Fail Azure DevOps pipeline if build fail to pass the SonarQube Quality Gate

Using SonarQube extesions from Marketplace for Azure DevOps provides much of the integration functionality between Azure DevOps and SonarQube. Once the build pipeline completes, you can login in SonarQube server and view the code analysis results. Based on the code analysis results against the Quality threshold set or default Quality Gate threshold, it will be assigned a rating. However, there is no way to stop check-in of code, if it fails to passes the Quality Gate criteria. However, we can use some PowerShell and SonarQube Web APIs to do this part for us. In this blog post, we’ll learn steps to do the same.

Generate SonarQube Token

One of the very first requirements is to be able to authenticate to the SonarQube server in an automated way. For this, we need to generate the SonarQube Token using one of the accounts which has admin access to the SonarQube Server.

To generate the SonarQube Token, login in the server. Click on the username and then select ‘My Account’. Switch to tab ‘Security’. Provide a memorable name for the token and generate the same:

generate sonar token for azure devops integration

Copy the token generated.

Add Token Value and Other details as build variables

We now need to tell Azure DevOps pipeline for some basic details about the Sonar Server. At the very minimum, we need to tell it three pieces of information:
1. Sonar Server Name – This should be full qualified domain name
2. Sonar Project Key – Used to uniquely identify a Sonar Project
3. Sonar Token – Used for authentication with Sonar Server

We can go to the variables tab in the Build Pipeline and then add the variables as shown:

add encrypted variables in the azure devops pipeline

We have masked the value of the Sonar Project and Sonar Token as part of the good practices about build configuration.

Add PowerShell task after Publish Quality Gate Result

Once the code analysis is complete, we can use the PowerShell task to run a custom PowerShell script for us. This script fetches the Quality gate rating from the Sonar Server.

The source code for the script can be downloaded from the https://github.com/goyalmohit/sonarqube-fetch-qualitygate-status

Below is how we supply values for the script to run:

add powershell script task in vsts tasks

We could also have chosen to run it directly using GitHub Url or modify it in other possible ways as we need. However, be sure to pass the information needed by the script to run.

Run build pipeline and observe results

Now we need to run the build pipeline and wait for the results. In case, build failed to pass the Quality Gate, it will fail the build and you would see an message like this:

fetch sonarqube quality gate status - 2

If we go and check the logs, we can clearly see why it has failed the build:

fetch sonarqube quality gate status

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s