| `SONAR_SCANNER_IMAGE` | The Docker image used to run [sonar-scanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) | `sonarsource/sonar-scanner-cli:latest` |
| `SONAR_HOST_URL` | SonarQube server url | _none_ (disabled) |
| `SONAR_PROJECT_KEY` | SonarQube Project Key (might also be set in the `sonar-project.properties` file) | fallbacks to `$CI_PROJECT_PATH_SLUG` (see below) |
| `SONAR_PROJECT_NAME` | SonarQube Project Name (might also be set in the `sonar-project.properties` file) | fallbacks to `$CI_PROJECT_PATH` (see below) |
| :lock: `SONAR_TOKEN` | SonarQube authentication [token](https://docs.sonarqube.org/latest/user-guide/user-token/)(depends on your authentication method) | _none_ |
| :lock: `SONAR_LOGIN` | SonarQube login (depends on your authentication method) | _none_ |
| :lock: `SONAR_PASSWORD` | SonarQube password (depends on your authentication method) | _none_ |
| :lock: `SONAR_GITLAB_TOKEN` | GitLab [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with `api` scope. When set, activates the [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) integration. | _none_ |
| `SONAR_BRANCH_ANALYSIS_DISABLED` | Set to `true` to disable automatic [Pull Request Analysis](https://docs.sonarqube.org/latest/analysis/pull-request/) and [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/) | _none_ (enabled) |
| `SONAR_GITLAB_ARGS` | Extra arguments to use with [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) | `-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}` |
...
...
@@ -64,8 +66,13 @@ It will then simply append the `SONAR_GITLAB_ARGS` (overridable) to the SonarQub
Comments added to GitLab will appear as owned by the user associated to the GitLab [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html).
### How should I configure other SonarQube arguments ?
### Configuring SonarQube project key, project name and other parameters
The simplest and recommended way to configure other SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/)
(and even [language specific args](https://docs.sonarqube.org/latest/analysis/languages/overview/)) is to use a
`sonar-project.properties` file at the root of your repository.
You shall define your SonarQube project key and project name in a `sonar-project.properties` file located at the root of your repository (as respectively `sonar.projectKey` and `sonar.projectName` entries), although they might alternately be set as `$SONAR_PROJECT_KEY` and `$SONAR_PROJECT_NAME` variables.
Note that when not explictly set, the template will use `$CI_PROJECT_PATH_SLUG` and `$CI_PROJECT_PATH` as fallback project key and project name.
The `sonar-project.properties` file is also the recommended way to configure other SonarQube [analysis parameters](https://docs.sonarqube.org/latest/analysis/analysis-parameters/)
as well as [language specific parameters](https://docs.sonarqube.org/latest/analysis/languages/overview/).
Each _to-be-continuous_ build template shall briefly document the supported language-specific SonarQube parameters.