Demo: Sonarqube Community Branch Plugin

Demo scenario using Sonarqube Community Branch Plugin in combination with Jenkins and GitLab.

The Jenkins instance is setup with 3 Pipeline jobs:

• tests-master: Running build, test, analyze on master branch
• tests-release-1.0: Running build, test, analyze on release-1.0 branch
• merge-request: Triggered by Merge Requests in GitLab

System Requirements

• Docker Compose in Linux environment (e.g. Docker for Windows with WSL2 Ubuntu)
• Hardware resources
  • Memory: >8 GB
  • Disk Space: ~20 GB

Setup Infrastructure: Jenkins, GitLab & SonarQube

URLs:

• Jenkins - http://localhost:8080
• GitLab - http://localhost:8000
• SonarQube - http://localhost:9000

Docker Compose

export JENKINS_HOME=/srv/jenkins
export GITLAB_HOME=/srv/gitlab
export SONAR_HOME=/srv/sonar
export POSTGRESQL_HOME=/srv/postgresql

sudo mkdir /srv
sudo chown -R <OWNER>:<GROUP> /srv
mkdir -p $JENKINS_HOME
mkdir -p $GITLAB_HOME
mkdir -p $SONAR_HOME
wget -O $SONAR_HOME/sonarqube-community-branch-plugin-1.6.0.jar https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/1.6.0/sonarqube-community-branch-plugin-1.6.0.jar
mkdir -p $POSTGRESQL_HOME

sysctl -w vm.max_map_count=262144

docker-compose up -d --build

Uninstall/Cleanup Docker Compose:

docker-compose down

sudo rm -rf /srv/*

Application Configurations

GitLab

1. Set initial password (for user root): gitlabpw

2. Deactivate Auto DevOps pipeline for all projects

3. Create new project in GitLab based on Spring Template:

   Project name = demo

4. Create new branch

   Branch name = release/1.0

5. Create GitLab API Token for Jenkins

   Name   = Jenkins
   Scopes = api, read_api

6. Create GitLab API Token for SonarQube

   Name   = SonarQube
   Scopes = api, read_api

7. Prepare GitLab Merge Request for Project root/demo

   • Deactivate Auto DevOps

   • Activate Allow requests to the local network from web hooks and services

   • Add Webhook

     URL          = http://jenkins:8080/project/merge-request
     Secret Token = 286342d2ee8dfbe063917e2b91b34d60
     Trigger      = Push Events, Note Events, Merge Requests Events, SSL Verification: disabled

SonarQube

1. Login: admin / admin

2. Create Token for Jenkins

3. Create Webhook

   Name = Jenkins
   URL  = http://jenkins:8080/sonarqube-webhook/

4. Configure SonarQube ALM Integration GitLab

   • Create GitLab Configuration

     API URL = http://gitlab:8000/api/v4
     Token   = < GitLab API Token for SonarQube >

Jenkins

1. Login: jenkins / jenkinspw
2. Update API token for GitLab Credential
3. Update Secret for SonarQube Credential
4. Run Jenkins job tests-master
5. Run Jenkins job tests-release-1.0

GitLab Merge Request

1. Enable Pull Request Decoration in SonarQube

   Configuration name = < select gitlab >
   Project ID         = root/demo

2. Start a new merge request by changing README.md file

Result: GitLab Merge Request Decoration

Result: SonarQube Branch View

Issues with Sonarqube Community Branch Plugin

• Sonarqube Community Branch Plugin removes all comments in Merge Request after each Pull Request Analysis and recreates the decoration comments: see Issue #141
  Workaround: n/a
• Summary comment is created as thread and not as comment: see Issue #106
  Workaround: Manually resolve thread before merge
• Sonarqube Community Branch Plugin does not support current version of SonarQube 8.6: see Issue #295
  Workaround: use version 8.5.1
  See also discussion on Sonarsource Community