Migrated to sonarqube v7.9.1 API

[javamachr]

Migrated to sonarqube 7.9.1 API, dropped deprecated parts like preview mode - now using always publish.

For 8.2 see #280

[aix3]

It is amazing, can you tell me the usage, it is the same as old plugin? @javamachr

[javamachr]

Yes it is drop in replacement - same usage as before. I use it combined with sonar-community-branch plugin and so far no issues found.

[aix3]

Help me, in my pull request exist an issue, but reported no issues, and inline comment are ineffective. @javamachr

My command:

mvn --batch-mode verify sonar:sonar -Dsonar.host.url=http://sonar.test.com -Dsonar.gitlab.project_id=413 -Dsonar.gitlab.commit_sha=faaa05e756adbd02c5cdcc5bcb75970de352b6fc -Dsonar.gitlab.ref_name=6.9.0 -Dsonar.branch.name=6.9.0.pr1

My sonarqube version: Community Edition 7.9.1

[aix3]

Help me, in my pull request exist an issue, but reported no issues, and inline comment are ineffective. @javamachr

My command:

mvn --batch-mode verify sonar:sonar -Dsonar.host.url=http://sonar.test.com -Dsonar.gitlab.project_id=413 -Dsonar.gitlab.commit_sha=faaa05e756adbd02c5cdcc5bcb75970de352b6fc -Dsonar.gitlab.ref_name=6.9.0 -Dsonar.branch.name=6.9.0.pr1

My sonarqube version: Community Edition 7.9.1

I found the reason., Thanks!

[lfojacintho]

Thanks for migrating @javamachr.
It's working for me on Sonar 7.9.1 Developer Edition

[hwangjr]

#222
so this issue has fixed by this pull request? @gabrie-allaigre consider merging this branch for new 5.x release?

[javamachr]

Yes this PR makes it work with either SonarQube Developer Edition or SonarQube Community with Sonar Community Branch plugin installed.

[qindj]

Help me, in my pull request exist an issue, but reported no issues, and inline comment are ineffective. @javamachr
My command:

mvn --batch-mode verify sonar:sonar -Dsonar.host.url=http://sonar.test.com -Dsonar.gitlab.project_id=413 -Dsonar.gitlab.commit_sha=faaa05e756adbd02c5cdcc5bcb75970de352b6fc -Dsonar.gitlab.ref_name=6.9.0 -Dsonar.branch.name=6.9.0.pr1

My sonarqube version: Community Edition 7.9.1

I found the reason., Thanks!

could you please share your exp? thanks!

[aix3]

Help me, in my pull request exist an issue, but reported no issues, and inline comment are ineffective. @javamachr
My command:

mvn --batch-mode verify sonar:sonar -Dsonar.host.url=http://sonar.test.com -Dsonar.gitlab.project_id=413 -Dsonar.gitlab.commit_sha=faaa05e756adbd02c5cdcc5bcb75970de352b6fc -Dsonar.gitlab.ref_name=6.9.0 -Dsonar.branch.name=6.9.0.pr1

My sonarqube version: Community Edition 7.9.1

I found the reason., Thanks!

could you please share your exp? thanks!

sonar.gitlab.ref_name and sonar.branch.name would be equal

-Dsonar.gitlab.ref_name=6.9.0.pr1 -Dsonar.branch.name=6.9.0.pr1

[tomzhan2019]

Are there any operating procedures? @javamachr

[javamachr]

It works the same way it did. Only difference is that preview mode was replaced by publish mode with branch name - preview is no more supported and was replaced by branch functionality in SonarQube.
This requires either SonarQube Community edition with Sonar community branch plugin installed or SonarQube Developer edition.
Just follow original instructions and wherever there was preview mode you need to replace -Dsonar.analysis.mode=preview param by -Dsonar.branch.name=$CI_COMMIT_REF_NAME.

Example:
mvn --batch-mode verify sonar:sonar -Dsonar.host.url=$SONAR_URL -Dsonar.login=$SONAR_LOGIN -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME -Dsonar.gitlab.project_id=$CI_PROJECT_ID -Dsonar.branch.name=$CI_COMMIT_REF_NAME

[tomzhan2019]

@javamachr
Normal operation. Thank you.

[qindj]

Help me, in my pull request exist an issue, but reported no issues, and inline comment are ineffective. @javamachr
My command:

mvn --batch-mode verify sonar:sonar -Dsonar.host.url=http://sonar.test.com -Dsonar.gitlab.project_id=413 -Dsonar.gitlab.commit_sha=faaa05e756adbd02c5cdcc5bcb75970de352b6fc -Dsonar.gitlab.ref_name=6.9.0 -Dsonar.branch.name=6.9.0.pr1

My sonarqube version: Community Edition 7.9.1

I found the reason., Thanks!

could you please share your exp? thanks!

sonar.gitlab.ref_name and sonar.branch.name would be equal

-Dsonar.gitlab.ref_name=6.9.0.pr1 -Dsonar.branch.name=6.9.0.pr1

tested & works , thank you!

