Integrating Jenkins with SonarQube for code quality analysis.

Integrating Jenkins with SonarQube for code quality analysis involves setting up both tools and configuring Jenkins jobs to execute SonarQube analysis as part of the build pipeline. Below is a step-by-step guide to achieve this:

Prerequisites

  1. Jenkins: Installed and running.

  2. SonarQube: Installed and running.

  3. SonarQube Scanner: Installed on the Jenkins server.

  4. Source Code Repository: Such as Git, accessible by Jenkins.

Step 1: Install and Configure SonarQube

  1. Download and Install SonarQube:

    • Download the latest version of SonarQube from the SonarQube website.

    • Extract the archive and start the SonarQube server.

  2. Create a SonarQube Project:

    • Log in to the SonarQube dashboard.

    • Create a new project and generate a project key.

  3. Create a SonarQube Token:

    • In the SonarQube dashboard, navigate to My Account > Security.

    • Generate a new token and save it; you’ll need it for Jenkins configuration.

Step 2: Install and Configure SonarQube Scanner on Jenkins

  1. Install SonarQube Scanner Plugin:

    • Go to Manage Jenkins > Manage Plugins.

    • Install the SonarQube Scanner for Jenkins plugin.

  2. Configure SonarQube Server in Jenkins:

    • Go to Manage Jenkins > Configure System.

    • Scroll down to the SonarQube servers section.

    • Add a new SonarQube server with the following details:

      • Name: A name for your SonarQube server.

      • Server URL: The URL of your SonarQube server.

      • Server authentication token: The token you generated from SonarQube.

    • Save the configuration.

  3. Configure SonarQube Scanner:

    • Go to Manage Jenkins > Global Tool Configuration.

    • Scroll down to the SonarQube Scanner section.

    • Add SonarQube Scanner with an installation method (e.g., Install automatically from Maven Central).

    • Save the configuration.

Step 3: Create and Configure a Jenkins Job

  1. Create a New Jenkins Job:

    • Go to Jenkins Dashboard > New Item.

    • Choose a project type (e.g., Freestyle project) and give it a name.

  2. Configure Source Code Management:

    • In the job configuration, configure your source code repository (e.g., Git).
  3. Add Build Steps for SonarQube Analysis:

    • Add a Build Step for executing SonarQube analysis.

    • If using a Freestyle project, add an Execute SonarQube Scanner step and configure it with the necessary properties.

  1. Build Triggers:

    • Configure triggers as needed (e.g., poll SCM, build periodically).
  2. Save and Run the Job:

    • Save the job configuration and trigger a build to ensure that the integration works correctly.

Jenkins file

pipeline {
    agent any
    tools {
        jdk 'jdk11'
        maven 'maven3'
    }

    stages {
        stage('Git checkout') {
            steps {
                git branch: 'main', changelog: false, url: 'https://github.com/santosh-nellagi/Petclinic.git'
            }
        }

        stage('Build and SonarQube analysis') {
            steps {
                // Clean and compile
                bat 'mvn clean compile'

                // Package and run SonarQube analysis
                bat '''mvn package sonar:sonar \
                       -Dsonar.url=http://localhost:9000/ \
                       -Dsonar.login=squ_43261bc634299130175f89756cb55ba107343b73 \
                       -Dsonar.projectName=petclinic \
                       -Dsonar.projectKey=petclinic \
                       -Dsonar.java.binaries=target/classes'''
            }
        }
     post {
        always {
            script {
                def qg = waitForQualityGate()
                if (qg.status != 'OK') {
                    error "Pipeline aborted due to quality gate failure: ${qg.status}"
                }
            }
        }
    }
}