From 657764a332291f18c045fea25887d92388172bc6 Mon Sep 17 00:00:00 2001 From: Kevin Sandi Date: Mon, 22 Nov 2021 17:15:39 -0600 Subject: [PATCH] Feat: Add wait flag for SonarCloud quality gates Add support for wait flag on SonarCloud quality gates, this way jobs won't finish until the quality gate reports back the result during the analysis step, which will fail anytime the quality gate fails. Issue-ID: RELENG-4011 Signed-off-by: Kevin Sandi Change-Id: Idd75faab59e55363d65fc930790336f370ce60d4 --- .jjb-test/lf-maven-jobs/maven-sonarcloud.yaml | 3 +++ docs/jjb/lf-maven-jobs.rst | 4 ++++ jjb/lf-maven-jobs.yaml | 5 +++++ jjb/lf-python-jobs.yaml | 2 ++ .../add-sonarcloud-qualitygate-wait-flag-d402b152fb3e16fe.yaml | 6 ++++++ shell/maven-sonar.sh | 2 ++ 6 files changed, 22 insertions(+) create mode 100644 releasenotes/notes/add-sonarcloud-qualitygate-wait-flag-d402b152fb3e16fe.yaml diff --git a/.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml b/.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml index 8cbed769..fae97296 100644 --- a/.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml +++ b/.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml @@ -14,6 +14,7 @@ sonarcloud-project-organization: ORGANIZATION sonarcloud-api-token: TOKEN scan-dev-branch: false + sonarcloud-qualitygate-wait: false - project: name: example-sonarcloud-with-prescan-script @@ -32,6 +33,7 @@ sonar-prescan-script: | echo "Run script at start of job." scan-dev-branch: false + sonarcloud-qualitygate-wait: false - project: name: example-sonarcloud-verify @@ -48,3 +50,4 @@ sonarcloud-project-organization: ORGANIZATION sonarcloud-api-token: TOKEN scan-dev-branch: true + sonarcloud-qualitygate-wait: true diff --git a/docs/jjb/lf-maven-jobs.rst b/docs/jjb/lf-maven-jobs.rst index 86e586e0..6302864d 100644 --- a/docs/jjb/lf-maven-jobs.rst +++ b/docs/jjb/lf-maven-jobs.rst @@ -41,6 +41,8 @@ Runs Sonar against a Maven project and pushes results to SonarCloud. :sonarcloud-project-organization: SonarCloud project organization. :sonarcloud-api-token: SonarCloud API Token. :sonarcloud-java-version: Version of Java to run the Sonar scan. (default: openjdk11) + :sonarcloud-qualitygate-wait: SonarCloud flag that forces the analysis step to + wait for the quality gate result. (default: false) lf-maven-build -------------- @@ -568,6 +570,8 @@ This job runs on dev branches and its triggered on new patchsets. (default: '') :sonarcloud-api-token: SonarCloud API Token. (default: '') :sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk11) + :sonarcloud-qualitygate-wait: SonarCloud flag that forces the analysis step to + wait for the quality gate result. (default: false) :stream: Keyword that represents a release code-name. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. diff --git a/jjb/lf-maven-jobs.yaml b/jjb/lf-maven-jobs.yaml index 04ae40fa..49d3f3fe 100644 --- a/jjb/lf-maven-jobs.yaml +++ b/jjb/lf-maven-jobs.yaml @@ -1138,6 +1138,7 @@ sonarcloud-project-key: "" sonarcloud-project-organization: "" sonarcloud-api-token: "" + sonarcloud-qualitygate-wait: false # SonarCloud scan using jdk8 will become deprecated by Oct, 2020 # Projects not compatible with jdk11 can set java-version to something else