SonarQube autorun with gitlab

Question

I created my own server with SonarQube, and i want to connect it with my gitlab. Every time i will puch my commits sonarqube scanner will run and create results + comments in code.

I've downloaded this plugin: https://gitlab.talanlabs.com/gabriel-allaigre/sonar-gitlab-plugin

According to Gitlab integration with SonarQube these are only 2 plugins

I instlled this plugin on my SonarQube Server. In plugin options added gitlab API key and url to my respository exacly as it is in documentation.

Ok so it's done... but what now? What I must change in gitlab that when I push commits gitlab will know that "ok, I have to analyse this code with this sonarqube server"

I'm totally new to this (sonarqube and gitlab), 3 days ago i didn't know nothing about SonarQube, and i didn't know that i can start a runner in gitlab.

There are some examples in plugin documentation but i don't understand them i mean I dont know where to put this code from section "Examples" on gitlab to make this work correctly.

Stucked in place. I'm not talking about this .gitlab-ci.yml becouse i've fount that it is for java projects, and it's ok but i want to analyse python and others... but how ;/?

Please help

Answer 1

First, the required setup consists of multiple components of which you have some already.

1. SonarQube server + Gitlab plugin(s) at https://sonarqube.example.com
2. Gitlab project (foo/bar)
3. A SONAR_TOKEN variable with a SonarQube user token set in your Project Settings CI/CD secret variables (to be injected in every CI job)
4. Gitlab CI configuration (.gitlab-ci.yml)
5. Sonar project configuration file in your projects root (sonar-project.properties)
6. The sonar-scanner installed on your CI runner (or see notes)

sonar-project.properties

Modify to your needs or provide all settings as -D options (see jobs)

# Required metadata
sonar.projectKey=nl.example.foo.bar
sonar.projectName=FoorBar app

# Comma-separated paths to directories with sources (required)
sonar.sources=src/app

# Language
sonar.language=js

# Encoding of sources files
sonar.sourceEncoding=UTF-8

# Exclude
sonar.exclusions=src/app/core/**/*

.gitlab-ci.yml jobs

The CI setup consists of 2 jobs that run in parallel (in my case), one job does the previewing and is responsible for commenting in your commits but doesn't actually sends data to SonarQube server. The 2nd job does the same scanning but posts to SonarQube server and checks all quality gates (pass/fail).

#######################################
# Check the project code quality with Sonar, make sure your Gitlab project has a secret variable (project -> settings -> CI/CD) defined called SONAR_TOKEN
#######################################
codequality_preview:
  stage: qa
  script:
    - sonar-scanner -Dsonar.host.url=https://sonarqube.example.com -Dsonar.analysis.mode=preview -Dsonar.login=$SONARQUBE_TOKEN -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME -Dsonar.projectVersion=$CI_JOB_ID -Dsonar.branch=$CI_COMMIT_REF_NAME -Dsonar.gitlab.project_id=$CI_PROJECT_URL

#######################################
# Check the project code quality with Sonar, make sure your Gitlab project has a secret variable (project -> settings -> CI/CD) defined called SONAR_TOKEN
#######################################
codequality:
  stage: qa
  script:
    - sonar-scanner -Dsonar.host.url=https://sonarqube.example.com -Dsonar.login=$SONARQUBE_TOKEN -Dsonar.projectVersion=$CI_JOB_ID -Dsonar.branch=$CI_COMMIT_REF_NAME

Notes

• Instead of installing a sonar-scanner in your runner you can also use e.g. a Docker container that provides a sonar-scanner.
• If you don't want a sonar-project.properties file you can provide the settings through the commandline like the other -D variables.