Situation:
I want to analyze my project with SonarQube (5.4) triggered by Jenkins (1.642.4). It is a java project build with maven.
I see two ways to trigger the analysis:
- Post Build Action "SonarQube analysis with maven" but it's deprecated, so I don't want to use it
- Post Build Step "Execute SonarQube Scanner", is the recommended way.
Problem:
If I use the deprecated Post Build Action, the properties for sonar project configuration are derived automatically from the project pom.
It I use the recommended Post Build Step, I receive the Exception
You must define the following mandatory properties for 'Unknown': sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources
Undesired Solution:
The solution is to provide the required properties, via sonar-project.properties file in the java project or via parameters in Jenkins step.
IMHO: this is duplication. All relevant information is defined in the Maven pom: projectKey can be derived from artifactId, projectName and projectVerstion are same properties in maven. Especially the projectVersion is critical. I don't want to update the project version after each release (or write some code in release plugin to update it automatically).
What I want
I want to use the recommended Post Build Step in Jenkins, without redefine all project properties for all my project to make sonar happy. Instead sonar/jenkins/plugin/whatever should derive the properties from my maven pom file. Is there an additional plugin I can use? Can I reconfigure my Jenkins-Sonar-Plugin?
I don't want to provide any sonar specific information in my pom/project, because the project shouldn't care about sonar. It should contain only information required to build the project.
The documentation (although slightly confusing, see edit below) explains how to use a generic post-build step (leveraging environment variables), instead of the deprecated post-build action. in short:
Enable injection of SonarQube server configuration as build environment variables
Prepare SonarQube Scanner environment
Invoke top-level Maven targets
and leverage the injected environment variables in theGoals
field e.g.:Edit: when the documentation says
The Post-build Action for Maven analysis is deprecated.
, it refers to the old post-build action which is not documented anymore. The paragraph after that warning (summarized in this answer) really is the recommended procedure. Illustration here if it's still not clear.Using SonarQube Scanner as a post build step you can configure it with at least this properties in Analysis properties:
POM_* variables are mapped by Jenkins from Maven GAV info, look here: https://github.com/jenkinsci/jenkins/pull/933/files