Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Code Quality for Bitbucket never triggers a SonarQube™ analysis.

The most common scenario is an integration of the SonarQube™ analysis into your build pipeline.

...

Whichever external system you use to execute the Sonar™ scan, you need to run it with the correct parameters for your SonarQube™ application. Use the analysis parameter matrix below to find yours.

Analysis Parameter Matrix

The table shows the minimally necessary parameters to get Include Code Quality for Bitbucket to work with Sonar™Scanner. Look at the SonarQube™ documentation for additional parameters or different scanning methods.

Developer Edition or higher

Community Edition

SonarCloud™ https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/overview/

Common Parameters

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ 
  -Dsonar.host.url=<SONAR_SERVER_URL>

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \
  -Dsonar.host.url=<SONAR_SERVER_URL>
Note

SonarQube™ versions 7.9.x and 8+ only allow certain characters [0-9a-zA-Z:-_.] in their project keys. Branch names typically contain / and cannot be used.

Use the same character as configured in the SonarQube™ server configuration under ‘Branch renaming for Sonar™ Project Keys’.

To replace illegal characters with the replacement character, the following sed expression can be used in your CI/CD configuration:

sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \
  -Dsonar.host.url=https://sonarcloud.io \
  -Dsonar.organization=<SONAR_CLOUD_ORGANIZATION>

Branch Analysis

Code Block
languagebash
  -Dsonar.branch.name=<branch_name> 

Parameter not supported, branch included in Sonar™ project key asBRANCH_NAME

See Developer Edition or higher

Pull Request Analysis

Code Block
languagebash
  -Dsonar.
pullrequests
pullrequest.key=<pull request id from Bitbucket>
  -Dsonar.pullrequest.branch=<source branch name of pull request>
  -Dsonar.pullrequest.base=<destination branch name of pull request>

See: https://docs.sonarqube.org/latest/analysis/pull-request/

Info

Take the source branch name of pull requests for BRANCH_NAME in Sonar™ project key

See Developer Edition or higher

Only SonarQube™ 7.7

Code Block
languagebash
  -Dsonar.analysis.scmRevision=COMMIT_ID
Code Block
languagebash
  -Dsonar.analysis.scmRevision=COMMIT_ID

Not needed

Build Systems

Bamboo

We provide a first class integration for Bamboo with our Include Code Quality for Bamboo plugin. See our dedicated wiki page for more information.

Jenkins

  1. Use Bitbucket Webhook to Jenkins or any other app to notify Jenkins about new code changes. See these instructions on how to set it up. It is important enabling the setting "Omit SHA1 Hash Code" in the repository settings of the app (see this issue on Github for more details).Follow https://plugins.jenkins.io/atlassian-bitbucket-server-integration/ to connect Jenkins to Bitbucket.

  2. Install the the https://plugins.jenkins.io/sonar/ Jenkins plugin, follow the instructions on the Sonar™ Scanner for Jenkins Wiki to set up the Sonar™Scanner configuration.The Jenkins Git plugin includes the origin/ prefix in branch names, which has to be removed. Use a Jenkins freestyle job.configure your analysis.

  3. [Community Edition] Install the https://plugins.jenkins.io/envinject/ plugin.

Community Edition: Freestyle Job

  1. New 'Freestyle Job'

  2. Select 'Bitbucket Server' for source code management

  3. Select repository: enter */<yourMainBranch> as 'Branch specifier' in 'Branches to build'

  4. Select "Bitbucket webhook trigger" and enable the pull request events

  5. Add build steps

    1. Write out the sanitized SONAR_BRANCH to a file by adding a 'Execute Shell' task with content:

      Code Block
      languagebash
      echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2- | sed s/[^0-9a-zA-Z:_.\-]/'-'/g) > sonar-branch
    2. Inject this variable with an 'Inject environment variable' step: select `sonar-branch` as 'Properties filepath'

    3. Add 'Execute SonarQube Scanner' step: override project key and project name in the 'Analysis Properties' field like:

      Code Block
      sonar.projectKey=my.plugin.key:${SONAR_BRANCH}
      sonar.projectName="Sonar Test Project - ${SONAR_BRANCH}"
  6. Save configuration

  7. Trigger analysis with 'Build Now', it should successfully analyze your main branch

    (Community Edition only) SonarQube™ versions 7.9.x and 8.x need to replace illegal branch characters.
    Use the following command to export the sanitized branch name to a file:

    Code Blockecho SONAR_BRANCH=$(

  8. Change the 'Branch specifier' to ** to listen to all branches

  9. Create a Pull Request in Bitbucket and verify an analysis is triggered

Community Edition: Multibranch Pipeline

  1. Add a 'Multibranch Pipeline'

  2. Select 'Bitbucket Server' for 'Branch Sources' and add a Repository

  3. Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events

  4. Save

Add a Jenkinsfile to the repository. It needs needs to calculate the sonar.projectKey for the current branch (See https://mibexsoftware.atlassian.net/wiki/spaces/MSS/pages/3071082501/Sonar+Analysis+Configuration#Analysis-Parameter-Matrix)

Below is an example of such a pipeline:

Code Block
languagegroovy
pipeline {
    agent any
    environment {
        scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' 
        SONAR_BRANCH = sh(returnStdout: true, script: "printf '%s' $GIT_BRANCH | 

...

sed 

...

'

...

s/[^0-9a-zA-Z:_.\\-]/-/

...

To inject the environment variable from the file sonar-branch , you also need to install the Jenkins EnvInject Plugin.

...

g'")
    }
    stages {
        stage('Analysis') {        
            steps {
                withSonarQubeEnv('sonar') {
                    sh "${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=test.pipeline.proj:$SONAR_BRANCH -Dsonar.projectName=\"Awesome Pipeline - $SONAR_BRANCH\"" 
                }
            }
        }
    }
}

Developer Edition or higher: Multibranch Pipeline

  1. Add a 'Multibranch Pipeline'

  2. Select 'Bitbucket Server' for 'Branch Sources' and add a Repository

  3. Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events

  4. Save

Use this Jenkinsfile for inspiration:

Code Block
languagegroovy
pipeline {
    agent any
    environment {
        scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' 
    }
    stages {
        stage('branch analysis') {
            when { 
              not {
                changeRequest()
              } 
            }
            steps {
                withSonarQubeEnv('sonar-cloud') {
                sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}"
                }
            }
        }
        
       
        stage('PR analysis') {
            when {
                changeRequest()
            }
            steps {
                withSonarQubeEnv('sonar-cloud') {
                sh "${scannerHome}/bin/sonar-scanner \
                      -Dsonar.pullrequest.key=${env.CHANGE_ID} \
                      -Dsonar.pullrequest.base=${env.CHANGE_TARGET} \
                      -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
                }
            }
        }
    }
}

Problems During Setup

We at Mibex Software are happy to help you in our support desk or at support@mibexsoftware.com

...