[d-sokal]

Hi,
Just started using SonarQube and am trying to integrate with our GitLab, but I'm having issues. i get this error on job running:
11:14:27.522 ERROR: Error during SonarQube Scanner execution org.picocontainer.injectors.AbstractInjector$UnsatisfiableDependenciesException: com.talanlabs.sonar.plugins.gitlab.CommitPublishPostJob has unsatisfied dependency 'class com.talanlabs.sonar.plugins.gitlab.ReporterBuilder' for constructor 'public com.talanlabs.sonar.plugins.gitlab.CommitPublishPostJob(com.talanlabs.sonar.plugins.gitlab.GitLabPluginConfiguration,com.talanlabs.sonar.plugins.gitlab.SonarFacade,com.talanlabs.sonar.plugins.gitlab.CommitFacade,com.talanlabs.sonar.plugins.gitlab.ReporterBuilder)' from org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer@d9345cd:227<[Immutable]:org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer@31e4291:34<|
Environment:
GitLab: 12.3.5
SonarQube: 7.9.1 Community Edition
GitLab integration: sonar-gitlab-plugin-4.0.0.jar
and sonarqube-community-branch-plugin-1.1.1.jar
sonar-auth-gitlab-plugin-1.3.2.jar

I'm using as it was mentioned in the comment above -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME -Dsonar.branch.name=$CI_COMMIT_REF_NAME

[javamachr]

Hi,
Just started using SonarQube and am trying to integrate with our GitLab, but I'm having issues. i get this error on job running:
11:14:27.522 ERROR: Error during SonarQube Scanner execution org.picocontainer.injectors.AbstractInjector$UnsatisfiableDependenciesException: com.talanlabs.sonar.plugins.gitlab.CommitPublishPostJob has unsatisfied dependency 'class com.talanlabs.sonar.plugins.gitlab.ReporterBuilder' for constructor 'public com.talanlabs.sonar.plugins.gitlab.CommitPublishPostJob(com.talanlabs.sonar.plugins.gitlab.GitLabPluginConfiguration,com.talanlabs.sonar.plugins.gitlab.SonarFacade,com.talanlabs.sonar.plugins.gitlab.CommitFacade,com.talanlabs.sonar.plugins.gitlab.ReporterBuilder)' from org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer@d9345cd:227<[Immutable]:org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer@31e4291:34<|
Environment:
GitLab: 12.3.5
SonarQube: 7.9.1 Community Edition
GitLab integration: sonar-gitlab-plugin-4.0.0.jar
and sonarqube-community-branch-plugin-1.1.1.jar
sonar-auth-gitlab-plugin-1.3.2.jar

I'm using as it was mentioned in the comment above -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME -Dsonar.branch.name=$CI_COMMIT_REF_NAME

It seems that you have older class version in classpath - make sure there are no older version of plugin present in your sonarqube installation. Also add mvn clean step to ensure older classes are wiped out when building version with this PR included.

[javamachr]

Thanks a ton, @javamachr! so you mean that version 4.1.0-SNAPSHOT is the correct one in my case for sonarqube v7.9.1?

No, this PR has not been merged yet so there is no release version yet. You need to build it yourself. To make it work with v7.9.1 you need to manually checkout code from this https://github.com/javamachr/sonar-gitlab-plugin repo and run mvn clean package to build it. Then take the jar file from target directory and copy it to your sonar plugin directory.

[d-sokal]

@javamachr, i followed the steps you pointed out above (i checked out the code from sonar7.9 branch, ran mvn clean package command. after that i placed generated jar file into /opt/sonarqube/extensions/plugins folder and restarted sonar service ) but now i'm getting this error:

17:10:39.363 ERROR: Error during SonarQube Scanner execution
java.lang.NullPointerException
	at com.talanlabs.sonar.plugins.gitlab.GitLabApiV4Wrapper.createOrUpdateSonarQubeStatus(GitLabApiV4Wrapper.java:217)
	at com.talanlabs.sonar.plugins.gitlab.CommitFacade.createOrUpdateSonarQubeStatus(CommitFacade.java:126)

here is my .gitlab-ci.yml file:

sonarqube_preview:
  script:
    - git config --global user.email "jenkins@mycompany.com"
    - git config --global user.name "jenkins"
    - git checkout origin/development
    - git merge $CI_COMMIT_SHA --no-commit --no-ff
    - mvn --batch-mode clean install -Dmigration.skip=true -Dmaven.test.skip=true
    - /opt/sonar-scaner/bin/sonar-scanner
      -Dsonar.host.url=http://X.X.X.X:9000/
      -Dsonar.login=sonar
      -Dsonar.password=sonar
      -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
      -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
      -Dsonar.gitlab.project_id=$CI_PROJECT_ID
      -Dsonar.sourceEncoding=UTF-8
      -Dsonar.java.source=1.8
      -Dsonar.projectName=ABC
      -Dsonar.java.binaries=**/target/classes
      -Dsonar.projectKey=Java:ABC
      -Dsonar.sources=.
      -Dsonar.branch.name=$CI_COMMIT_REF_NAME
      -Dsonar.gitlab.only_issue_from_commit_line=true
      -X
  stage: test
  except:
    - master
    - development
    - tags
  tags:
    - abc

here is the list of installed plugins that i have:

