Skip to content
Snippets Groups Projects
Commit 3db0b125 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

feat: remove explicit MR analysis

parent 831704e7
Branches
Tags
No related merge requests found
......@@ -86,25 +86,17 @@ It is bound to the `test` stage, and uses the following variables:
| :lock: `SONAR_LOGIN` | SonarQube login (depends on your authentication method) | _none_ |
| :lock: `SONAR_PASSWORD` | SonarQube password (depends on your authentication method) | _none_ |
| `SONAR_BASE_ARGS` | SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/) | `sonar:sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues` |
| :lock: `SONAR_GITLAB_TOKEN` | GitLab [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with `api` scope. When set, activates the [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) integration. | _none_ |
| `SONAR_BRANCH_ANALYSIS_DISABLED` | Set to `true` to disable automatic [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/) and [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/) | _none_ (enabled) |
| `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enables check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) | _none_ (disabled) |
#### Automatic Branch Analysis & Merge Request Analysis
By default, this template tries to auto-detect and use [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/) or [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/) (depending on the context).
This template relies on SonarScanner's [GitLab integration](https://docs.sonarqube.org/latest/analysis/gitlab-integration), that is able to auto-detect whether to launch Branch Analysis or Merge Request Analysis
from GitLab's environment variables.
Those is a great SonarQube features but it assumes one of the following conditions:
:warning: This feature also depends on your SonarQube server version and license.
If using Community Edition, you'll have to install the [sonarqube-community-branch-plugin](https://github.com/mc1arke/sonarqube-community-branch-plugin) to enable automatic Branch & Merge Request analysis (only works from SonarQube version 8).
* you are using a [Developer Edition](https://www.sonarqube.org/developer-edition/) version,
* or you are using Community Edition with an opensource plugin emulating those features, such as [sonarqube-community-branch-plugin](https://github.com/mc1arke/sonarqube-community-branch-plugin).
If you're not in one of those cases, then you shall disable this feature by setting `SONAR_BRANCH_ANALYSIS_DISABLED`.
If you leave the feature enabled, if `SONAR_AUTH_TOKEN` is provided, the template will try to autodetect (using GitLab APIs) an opened merge request matching the current branch:
* If one is found, a SonarQube [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/) will be made.
* Otherwise, a simple [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/) is performed on the current branch.
:warning: Merge Request Analysis only works if you're running [Merge Request pipeline](https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines) strategy (default).
### `mvn-dependency-check` job
......
......@@ -72,16 +72,6 @@
"description": "SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/)",
"default": "sonar:sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues",
"advanced": true
},
{
"name": "SONAR_GITLAB_TOKEN",
"description": "GitLab API access token. When set, enables SonarQube [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/)",
"secret": true
},
{
"name": "SONAR_BRANCH_ANALYSIS_DISABLED",
"description": "Set to disable automatic [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/) and [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/)",
"type": "boolean"
},
{
"name": "SONAR_QUALITY_GATE_ENABLED",
......
......@@ -149,38 +149,6 @@ stages:
echo ""
fi
}
function sonar_autodetect_mr() {
if [[ "$SONAR_BRANCH_ANALYSIS_DISABLED" == "true" ]]
then
log_info "Branch Analysis and Merge Request Analysis are disabled"
return
fi
if [[ "$CI_MERGE_REQUEST_ID" ]]
then
# we are in an MR pipeline: no need to pass arguments as the SonarScanner for Maven will
log_info "Merge Request pipeline detected: let Maven plugin handle..."
return
fi
if [[ -n "$SONAR_GITLAB_TOKEN" ]]
then
curl -sS --header "PRIVATE-TOKEN: $SONAR_GITLAB_TOKEN" "$CI_API_V4_URL/projects/${CI_PROJECT_ID}/merge_requests?state=opened&source_branch=${CI_COMMIT_REF_NAME}" -o mr.json
if [ "$(cat mr.json)" != "[]" ]
then
mr_title=$(sed -E 's/\[\{[^{]*"title":"([^"]*)".*/\1/g' < mr.json)
mr_target=$(sed -E 's/\[\{[^{]*"target_branch":"([^"]*)".*/\1/g' < mr.json)
mr_id=$(sed -E 's/\[\{[^{]*"iid":([0-9]+).*/\1/g' < mr.json)
log_info "Merge Request \\e[33;1m$mr_title\\e[0m detected associated to this branch: trigger MR analysis..."
export sonar_mr_args="-Dsonar.pullrequest.key=$mr_id -Dsonar.pullrequest.branch=${CI_COMMIT_REF_NAME} -Dsonar.pullrequest.base=$mr_target"
else
log_info "No Merge Request associated to this branch: trigger branch analysis..."
export sonar_mr_args="-Dsonar.branch.name=${CI_COMMIT_REF_NAME}"
fi
else
log_info "\$SONAR_GITLAB_TOKEN unset: trigger branch analysis..."
export sonar_mr_args="-Dsonar.branch.name=${CI_COMMIT_REF_NAME}"
fi
}
function sonar_quality_gate_check() {
log_info "--- Waiting for Sonar analysis end..."
......@@ -494,7 +462,6 @@ mvn-sonar:
- "${MAVEN_PROJECT_DIR}/${MAVEN_CFG_DIR}/repository"
- "${MAVEN_PROJECT_DIR}/.sonar/cache"
script:
- sonar_autodetect_mr
- |
if [[ "$SONAR_URL" ]] && [[ -z "$SONAR_HOST_URL" ]]
then
......@@ -512,7 +479,6 @@ mvn-sonar:
${SONAR_LOGIN+-Dsonar.login=$SONAR_LOGIN}
${SONAR_PASSWORD+-Dsonar.password=$SONAR_PASSWORD}
$SONAR_BASE_ARGS
$sonar_mr_args
- if [[ "$SONAR_QUALITY_GATE_ENABLED" == "true" ]]; then sonar_quality_gate_check; fi
rules:
# exclude if $SONAR_URL and $SONAR_HOST_URL not set
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment