SonarQube no measure have been collecting

[ortegaantunes]

Hello @dcoraboeuf

I have a problem to extract measures from SonarQube. Currently, when the Sonar step is executed on Jenkins build, the below message is showed on Ontrack Log.

 ontrack 2021-06-07 14:56:06.788 DEBUG 1 --- [nio-8080-exec-7] n.n.o.e.s.client.SonarQubeClient         : Getting measures,key=ontrack_poc,branch=NodeJS-Demo,version=49,metrics=[blocker_violations, coverage, violations, open_issues, │
│ complexity, comment_lines_density, comment_lines, files, lines, ncloc, new_lines, duplicated_files, duplicated_blocks, duplicated_lines, duplicated_lines_density, Duplications, sqale_rating, new_maintainability_rating, security_rat │
│ ing, vulnerabilities, reliability_rating, bugs, new_reliability_rating, code_smells[]                                                                                                                                                   │
│ ontrack 2021-06-07 14:56:06.799 DEBUG 1 --- [nio-8080-exec-7] e.s.m.SonarQubeMeasuresCollectionService : build=Build POC/NodeJS-Demo/49,scan=false,result=No SonarQube measure can be found for Build POC/NodeJS-Demo/49

The Ontrack configuration at project level is:

The Ontrack configuration at Admin settings is:

The stage on Jenkins is like:

            stage('Sonar') {
            steps{
              script{
                echo 'Start Analysis Code'
                withSonarQubeEnv ("sonar") {
                      sh "/opt/sonar-scanner/bin/sonar-scanner -X \
                      -Dsonar.projectKey=$SONAR_PROJECT_KEY \
                      -Dsonar.host.url=$SONAR_HOST_URL \
                      -Dsonar.test.inclusions=$SONAR_INCLUSIONS \
                      -Dsonar.login=$SONAR_AUTH_TOKEN \
                      -Dsonar.projectBaseDir=. \
                      -Dsonar.projectVersion=${env.BUILD_ID} \
                      -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info \
                      -Dsonar.sources=." 
                    }   
                }
            }
            post {
                success {
                    ontrackValidate(
                        project: 'POC',
                        branch: "NodeJS-Demo",
                        build: "${env.BUILD_ID}",
                        validationStamp: "sonarqube",
                        buildResult: currentBuild.result,
                        description: "Sonarqube",
                    )
                }
                failure {
                    ontrackValidate(
                        project: 'POC',
                        branch: "NodeJS-Demo",
                        build: "${env.BUILD_ID}",
                        validationStamp: "sonarqube",
                        buildResult: currentBuild.result,
                        description: "Sonarqube",
                    )
                }
            } 
        } 

Any tips to fix this? The Ontrack version is 4.0.1

[dcoraboeuf]

Hi @ortegaantunes ,

This message means that Ontrack could not find any corresponding measure to your build in SonarQube.

The criteria used to find measures in SonarQube are:

• the project key: you've put ontrack_poc which is a bit surprising, since a SonarQube project key usually looks like group:artifact (for example: net.nemerosa:ontrack) - can you check this?
• the branch - it's either the Git branch associated with your Ontrack branch if defined, or the Ontrack branch name (NodeJS-Demo in your case)
• the version in SonarQube - either the release label in Ontrack if defined, or the build name

I suspect that in your case, the project key is wrong, but it's difficult for me to assert without more detail.

It does not prevent the fact that the Ontrack documentation lacks information in many respects. It's actually there but under refactoring and I'll use this very issue to restore it asap.

Just some side remarks:

• integration between Jenkins & Ontrack is really easier if you're using the https://github.com/nemerosa/ontrack-jenkins-cli-pipeline/ pipeline library and the default settings are enough in most of cases (remark: as of today, this pipeline library supports only GitHub as a SCM, but others are planned, Bitbucket, GitLab)
• in your Jenkinsfile you can put the ontrackValidate step in the same always post action.

[ortegaantunes]

Hi @dcoraboeuf

I'll check the project key. I think that the "groupId" is generated when you have used Maven to build the project, right? So, I can be wrong, it is just an idea. I have been trying to test the Ontrack Library in parallel, but currently, my SCM is Bitbucket. I will take your tip, and improve the post action.

[dcoraboeuf]

Yes, the project key in SonarQube should be generated from your groupId and artifactId if you're using Maven.

About the Jenkins library to support Bitbucket, I can do that quickly. I've created ontrack-jenkins-cli-pipeline#14 (Bitbucket Cloud) and ontrack-jenkins-cli-pipeline#15 (Bitbucket Cloud)

[ortegaantunes]

Ya, the question is I'm not using Maven. I'll try to use the frontend-maven-plugin to my NodeJS project, but would nice to have examples using, npm, nuget etc =)

[ortegaantunes]

@dcoraboeuf all tests without success. I also did another installation to SonarQube, to ensure that the communication and auth has been working OK. Are there specific log or screenshot that I can send to you? I need to consider Sonar analysis which are non-Maven project.

[dcoraboeuf]

@ortegaantunes , would it be possible to get access to your Jenkinsfile maybe after you obfuscate some elements? And also the configuration for Ontrack, some screenshots of the SQ configuration? The SQ config at project & settings level, I already have in this ticket.

BTW, there is no reason why you should not succeed in dealing with non-Maven projects. I've used Ontrack & SonarQube for Gradle, NodeJS, Go, etc. projects.

[ortegaantunes]

For sure. I'll send to you on your email.

Yes. I'm agree with you, I think it is pretty simple, and maybe it can be my mistake.

Thanks a lot for helping me.

[dcoraboeuf]

You're welcome. The main difficulty is to align the way Ontrack looks for the information of a given build in SonarQube. The API of SonarQube is not the simplest and easiest to understand...

[dcoraboeuf]

Once you can use the https://github.com/nemerosa/ontrack-jenkins-cli-pipeline/ library (after nemerosa/ontrack-jenkins-cli-pipeline#15 is fixed for your case) you'll get some configuration out of the box, without having to do it yourself.

[dcoraboeuf]

Attachments received via email, thanks.

[ortegaantunes]

I sent the email to you. Ok let's try the cli/library as soon it is available.

[dcoraboeuf]

Hi @ortegaantunes , sorry for the delay (I'm pretty busy at work and also not at work).

I see in the different documents that your project (in Ontrack) is configured to use ontrack_poc as the SQ key. However, in SQ itself, the project key is nodejs (bottom right corner in the screenshot showing the SQ scan).

Both must be aligned so that Ontrack can find its information in SQ. Either you change it in Ontrack or you configure your scan so that the project key is the same than in Ontrack.

Best regards,
Damien

[ortegaantunes]

Hi @dcoraboeuf

Thanks a lot for your time. The keys are the same on both sides. I sent the wrong screenshots for you, sorry. I sent now the correct screenshot in your email.

Rafael