1.sonar-auth-gitlab-plugin-1.3.2.jar
2.sonar-gitlab-plugin-4.1.0-SNAPSHOT.jar
3.sonar-java-plugin-5.14.0.18788.jar
4.sonarqube-community-branch-plugin-1.1.1.jar
5.sonar-scm-git-plugin-1.9.1.1834.jar

[javamachr]

That seems to be params issue. Plugin now works as expected. This can occur when either wrong projectID is used or something is wrong with config params. Please check that those params are passed correctly and have right value(try echoing the command with params before execution).
I only run sonar via maven sonar:sonar - haven't tried sonar-scanner tool so can't help much here. But it is definitely caused by parameter values so make sure you are passing correct values. Some version of gitlab have different ENV var names so try to play with it a bit to get it right.

[tenderitaf]

Hi thanks for this awesome work. Any merge to master ETA ?

[d-sokal]

@javamachr, I've got the solution why the job kept failing. That was definitely on my end. I had wrong sonar.gitlab.user_token that was provided on sonarqube server. Everything works now as specified. I do appreciate you help, my friend! Thanks a lot for your work again!

[unitysipu]

Confirm this is working on Sonarqube Enterprise 7.9.1

Sonarqube 8 has native support for gitlab EXCEPT MR decorations. We'll continue using this plugin until those are implemented. This plugin cannot coexist with sonarqube 8 (it doesn't even boot), but the gitlab configurations from community plugin are migrated. You need to add "API" scope to the gitlab sonarqube application configuration though, previously it was enough to just read the user info.

[songtao]

Getting error when run "mvn clean package":
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.18:test (default-test) on project sonar-gitlab-plugin: Execution default-test of goal org.apache.maven.plugins:maven-surefire-plugin:2.18:test failed: The forked VM terminated without properly saying goodbye. VM crash or System.exit called? [ERROR] Command was /bin/sh -c cd /Users/szhao/Workspace/sonar-gitlab-plugin && /Library/Java/JavaVirtualMachines/adoptopenjdk-12.0.1.jdk/Contents/Home/bin/java -javaagent:/Users/szhao/.m2/repository/org/jacoco/org.jacoco.agent/0.7.5.201505241946/org.jacoco.agent-0.7.5.201505241946-runtime.jar=destfile=/Users/szhao/Workspace/sonar-gitlab-plugin/target/coverage-reports/jacoco-ut.exec -jar /Users/szhao/Workspace/sonar-gitlab-plugin/target/surefire/surefirebooter8678577672023279734.jar /Users/szhao/Workspace/sonar-gitlab-plugin/target/surefire/surefire6135049945136735748tmp /Users/szhao/Workspace/sonar-gitlab-plugin/target/surefire/surefire_013785151489187887168tmp

openjdk version "12.0.1"

[javamachr]

Getting error when run "mvn clean package":
openjdk version "12.0.1"

Try older JVM. I only tested with 8 and 11.

[pvdissel]

Pretty please, make a release of the plugin with this PR!

[devicenull]

I built https://github.com/unitysipu/sonar-gitlab-plugin . Rename this .zip to .jar (don't extract it). No warranty, if it breaks you get to keep both pieces, etc.

sonar-gitlab-plugin-5.0.0-LTS-CUSTOM.zip

[stevehipwell]

@javamachr - Could you expose a release directly from your repo's releases so anyone who has an automated deployment can run your changes?

[javamachr]

As requested released from my repo here

[stevehipwell]

Great work @javamachr, thank you very much!

[stevehipwell]

@kortov try the version @javamachr built.

https://github.com/javamachr/sonar-gitlab-plugin/releases/tag/v4.1.0

[kortov]

@stevehipwell thanks, I know about it :) I mean the repo is not maintained since spring of 2019 (And once again, it's okay, it's an opensource and it's voluntary) but I don't think that's okay that repo is actually is freezed, there is no resolved issues, no merged PR's . I guess when the repo seems not actively maintained there is less chance that people will use it or improve it via PR's

[kortov]

Btw as off-topic, I do love the code quality of the project, nearly the 100% coverage (of course it's bug-prone without mutation or fuzz testing) is awesome, e.g I'd need years to get such coding level to write or maintain such project on my own

[devicenull]

Note that SonarQube itself added a Gitlab integration in the latest paid version.

