
    taskid: your-task-id
    skip_scan: true
    SONAR_SCANNER_OPTS: "--add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED"

Secret Reference

Safety first, the host and token are stored in Drone Secrets.

  • sonar_host: Host of SonarQube with schema(http/https).
  • sonar_token: User token used to post the analysis report to SonarQube Server. Click User -- My Account -- Security -- Generate Tokens.

Parameter Reference

  • sonar_name: Sonar Project Name.
  • sonar_key: Sonar Project Key.
  • sonar_qualitygate_timeout: Timeout in seconds for Sonar Scan.
  • artifact_file: Path to the artifact file that will be generated by the plugin.
  • sonar_quality_enabled: True to block the pipeline if Sonar quality gate conditions are not met.
  • branch: Branch for analysis. (-Dsonar.branch.name=)
  • build_number: Build Version.
  • build_version: Code version, Default value DRONE_BUILD_NUMBER.
  • timeout: Timeout in seconds, default 60.
  • sources: Comma-separated paths to directories containing source files.
  • inclusions: Comma-delimited list of file path patterns to be included in analysis. Example: *.go, *.java.
  • exclusions: Comma-delimited list of file path patterns to be excluded from analysis. Example: **/static/**/*,**/dist/**/*.js.
  • level: Control the quantity/level of logs produced during an analysis. Default value INFO. Options are DEBUG and TRACE.
  • showProfiling: Display logs to see where the analyzer spends time. Default value false (-Dsonar.showProfiling=)
  • branchAnalysis: Pass currently analyzed branch to SonarQube. (Must not be active for initial scan!) Default value false.
  • usingProperties: Use the sonar-project.properties file in the root directory as sonar parameters. (Not including sonar_host and sonar_token.) Default value false.
  • binaries: Path to application binaries (-Dsonar.java.binaries=).
  • sonar_config_file: Use sonar-project.properties if available. Default value false.
  • sonar_config_file_override: Use sonar-project.properties if available and override host, login, or project key settings. Default value false.
  • quality_gate_error_exit_code: Specifies the "exit code" error when the quality gate fails. Default is 5.

Javascript Parameters

  • javascript_icov_reportPath: Path to coverage report (-Dsonar.javascript.lcov.reportPath).

Java Parameters

  • jacoco_report_path: Path to Jacoco Report (if not default). (-Dsonar.jacoco.reportPath=).
  • java_coverage_plugin: Plugin to use as coverage, e.g., jacoco (-Dsonar.java.coveragePlugin=).

Notes

  • projectKey: PLUGIN_SONAR_KEY
  • projectName: PLUGIN_SONAR_NAME
  • You could also add a file named sonar-project.properties at the root of your project to specify parameters.

Code repository: drone-plugins/sonarqube-scanner.
SonarQube Parameters: Analysis Parameters.

Test your SonarQube Server:

Replace the parameter values with your own:

sonar-scanner \
  -Dsonar.projectKey=Harness:cie \
  -Dsonar.sources=. \
  -Dsonar.projectName=Harness/cie \
  -Dsonar.projectVersion=1.0 \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=60878847cea1a31d817f0deee3daa7868c431433