Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Sonar Include Code Quality for Bitbucket never triggers a SonarQube SonarQube™ analysis.

The most common scenario is an integration of the SonarQube SonarQube™ analysis into your build pipeline.

A recommended flow with Sonar Include Code Quality for Bitbucket looks like:

  1. New code changes pushed to Bitbucket (or new pull request is created)

    1. Bitbucket triggers your build pipeline for code changes

  2. Your build pipeline must trigger the

...

  1. Sonar™ analysis

    1. and executes the

...

    1. Sonar™Scanneror one of its build system-dependent alternatives.

    2. see below for required parameters

...

  1. SonarQube™ informs

...

  1. Include Code Quality for Bitbucket over a Webhook about a new analysis report.

...

    1. Include Code Quality for Bitbucket annotates existing pull requests with the issues found in the analysis.

Whichever external system you use to execute the Sonar Sonar™ scan, you need to run it with the correct parameters for your SonarQube SonarQube™ application. Use the analysis parameter matrix below to find yours.

Analysis Parameter Matrix

The table shows the minimally necessary parameters to get Sonar Include Code Quality for Bitbucket to work with SonarScanner Sonar™Scanner. Look at the SonarQube SonarQube™ documentation for additional parameters or different scanning methods.

Developer Edition or higher

Community Edition

SonarCloud

SonarCloud™ https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/overview/

Common Parameters

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ 
  -Dsonar.host.url=<SONAR_SERVER_URL>

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \
  -Dsonar.host.url=<SONAR_SERVER_URL>
Note
SonarQube

SonarQube™ versions 7.9.x and 8

.x

+ only allow certain characters [0-9a-zA-Z:-_.] in their project keys. Branch names typically contain / and cannot be used.

Use the same character as configured in the

SonarQube

SonarQube™ server configuration under ‘Branch renaming for

Sonar

Sonar™ Project Keys’.

To replace illegal characters with the replacement character, the following sed expression can be used in your CI/CD configuration:

sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \
  -Dsonar.host.url=https://sonarcloud.io \
  -Dsonar.organization=<SONAR_CLOUD_ORGANIZATION>

Branch Analysis

Code Block
languagebash
  -Dsonar.branch.name=<branch_name> 

Parameter not supported, branch included in

sonar

Sonar™ project key asBRANCH_NAME

See Developer Edition or higher

Pull Request Analysis

Code Block
languagebash
  -Dsonar.
pullrequests
pullrequest.key=<pull request 
identifier
id from Bitbucket>
  -Dsonar.pullrequest.branch=<source branch name of pull request>
  -Dsonar.pullrequest.base=<destination branch name of pull request>

See: https://docs.sonarqube.org/latest/analysis/pull-request/

Info

Take the source branch name of pull requests for BRANCH_NAME in

sonar

Sonar™ project key

See Developer Edition or higher

Only

SonarQube

SonarQube™ 7.7

Code Block
languagebash
  -Dsonar.analysis.scmRevision=COMMIT_ID
Code Block
languagebash
  -Dsonar.analysis.scmRevision=COMMIT_ID

Not needed

Build Systems

Bamboo

We provide a first class integration for Bamboo with our Sonar Include Code Quality for Bamboo plugin. See our dedicated wiki page for more information.

Jenkins

...

Follow the instructions on the Sonar Scanner for Jenkins Wiki to set up the SonarScanner configuration.

...

  1. Use

...

  1. https://plugins.jenkins.io/atlassian-bitbucket-server-integration/ to connect Jenkins to Bitbucket.

  2. Install the the https://plugins.jenkins.io/sonar/ Jenkins plugin, follow the instructions on the Sonar™ Scanner for Jenkins Wiki to configure your analysis.

  3. [Community Edition] Install the https://plugins.jenkins.io/envinject/ plugin.

Community Edition: Freestyle Job

  1. New 'Freestyle Job'

  2. Select 'Bitbucket Server' for source code management

  3. Select repository: enter */<yourMainBranch> as 'Branch specifier' in 'Branches to build'

  4. Select "Bitbucket webhook trigger" and enable the pull request events

  5. Add build steps

    1. Write out the sanitized SONAR_BRANCH to a file by adding a 'Execute Shell' task with content:

      Code Block
      languagebash
      echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2- | sed s/[^0-9a-zA-Z:_.\-]/'-'/g) > sonar-branch
    2. Inject this variable with an 'Inject environment variable' step: select `sonar-branch` as 'Properties filepath'

SonarQube versions 7.9.x and 8.x need to replace illegal branch characters.
Use the following command to export the sanitized branch name to a file:

...

    1. Add 'Execute SonarQube Scanner' step: override project key and project name in the 'Analysis Properties' field like:

      Code Block
      sonar.projectKey=my.plugin.key:${SONAR_BRANCH}
      sonar.projectName="Sonar Test Project - ${SONAR_BRANCH}"
  1. Save configuration

  2. Trigger analysis with 'Build Now', it should successfully analyze your main branch

  3. Change the 'Branch specifier' to ** to listen to all branches

  4. Create a Pull Request in Bitbucket and verify an analysis is triggered

Community Edition: Multibranch Pipeline

  1. Add a 'Multibranch Pipeline'

  2. Select 'Bitbucket Server' for 'Branch Sources' and add a Repository

  3. Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events

  4. Save

Add a Jenkinsfile to the repository. It needs needs to calculate the sonar.projectKey for the current branch (See https://mibexsoftware.atlassian.net/wiki/spaces/MSS/pages/3071082501/Sonar+Analysis+Configuration#Analysis-Parameter-Matrix)

Below is an example of such a pipeline:

Code Block
languagegroovy
pipeline {
    agent any
    environment {
        scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' 
        SONAR_BRANCH = sh(returnStdout: true, script: "printf '%s' $GIT_BRANCH | 

...

sed 

...

'

...

s/[^0-9a-zA-Z:_.\\-]/

...

To inject the environment variable from the file sonar-branch , you also need to install the Jenkins EnvInject Plugin.

...

-/g'")
    }
    stages {
        stage('Analysis') {        
            steps {
                withSonarQubeEnv('sonar') {
                    sh "${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=test.pipeline.proj:$SONAR_BRANCH -Dsonar.projectName=\"Awesome Pipeline - $SONAR_BRANCH\"" 
                }
            }
        }
    }
}

Developer Edition or higher: Multibranch Pipeline

  1. Add a 'Multibranch Pipeline'

  2. Select 'Bitbucket Server' for 'Branch Sources' and add a Repository

  3. Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events

  4. Save

Use this Jenkinsfile for inspiration:

Code Block
languagegroovy
pipeline {
    agent any
    environment {
        scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' 
    }
    stages {
        stage('branch analysis') {
            when { 
              not {
                changeRequest()
              } 
            }
            steps {
                withSonarQubeEnv('sonar-cloud') {
                sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}"
                }
            }
        }
        
       
        stage('PR analysis') {
            when {
                changeRequest()
            }
            steps {
                withSonarQubeEnv('sonar-cloud') {
                sh "${scannerHome}/bin/sonar-scanner \
                      -Dsonar.pullrequest.key=${env.CHANGE_ID} \
                      -Dsonar.pullrequest.base=${env.CHANGE_TARGET} \
                      -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
                }
            }
        }
    }
}

Problems During Setup

We at Mibex Software are happy to help you in our support desk or at support@mibexsoftware.com

...