Sadly this Plugin depends on a “sonar-report.json” which seems to be a deprecated file, which was generated using “preview-mode” or on Clients using Sonar Lint.
Is there a way to create this file using SonarQube 7.4 on Jenkins without using SonarLint?
That file was an output of the long-since-removed Issues mode. You’re not going to be able to generate it from 7.4.
Different from what
@ganncamp
says, you
can
generate the sonar-report.json file in SonarQube 7.4. You need to pass these properties to sonar-scanner:
Thanks for the response. As Scott mentioned it is possible to use the
analysis.mode
parameter, but Ann mentioned it is deprecated (since SonarQube 6.6 as I found out) so I think I will not use it in production.
Nevertheless I will create a Ticket on the Jenkins Warnings NG Plugin Page that they provide an alternative to that file.
@Christoph_Forster
, I’m agree with you - unfortunately, currently there is no way to present SonarQube report in Jenkins and modify build status based on Sonar analyse.
BTW, I’m not sure that it’s a call for Jenkins Warnings NG Plugin - IMHO, SonarQube should provide its report in some standard format.
It is possible to get a report of the analysis with full issue details (number of issues, types, lines of code, …), but I don’t know if it is in the format expected by Jenkins.
We also use Jenkins and we don’t use its Sonar plugin but rather have a custom script that performs the analysis and sets a Gerrit score.
In order to get the report, take a look at the
report-task.txt
file generated by the scanner after it has finished. You first need to check that the server hea finished to process the analysis by downloading the URL of
ceTaskUrl
The file looks like this:
“task”: {
“status”: “PENDING”,
Keep downloading the
ceTaskUrl
file until the status shows
SUCCESS
(you can query this JSON file using the
jq
utility).
Once the server finished processing the analysis, you can download your report by querying the server using the Web API. The right API is
/api/issues
. The URL you should download is something like this:
This is I think the file you are looking for. It contains all issues with the comments that appear on Sonar. We only use it to set the score, but it is possible to extract the comments using jq and send the comments to Gerrit.
this works but how can access the report of a specifc run?
So, GETing
$serverUrl/api/issues/search?componentKeys=$projectKey&branch=$DEV_BRANCH&resolved=false&facets=severities
is fine, but how do I know this is the for the analysis that was performed - there is an
analysisId
, so can I get the issue based off the analsis id?
BTW, I am trying the get the Web API doc on SonarQube, but failing miserably. Can any point it to me?
Mashrur_Mia:
BTW, I am trying the get the Web API doc on SonarQube, but failing miserably. Can any point it to me?
Footer of your instance.
Mashrur_Mia:
this works but how can access the report of a specifc run?
If you’re specifying a short-lived branch/pull request, does it really matter which particular run it is?
thanks, got the API
Yeah, I am taking a look at the short-lived branching. Don’t have much experience (working on it).
But let me give you a context where I am coming from. Perhaps you can quickly guide me.
We have just updated to Java 11, and hence moved to SonarQube 7.7. We make use of Gerrit and our Jenkins jobs runs the build the sonar analysis of every commits of a change set. We use Gerrit-trigger and Sonar Gerrit plugin to accomplish this.
Since sonar-report.json is no longer generated, getting the issue from the SonarQube and putting it in the file (sonar-report.json) works as expected (turns out Sonar Gerrit plugin ignore unknown properties
).
But the analysis need to be of that specific run on that commit. I assume short-lived branch approach will work - each commit is a short-lived branch? (sorry for the stupid question).
Any quick advice?
The suggested workaround (different projectKey for every run) is working well. For the “issues search api” response to sonar-report.json conversion, I made a little jq script.
I have now also tested to use SonarToGerrit with SonarQube 7.9.2.
I have managed to publish comment to Gerrit as before and it works.
The problem I have now is that the time to analyse our project have increased allot. Since publish will analyse all files in the project. I have managed to use “sonar.source” to filter out only the packages that is part of my review. but that does not work on a multi module project.
So for multi module project it seems that I need to publish each module as a separate project instead of one project. But that gives me other problems, the SonarToGerrit plugin will not manage to recognize the projects and therefor not able to publish any comments to sonar. So I guess I need to manually update the sonar-report.json and merge all reports from each module to look like one project.
Do anyone have a ideas or solution for how to solve the increase analyse time in best way?
hi,
@Martin_Aldrin
recently the sonarqube server i use is updated tp 7.9 leading to the missing of sonar-report.json due to the -Dsonar.analysis.mode=preview is deprecated. would you please guide me how to make it work again since i see that you managed to make it.
thank you a lot.