The SonarQube analysis has to be run outside of Bitbucket. Include Code Quality for Bitbucket never triggers a SonarQube™ analysis.
The most common scenario is an integration of the SonarQube™ analysis into the your build pipeline. A typical Sonar analysis has the following steps
A recommended flow with Include Code Quality for Bitbucket looks like:
New code changes pushed to
...
Bitbucket (or new pull request
...
The build pipeline is triggered and informed of the new changes
...
is created)
Bitbucket triggers your build pipeline for code changes
Your build pipeline must trigger the Sonar™ analysis
and executes the Sonar™Scanneror one of its build system-dependent alternatives.
...
The results of the analysis are sent to SonarQube
see below for required parameters
SonarQube™ informs Include Code Quality for Bitbucket over a
...
Webhook about a new analysis
...
report.
Include Code Quality for Bitbucket annotates
...
existing pull
...
requests with the issues found in the analysis.
Whichever external system you use to execute the Sonar Sonar™ scan, you need to run it with the correct parameters for your SonarQube SonarQube™ application. Use the analysis parameter matrix below to find yours.
Analysis Parameter Matrix
The table shows the minimally necessary parameters to get Sonar Include Code Quality for Bitbucket to work with SonarScanner Sonar™Scanner. Look at the SonarQube SonarQube™ documentation for additional parameters or different scanning methods.
Developer Edition or higher | Community Edition |
---|
SonarCloud™ https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/overview/ | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Common Parameters |
|
|
|
|
|
|
| ||||||
Branch Analysis |
| Parameter not supported, branch included in |
---|
Sonar™ project key as | See Developer Edition or higher | |||||
Pull Request Analysis |
|
---|
|
See: https://docs.sonarqube.org/latest/analysis/pull-request/ |
|
| See Developer Edition or higher | |
Only |
---|
SonarQube™ 7.7 |
|
| Not needed |
---|
Build Systems
Bamboo
We provide a first class integration for Bamboo with our Sonar Include Code Quality for Bamboo plugin. See our dedicated wiki page for more information.
Jenkins
...
Follow the instructions on the Sonar Scanner for Jenkins Wiki to set up the SonarScanner configuration.
...
Use
...
https://plugins.jenkins.io/atlassian-bitbucket-server-integration/ to connect Jenkins to Bitbucket.
Install the the https://plugins.jenkins.io/sonar/ Jenkins plugin, follow the instructions on the Sonar™ Scanner for Jenkins Wiki to configure your analysis.
[Community Edition] Install the https://plugins.jenkins.io/envinject/ plugin.
Community Edition: Freestyle Job
New 'Freestyle Job'
Select 'Bitbucket Server' for source code management
Select repository: enter
*/<yourMainBranch>
as 'Branch specifier' in 'Branches to build'Select "Bitbucket webhook trigger" and enable the pull request events
Add build steps
Write out the sanitized SONAR_BRANCH to a file by adding a 'Execute Shell' task with content:
Code Block language bash echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2- | sed s/[^0-9a-zA-Z:_.\-]/'-'/g) > sonar-branch
Inject this variable with an 'Inject environment variable' step: select `sonar-branch` as 'Properties filepath'
SonarQube versions 7.9.x and 8.x need to replace illegal branch characters.
Use the following command to export the sanitized branch name to a file:
...
Add 'Execute SonarQube Scanner' step: override project key and project name in the 'Analysis Properties' field like:
Code Block sonar.projectKey=my.plugin.key:${SONAR_BRANCH} sonar.projectName="Sonar Test Project - ${SONAR_BRANCH}"
Save configuration
Trigger analysis with 'Build Now', it should successfully analyze your main branch
Change the 'Branch specifier' to
**
to listen to all branchesCreate a Pull Request in Bitbucket and verify an analysis is triggered
Community Edition: Multibranch Pipeline
Add a 'Multibranch Pipeline'
Select 'Bitbucket Server' for 'Branch Sources' and add a Repository
Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events
Save
Add a Jenkinsfile
to the repository. It needs needs to calculate the sonar.projectKey
for the current branch (See https://mibexsoftware.atlassian.net/wiki/spaces/MSS/pages/3071082501/Sonar+Analysis+Configuration#Analysis-Parameter-Matrix)
Below is an example of such a pipeline:
Code Block | ||
---|---|---|
| ||
pipeline { agent any environment { scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' SONAR_BRANCH = sh(returnStdout: true, script: "printf '%s' $GIT_BRANCH | |
...
sed |
...
' |
...
s/[^0-9a-zA-Z:_.\\-]/ |
...
To inject the environment variable from the file sonar-branch
, you also need to install the Jenkins EnvInject Plugin.
...
-/g'")
}
stages {
stage('Analysis') {
steps {
withSonarQubeEnv('sonar') {
sh "${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=test.pipeline.proj:$SONAR_BRANCH -Dsonar.projectName=\"Awesome Pipeline - $SONAR_BRANCH\""
}
}
}
}
} |
Developer Edition or higher: Multibranch Pipeline
Add a 'Multibranch Pipeline'
Select 'Bitbucket Server' for 'Branch Sources' and add a Repository
Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events
Save
Use this Jenkinsfile
for inspiration:
Code Block | ||
---|---|---|
| ||
pipeline {
agent any
environment {
scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation'
}
stages {
stage('branch analysis') {
when {
not {
changeRequest()
}
}
steps {
withSonarQubeEnv('sonar-cloud') {
sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}"
}
}
}
stage('PR analysis') {
when {
changeRequest()
}
steps {
withSonarQubeEnv('sonar-cloud') {
sh "${scannerHome}/bin/sonar-scanner \
-Dsonar.pullrequest.key=${env.CHANGE_ID} \
-Dsonar.pullrequest.base=${env.CHANGE_TARGET} \
-Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
}
}
}
}
} |
Problems During Setup
We at Mibex Software are happy to help you in our support desk or at support@mibexsoftware.com
...