Incompatibility with Sonar 7.7
Starting with Sonarqube 7.7 the preview mode (-Dsonar.analysis.mode=preview) was removed, making it incompatible with the plugin.
Sonarqube release notes say it now has "native support for short-living branches" https://www.sonarqube.org/sonarqube-7-7/, author will make an effort to integrate these features. Contributions are appreciated
A place to start with (for getting a json report): https://community.sonarsource.com/t/sonar-report-json-is-this-file-still-available/5827/6
View Sonar Gerrit on the plugin site for more information.
The current version of this plugin may not be safe to use. Please review the following warnings before use:
This plugin is intended to work with report provided by SonarQube running on a project in preview mode. That means SonarQube report generation should be included to build.
If you use Maven, fill out "Goals and options" field in "Build" section of your Jenkins job:
Gerrit Trigger configuration
Gerrit Trigger plugin should be installed and configured.
Rest API should be configured in the Advanced section of Gerrit Trigger settings.
HTTP authentication data should be set up. Enable Code-Review and Enable Verified checkboxes should be checked on.
For complete guidance please see Gerrit Trigger Wiki page.
Running out of Gerrit Trigger job
In case when the plugin is runing outside of a job with Gerrit Trigger the next environmental variables should be set:
- GERRIT_NAME - Gerrit server name
- GERRIT_CHANGE_NUMBER - Change number
- GERRIT_PATCHSET_NUMBER - Patchset number
Install the plugin via Jenkins plugin manager. Gerrit Trigger plugin should be also installed and configured.
Sonar Gerrit plugin is intended to run as post-build action. Choose it from available post-build actions.
There are several settings allows customise plugin for your needs.
There are the next sections:
- Server URL - URL of SonarQube instance used for analysis. It is also used to provide a link to a SonarQube rule in Gerrit comments. Default value:
Use setting "Project configuration" if only one SonarQube report is generated and static code analysis of the whole project is required.
Use setting "Sub-project configurations" to specify modules and paths for separate reports if modules are analysed separately or not every module needs to be analysed.
- Project base directory - subdirectory for a case when Jenkins job is related to a specific module of a big project. The path is relative to a main project root directory. Default value is empty.
- SonarQube report path - Path to a SonarQube report generated by SonarQube while a project was being built. The path is relative to a build working directory. Default value: target/sonar/sonar-report.json
- Allow auto match - setting to allow automatically match SonarQube issues to Gerrit files in case if project consists of several sub-modules, but only one SonarQube report is generated for the whole project.
Filter is used to specify what issues will be affected in the output:
- to be commented
- to affect review score
It is possible to filter issues by:
- Severity - SonarQube issue severity. If user doesn't want issues with low severity to be reported to Gerrit, he (or she) can choose the lowest severity level to be reported. For example if "Major" level is selected, information about issues with "Major", "Critical" and "Blocker" will be included to Gerrit review. Default value: Info.
- New issues only - reflects SonarQube issue "new" property. If issue is not marked as new that may be a sign that it is not created by processing commit and this issue is not supposed to be included to review.
- Changed lines only - when only several lines are changed in a commit user may not want other lines to be commented by Gerrit. With "Add comments to changed lines only" unchanged in the commit lines will not be commented in Gerrit.
Review settings contains of issue filter to specify issues to be commented and review template.
This section allows user to customise text, intended to use as review title and issue comment.
- Title - Review title settings allow customization of Gerrit review titles for both cases (violations found or not) separately. There are several tags to be replaced by real values allowed in this context:
- <info_count> - will be replaced with count of issues having INFO severity level;
- <minor_count> - will be replaced with count of issues having MINOR severity level;
- <major_count> - will be replaced with count of issues having MAJOR severity level;
- <critical_count> - will be replaced with count of issues having CRITICAL severity level;
- <blocker_count> - will be replaced with count of issues having BLOCKER severity level;
- <min_minor_count> - will be replaced with count of issues having MINOR severity level or higher;
- <min_major_count> - will be replaced with count of issues having MAJOR severity level or higher;
- <min_critical_count> - will be replaced with count of issues having CRITICAL severity level or higher;
- <total_count> - will be replaced with total count of issues.
- Comment - Issue comment pattern. Available tags:
- <key> - will be replaced with issue key;
- <component> - will be replaced with issue component info;
- <message> - will be replaced with issue message;
- <severity> - will be replaced with issue severity;
- <rule> - will be replaced with issue rule name;
- <rule_url> - will be replaced with link to rule description on SonarQube if SonarQube URL is provided in SonarQube settings section or rule name if URL is not provided;
- <status> - will be replaced with issue status;
- <creation_date> - will be replaced with issue creation date.
