Skip to content

GitLab CI template for SonarQube

This project implements a generic GitLab CI template for running SonarQube analysis.

SonarQube is a Code Quality and Security tool that helps you analyse your source code and detect quality issues or security vulnerabilities as early as possible.

Usage

In order to include this template in your project, add the following to your gitlab-ci.yml:

include:
  - project: 'to-be-continuous/sonar'
    ref: '2.0.1'
    file: '/templates/gitlab-ci-sonar.yml'

SonarQube analysis job

This job performs a SonarQube analysis of your code.

It is bound to the test stage, and uses the following variables:

Name description default value
SONAR_SCANNER_IMAGE The Docker image used to run sonar-scanner sonarsource/sonar-scanner-cli:latest
SONAR_URL SonarQube server url none (disabled)
🔒 SONAR_AUTH_TOKEN SonarQube authentication token (depends on your authentication method) none
🔒 SONAR_LOGIN SonarQube login (depends on your authentication method) none
🔒 SONAR_PASSWORD SonarQube password (depends on your authentication method) none
SONAR_BASE_ARGS SonarQube analysis arguments -Dsonar.host.url=${SONAR_URL} -Dsonar.projectKey=${CI_PROJECT_PATH_SLUG} -Dsonar.projectName=${CI_PROJECT_PATH} -Dsonar.projectBaseDir=. -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues
🔒 SONAR_GITLAB_TOKEN GitLab access token with api scope. When set, activates the Sonar GitLab plugin integration. none
SONAR_BRANCH_ANALYSIS_DISABLED Set to true to disable automatic Pull Request Analysis and Branch Analysis none (enabled)
SONAR_GITLAB_ARGS Extra arguments to use with Sonar GitLab plugin -Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
SONAR_AUTO_ON_DEV_DISABLED When set to true, SonarQube analysis becomes manual on development branches (automatic otherwise) none

Automatic Branch Analysis & Pull Request Analysis

By default, this template tries to auto-detect and use Pull Request Analysis or Branch Analysis (depending on the context).

Those is a great SonarQube features but it assumes one of the following conditions:

If you're not in one of those cases, then you shall disable this feature by setting SONAR_BRANCH_ANALYSIS_DISABLED.

If you leave the feature enabled, if SONAR_AUTH_TOKEN is provided, the template will try to autodetect (using GitLab APIs) an opened merge request matching the current branch:

About Sonar GitLab plugin

The Sonar GitLab plugin uses the GitLab APIs to inline comments into your commits directly in GitLab for each new anomaly.

As explained above, this template automatically enables the Sonar GitLab plugin if SONAR_GITLAB_TOKEN is set. It will then simply append the SONAR_GITLAB_ARGS (overridable) to the SonarQube analysis arguments.

Comments added to GitLab will appear as owned by the user associated to the GitLab access token.

How should I configure other SonarQube arguments ?

The simplest and recommended way to configure other SonarQube analysis arguments (and even language specific args) is to use a sonar-project.properties file at the root of your repository.

Gitlab compatibility

ℹī¸ This template is actually tested and validated on GitLab Community Edition instance version 13.12.11