Tuesday, March 12, 2024

How to Create Quality Gate in SonarQube and integrate with GitHub Actions | SonarQube Integration with GitHub Actions | Automate Code Scan using SonarQube In GitHub Actions and Force build to Fail or Pass



Pre-requisites:

How to Create Quality gate in SonarQube and integrate with GitHub Actions?

Make sure SonarQube is up and running and integrated with GitHub Actions. Please click here if you would like to setup SonarQube and integrate with GitHub Actions.

We will be executing below steps:
  • Login to SonarQube
  • Create Quality Gate in SonarQube
  • Add conditions in Quality Gate
  • Make quality gate as Default
  • Create GitHub Actions CICD workflow yaml
  • Add tasks for Maven build and Sonar Scan
  • Add tasks for integrating Quality gate 
  • pass/fail the builds in SonarQube

What is Quality gate?

In SonarQube a quality gate is a set of conditions that must be met in order for a project to be marked as passed.

Create Quality Gate

Login to SonarQube, Click on Quality gate, enter some name

Once you create the quality gate. Click on Add condition. 

Select new issues from the drop down and enter 2 



Select new bugs from the drop down and enter 1 as error


Setup a Default Gate


Create GitHub Actions CICD workflow yaml:

Go to GitHub repo where your Java project is, create a new file:

.github/workflows/cicd.yml


The below file have four steps(tasks) 
    - Checkout
    - Install Java on runner
    - Build using Maven
    - run Sonar Scan (this task need to have projectKey defined, otherwise build will fail)
    - run quality gate check
    - pass/fail the build

Copy the the whole yellow color marked content from below:

name: CI/CD workflow for Maven Build, Sonar Code scan and Quality gate check
on:
  push:
    branches:
      - main
  workflow_dispatch:
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v3
    - name: Set up JDK 11
      uses: actions/setup-java@v2
      with:
        distribution: 'adopt'
        java-version: '11'
    - name: Build with Maven
      run: mvn install -f MyWebApp/pom.xml
    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@master
      with:
        projectBaseDir: .
        args: >
          -Dsonar.organization=my-org
          -Dsonar.projectKey=my-Java-web-app
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
    # Check the Quality Gate status.
    - name: SonarQube Quality Gate check
      id: sonarqube-quality-gate-check
      uses: sonarsource/sonarqube-quality-gate-action@master
      # Force to fail step after specific time.
      timeout-minutes: 5
      env:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} #OPTIONAL
    # Show the output from the Quality Gate.
    # The possible outputs of the `quality-gate-status` variable are `PASSED`, `WARN` or `FAILED`.
    - name: "Here is SonarQube Quality Gate Status value.."
      run: echo "The Quality Gate status is ${{ steps.sonarqube-quality-gate-check.outputs.quality-gate-status }}"


Commit the file.

As soon as you commit, build will run immediately in GitHub Actions. 
Now you can see the output of build in Actions tab.




Now login to SonarQube to see the Scan report


If your code have any defects, you can see some build fails.

SonarQube Quality gate failed:

Watch Steps in YouTube channel:

No comments:

Post a Comment

DevSecOps Bootcamp Dec 2024 Schedule | DevSecOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

Lot of new topics covered like GitHub Actions, GitHub Advanced Security, Helm, Prometheus and Grafana..) The DevOps requirements in the IT m...