Starting with v. 2.1 it's become possible to specify a separate filter for score settings.
- Post score - This setting describes whether it is necessary to post score to Gerrit or not.
- Category - Gerrit category used for score posting. Default value: Code-Review.
- Score for no SonarQube violation found case - Score to be posted to Gerrit. Default value: +1
- Score for SonarQube violations found case - Score to be posted to Gerrit. Default value: -1
Please note: to use Gerrit category other than Default it is necessary to configure it in Gerrit. See details in Gerrit Documentation.
An example of settings to be added to the project.config for creating Sonar-Verified category:
And access rights:
To override the credentials used to post comments on the job level set up section "Override default HTTP credentials". (Global credentials on the Gerrit Trigger Server level should be set up as well for Gerrit Trigger needs.)
- Override default HTTP credentials? - This setting describes whether it is necessary to override Gerrit credentials from the Gerrit Trigger Server settings or not.
- HTTP Username - Username to be used to post review result to Gerrit.
- HTTP Password - Password to be used to post review result to Gerrit.
- Gerrit Server - The server used to check connection with overridden credentials. The value does not affect plugin settings and only used to verify credentials.
This functionality works when Gerrit is configured with post server settings.
- To be notified if no SonarQube violations found - Choice of persons to be notified. Default value: None.
- To be notified if SonarQube violations found - Choice of persons to be notified. Default value: Owner.
- To be notified if negative score is posted - Choice of persons to be notified. Default value: Owner.
- None - No notification regarding particular review will be sent.
- Owner - Notification with review results will be sent to a change owner.
- Owner & Reviewers - Notification with review results will be sent to an owner and to all the change reviewers added to the change.
- All - Everyone in Gerrit project will receive notification.
Basic support for pipelines is added in 2.0
Pipeline with default settings example
Pipeline overridden settings example
Result of plugin work in Gerrit history:
Plugin fails build with message "Unable to post review. Request failed"
This message occurres when RestAPIException is thrown by Gerrit API on attempt to post request.
Since version 1.0.7 it is possible to obtain a full stacktrace of the exception using a logger for class
The log will contain necessary information about the exception as follows:
In this version plugin settings has moved from Build Steps to Post Build Actions. User needs to reconfigure jobs, or settings will be erased to default.
Version 2.3 (2 Apr 2018)
Version 2.2.1 (5 Feb 2018)
Version 2.1 (6 Jan 2018)
Version 2.0 (24 Apr 2017)
Version 1.0.8 (6 Apr 2017)
- JENKINS-43093 - Replace NPE stacktrace with message in case when Gerrit Change and Patchset numbers are not set
- JENKINS-43047 - Fix issue processing for nested modules
- JENKINS-42465 - Fix LDAP lockout when using Gerrit HTTP password
- JENKINS-40970 - Add an option to override Gerrit HTTP credentials
- JENKINS-31240 - UI: Hide "Score Settings" section if "Post scor" is not checked
Version 18.104.22.168 (10 Nov 2016)
- JENKINS-33892 - Add details of RestAPIException to a log
Version 1.0.6 (3 Dec 2015)
- JENKINS-31892 - Support multiple project locations for multi-jobs
Version 1.0.5 (18 Nov 2015)
- JENKINS-31238 - Replace "Sonar" with "SonarQube" in plugin ui
- JENKINS-31639 - Notify user about plugin changes causing incompatibility
- JENKINS-31003 - Move plugin from post-build steps to post-build actions
Version 1.0.4 (24 Oct 2015)
- JENKINS-31001 - Unable to save changes for Filter settings
- JENKINS-31006 - Allow user to specify Gerrit category and post score under it.
- JENKINS-31005 - Move some settings to Advanced section
- JENKINS-31004 - Check if Gerrit RESTAPI is enabled
Version 1.0.3 (13 Oct 2015)
- JENKINS-30932 - Localisation is failed on error messages
- JENKINS-30933 - NPE on attempt to run job with no SonarQube execution configured
Version 1.0.2 (13 Oct 2015)
- JENKINS-30915 - Support plugin run in downstream jobs
Version 1.0.1 (9 Oct 2015)
- JENKINS-30853 - Support projects located in subdirectories of repository root directory.
- JENKINS-30863 - Unable to run plugin: NoSuchMethod Error: GerritTrigger.getTrigger
Version 1.0 (7 Oct 2015)