sonarcloud-java-version: openjdk11 @@ -1224,6 +1225,7 @@ sonarcloud-project-organization: "{sonarcloud-project-organization}" sonarcloud-api-token: "{sonarcloud-api-token}" sonarcloud-java-version: "{sonarcloud-java-version}" + sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}" scan-dev-branch: "{scan-dev-branch}" # With SonarQube - conditional-step: @@ -1259,6 +1261,7 @@ sonarcloud-project-organization: "{sonarcloud-project-organization}" sonarcloud-api-token: "{sonarcloud-api-token}" sonarcloud-java-version: "{sonarcloud-java-version}" + sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}" scan-dev-branch: "{scan-dev-branch}" # With SonarQube - conditional-step: @@ -1313,6 +1316,7 @@ API_TOKEN={sonarcloud-api-token} SONARCLOUD_JAVA_VERSION={sonarcloud-java-version} SCAN_DEV_BRANCH={scan-dev-branch} + SONARCLOUD_QUALITYGATE_WAIT={sonarcloud-qualitygate-wait} - lf-provide-maven-settings: global-settings-file: global-settings settings-file: "{mvn-settings}" @@ -1350,6 +1354,7 @@ sonarcloud: true scan-dev-branch: true + sonarcloud-qualitygate-wait: false gerrit_sonar_triggers: - patchset-created-event: diff --git a/jjb/lf-python-jobs.yaml b/jjb/lf-python-jobs.yaml index 6a40d177..5d62828a 100644 --- a/jjb/lf-python-jobs.yaml +++ b/jjb/lf-python-jobs.yaml @@ -255,6 +255,7 @@ sonarcloud-project-key: "" sonarcloud-project-organization: "" sonarcloud-api-token: "" + sonarcloud-qualitygate-wait: false # SonarCloud scan using jdk8 will become deprecated by Oct, 2020 # Projects not compatible with jdk11 can set java-version to something else sonarcloud-java-version: openjdk11 @@ -337,6 +338,7 @@ sonarcloud-project-organization: "{sonarcloud-project-organization}" sonarcloud-api-token: "{sonarcloud-api-token}" sonarcloud-java-version: "{sonarcloud-java-version}" + sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}" scan-dev-branch: "{scan-dev-branch}" # With SonarQube - conditional-step: diff --git a/releasenotes/notes/add-sonarcloud-qualitygate-wait-flag-d402b152fb3e16fe.yaml b/releasenotes/notes/add-sonarcloud-qualitygate-wait-flag-d402b152fb3e16fe.yaml new file mode 100644 index 00000000..116c5476 --- /dev/null +++ b/releasenotes/notes/add-sonarcloud-qualitygate-wait-flag-d402b152fb3e16fe.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add support for wait flag on SonarCloud quality gates, this way jobs + won't finish until the quality gate reports back the result during + the analysis step, which will fail anytime the quality gate fails. diff --git a/shell/maven-sonar.sh b/shell/maven-sonar.sh index 5b460c51..9d130032 100644 --- a/shell/maven-sonar.sh +++ b/shell/maven-sonar.sh @@ -39,9 +39,11 @@ if [ "$SONAR_HOST_URL" = "https://sonarcloud.io" ]; then # shellcheck disable=SC2236 if [ ! -z ${GERRIT_CHANGE_NUMBER+x} ]; then GERRIT_SHORT_LIVED_BRANCH=${GERRIT_CHANGE_NUMBER}-${GERRIT_PATCHSET_NUMBER} + lowercase_SONARCLOUD_QUALITYGATE_WAIT=$(echo "$SONARCLOUD_QUALITYGATE_WAIT" | tr '[:upper:]' '[:lower:]') params+=("-Dsonar.analysis.gerritProjectName=$PROJECT") params+=("-Dsonar.branch.target=$GERRIT_BRANCH") params+=("-Dsonar.branch.name=$GERRIT_SHORT_LIVED_BRANCH") + params+=("-Dsonar.qualitygate.wait=$lowercase_SONARCLOUD_QUALITYGATE_WAIT") fi fi fi -- 2.16.6