Include Code Quality for Bitbucket never triggers a SonarQube™ analysis.
The most common scenario is an integration of the SonarQube™ analysis into your build pipeline.
A recommended flow with Include Code Quality for Bitbucket looks like:
New code changes pushed to Bitbucket (or new pull request is created)
Bitbucket triggers your build pipeline for code changes
Your build pipeline must trigger the Sonar™ analysis
and executes the Sonar™Scanneror one of its build system-dependent alternatives.
see below for required parameters
SonarQube™ informs Include Code Quality for Bitbucket over a Webhook about a new analysis report.
Include Code Quality for Bitbucket annotates existing pull requests with the issues found in the analysis.
Whichever external system you use to execute the Sonar™ scan, you need to run it with the correct parameters for your SonarQube™ application. Use the analysis parameter matrix below to find yours.
Analysis Parameter Matrix
The table shows the minimally necessary parameters to get Include Code Quality for Bitbucket to work with Sonar™Scanner. Look at the SonarQube™ documentation for additional parameters or different scanning methods.
Developer Edition or higher | Community Edition |
---|
SonarCloud™ https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/overview/ | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Common Parameters |
|
|
|
| |||||||
Branch Analysis |
| Parameter not supported, branch included in Sonar™ project key as | See Developer Edition or higher | |||||
---|---|---|---|---|---|---|---|---|
Pull Request Analysis |
|
See: https://docs.sonarqube.org/latest/analysis/pull-request/ |
| See Developer Edition or higher | |||||||||||
Only SonarQube™ 7.7 |
|
| Not needed |
---|
Build Systems
Bamboo
We provide a first class integration for Bamboo with our Include Code Quality for Bamboo plugin. See our dedicated wiki page for more information.
Jenkins
...
Use
...
https://plugins.jenkins.io/atlassian-bitbucket-server-integration/ to connect Jenkins to Bitbucket.
Install the the https://plugins.jenkins.io/sonar/ Jenkins plugin, follow the instructions on the Sonar™ Scanner for Jenkins Wiki to
...
configure your analysis.
[Community Edition] Install the https://plugins.jenkins.io/envinject/ plugin.
Community Edition: Freestyle Job
New 'Freestyle Job'
Select 'Bitbucket Server' for source code management
Select repository: enter
*/<yourMainBranch>
as 'Branch specifier' in 'Branches to build'Select "Bitbucket webhook trigger" and enable the pull request events
Add build steps
Write out the sanitized SONAR_BRANCH to a file by adding a 'Execute Shell' task with content:
Code Block language bash echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2- | sed s/[^0-9a-zA-Z:_.\-]/'-'/g) > sonar-branch
Inject this variable with an 'Inject environment variable' step: select `sonar-branch` as 'Properties filepath'
Add 'Execute SonarQube Scanner' step: override project key and project name in the 'Analysis Properties' field like:
Code Block sonar.projectKey=my.plugin.key:${SONAR_BRANCH} sonar.projectName="Sonar Test Project - ${SONAR_BRANCH}"
Save configuration
Trigger analysis with 'Build Now', it should successfully analyze your main branch
...
(Community Edition only) SonarQube™ versions 7.9.x and 8.x need to replace illegal branch characters.
Use the following command to export the sanitized branch name to a file:
...
Change the 'Branch specifier' to
**
to listen to all branchesCreate a Pull Request in Bitbucket and verify an analysis is triggered
Community Edition: Multibranch Pipeline
Add a 'Multibranch Pipeline'
Select 'Bitbucket Server' for 'Branch Sources' and add a Repository
Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events
Save
Add a Jenkinsfile
to the repository. It needs needs to calculate the sonar.projectKey
for the current branch (See https://mibexsoftware.atlassian.net/wiki/spaces/MSS/pages/3071082501/Sonar+Analysis+Configuration#Analysis-Parameter-Matrix)
Below is an example of such a pipeline:
Code Block | ||
---|---|---|
| ||
pipeline { agent any environment { scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' SONAR_BRANCH = sh(returnStdout: true, script: "printf '%s' $GIT_BRANCH | |
...
sed |
...
' |
...
s/[^0-9a-zA-Z:_.\\-]/-/ |
...
To inject the environment variable from the file sonar-branch
, you also need to install the Jenkins EnvInject Plugin.
...
g'")
}
stages {
stage('Analysis') {
steps {
withSonarQubeEnv('sonar') {
sh "${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=test.pipeline.proj:$SONAR_BRANCH -Dsonar.projectName=\"Awesome Pipeline - $SONAR_BRANCH\""
}
}
}
}
} |
Developer Edition or higher: Multibranch Pipeline
Add a 'Multibranch Pipeline'
Select 'Bitbucket Server' for 'Branch Sources' and add a Repository
Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events
Save
Use this Jenkinsfile
for inspiration:
Code Block | ||
---|---|---|
| ||
pipeline {
agent any
environment {
scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation'
}
stages {
stage('branch analysis') {
when {
not {
changeRequest()
}
}
steps {
withSonarQubeEnv('sonar-cloud') {
sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}"
}
}
}
stage('PR analysis') {
when {
changeRequest()
}
steps {
withSonarQubeEnv('sonar-cloud') {
sh "${scannerHome}/bin/sonar-scanner \
-Dsonar.pullrequest.key=${env.CHANGE_ID} \
-Dsonar.pullrequest.base=${env.CHANGE_TARGET} \
-Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
}
}
}
}
} |
Problems During Setup
We at Mibex Software are happy to help you in our support desk or at support@mibexsoftware.com
...