[naofireblade]

The plugin from @javamachr does not work for me under SQ 8.2 CE anymore. Can anybody confirm this or am I missing some settings?

[unitysipu]

8.2 should have full gitlab support in the enterprise edition deprecating the need for this plugin. It's possible 8.2 is incompatible because of that.

[stalb]

For the community edition, you will also need the community branch plugin which doesn't work either : mc1arke/sonarqube-community-branch-plugin/issues/112

[tisoft]

For the community edition, you will also need the community branch plugin which doesn't work either : mc1arke/sonarqube-community-branch-plugin/issues/112

It does work with 8.x, you need to compile it yourself from this PR, though.

[naofireblade]

I already did that, the branch plugin is working for me.
Edit: The Community Branch Plugin also supports GitLab PR decoration by itself.

[tetebueno]

Worked for me in combination with sonarqube-community-branch-plugin.

Worked with:

• Used SonarQube version 7.9.
• Community branch plugin version 1.3.0
• Sonar GitLab plugin from this repo

No configuration needed in Sonar/GitLab but the installation of both plugins in Sonar and the generation of tokens in both Sonar and GitLab.

Configuration used in GitLab CI pipeline (in fact, this is the whole .gitlab-ci.yml file I've been using for testing). Also, I've tested this with Maven:

image: maven:latest
variables:
  GIT_DEPTH: 0
sonarqube-check:
  script:
    - mvn verify sonar:sonar
      -Dsonar.qualitygate.wait=true
      -Dsonar.links.ci=$CI_PROJECT_URL
      -Dsonar.links.homepage=${CI_PROJECT_URL}/pipelines
      -Dsonar.sources=src
      -Dsonar.host.url=$SONAR_URL (*)
      -Dsonar.login=$SONAR_TOKEN (*)
      -Dsonar.branch.name=$CI_COMMIT_REF_NAME
      -Dsonar.gitlab.api_version=v4
      -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
      -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
      -Dsonar.gitlab.project_id=$CI_PROJECT_ID
      -Dsonar.gitlab.url=$GITLAB_URL (*)
      -Dsonar.gitlab.user_token=$GITLAB_TOKEN (*)
  only:
    - merge_requests
    - master

Variables marked with (*) are to be defined with your values.

[shouldnotappearcalm]

Is there any way to support sonarqube 8.2 community edition?

[javamachr]

Is there any way to support sonarqube 8.2 community edition?

This was tested only on 7.9 but it should not be a problem to update it to v8.x - but it depends on Community branch plugin - so you need to wait until they update it to v8.2. I believe they have PR for v8.1 open now.

[shouldnotappearcalm]

@javamachr In fact, someone has made a version that supports 8.2 in sonarqube branch plugin, and I have tested it and it works. sonar branch plugin 8.2

[javamachr]

@javamachr In fact, someone has made a version that supports 8.2 in sonarqube branch plugin, and I have tested it and it works. sonar branch plugin 8.2

Then try newest PR #280

[eugentius]

Did somebody check how it works with Sonar 8.4?

[Kampfmoehre]

We use this fork in the latest versin 4.2 and it still works with SonarQube 8.4.2.

[eugentius]

We use this fork in the latest versin 4.2 and it still works with SonarQube 8.4.2.

Is https://github.com/mc1arke/sonarqube-community-branch-plugin required with this @javamachr 's fork?

[Kampfmoehre]

We don't use the plugin as we only run analysis on our main branches - so no it is not required.

[jkroepke]

Still works on 8.6

[javamachr]

I just released v4.3.0 compatible with sonar >= v8.6.0.39681.

[lucasoares]

@javamachr in the releases page of your fork there is no option to download the jar.

Should I build it manually?

Thank you for everything!

[javamachr]

@javamachr in the releases page of your fork there is no option to download the jar.

Should I build it manually?

Thank you for everything!

Sorry I forgot to publish the release draft - its there and public now.

[lucasoares]

@javamachr I don't know if this is the best place to ask this but I'm having some issues configurating the plugin.

I use detached pipelines (only for merge requests) and I use the merge_request_discussion feature to start discussions instead of just comments.

Using the plugin (I'm first trying with older versions) the external job stage with quality gate result is being created in another pipeline and not on my detached. This is overwriting the pipeline shown in the MR.

The discussion also are not working. If I go to gitlab to reply them, the gitlab UI bugs and no text area is shown.

is this only with me?

EDIT:

Just cloned the project to see how the plugin requests gitlab api to create commit statuses. It is not using the pipeline ID supported by API. I will test it here.

EDIT2:

Appears that the API doesn't support detached pipelines :(
Just created: https://gitlab.com/gitlab-org/gitlab/-/issues/300720