Using SonarQube extesions from Marketplace for Azure DevOps provides much of the integration functionality between Azure DevOps and SonarQube. Once the build pipeline completes, you can login in SonarQube server and view the code analysis results. Based on the code analysis results against the Quality threshold set or default Quality Gate threshold, it will be assigned a rating. However, there is no way to stop check-in of code, if it fails to passes the Quality Gate criteria. However, we can use some PowerShell and SonarQube Web APIs to do this part for us. In this blog post, we’ll learn steps to do the same.
Generate SonarQube Token
One of the very first requirements is to be able to authenticate to the SonarQube server in an automated way. For this, we need to generate the SonarQube Token using one of the accounts which has admin access to the SonarQube Server.
To generate the SonarQube Token, login in the server. Click on the username and then select ‘My Account’. Switch to tab ‘Security’. Provide a memorable name for the token and generate the same:
Copy the token generated.
Add Token Value and Other details as build variables
We now need to tell Azure DevOps pipeline for some basic details about the Sonar Server. At the very minimum, we need to tell it three pieces of information:
1. Sonar Server Name – This should be full qualified domain name
2. Sonar Project Key – Used to uniquely identify a Sonar Project
3. Sonar Token – Used for authentication with Sonar Server
We can go to the variables tab in the Build Pipeline and then add the variables as shown:
We have masked the value of the Sonar Project and Sonar Token as part of the good practices about build configuration.
Add PowerShell task after Publish Quality Gate Result
Once the code analysis is complete, we can use the PowerShell task to run a custom PowerShell script for us. This script fetches the Quality gate rating from the Sonar Server.
The source code for the script can be downloaded from the https://github.com/goyalmohit/sonarqube-fetch-qualitygate-status
Below is how we supply values for the script to run:
We could also have chosen to run it directly using GitHub Url or modify it in other possible ways as we need. However, be sure to pass the information needed by the script to run.
Run build pipeline and observe results
Now we need to run the build pipeline and wait for the results. In case, build failed to pass the Quality Gate, it will fail the build and you would see an message like this:
If we go and check the logs, we can clearly see why it has failed the build: