/sonarqube-started-kit

Sonarqube smanetting

A docker-compose file to run a Sonarqube server with a Postgres database.

This docker-compose include an instance of Jenkins to run the Sonarqube scanner.

Table of Contents

Prerequisites

Usage

docker-compose up -d

Links

Default credentials

  • Sonarqube: admin/admin
  • Jenkins: admin/password

First Configuration

Sonarqube

First configuration:

  • Login with the default credentials

Login

  • Change the default password

Change Password

Now Sonarqube is ready to use.

Sonarqube Ready

Jenkins

First configuration:

  • Unlock Jenkins

Unlock Jenkins

Show in the log the initial password:

docker logs jenkins | less

Look for the line:

*************************************************************
*************************************************************
*************************************************************
 
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:
 
c061b679107a4893b5383617729b5c6a
 
This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
 
*************************************************************
*************************************************************
*************************************************************

Enter the password and click Continue

Select Install Suggested Plugins on the next page. When Jenkins finishes, it will prompt you for a new admin user and password. Enter a user name and password and click Save and Continue

Install Suggested Plugins

Install Suggested Plugins List Plugin

Create First Admin User

The next page gives you a chance to change the host name of your controller. For this tutorial, you can accept the default and click Save and Finish.

Instance Configuration

Now Jenkins is ready to use. Click Start using Jenkins.

Jenkins Ready

Jenkins Dashboard

Reference

Jenkins Sonarqube Scanner Plugin

You need to install the Sonarqube Scanner plugin in Jenkins.

  • Using the GUI: From your Jenkins dashboard navigate to Manage Jenkins > Manage Plugins and select the Available tab. Locate this plugin by searching for sonar.
  • Using the CLI tool:
    • jenkins-plugin-cli --plugins sonar:2.17.2
  • Using direct upload. Download one of the releases and upload it to your Jenkins instance.

Reference

Configuration

Sonarqube GitHub

Step 1: Create a Github App

  • Go to Github Developer Settings
  • Click on New Github App
  • Fill the form
    • GitHub App name: <name>
    • Homepage URL: https://www.sonarqube.org/
    • Callback URL: http://localhost:9000
    • Create a new client secret
    • Create a new private key
    • Permissions
Type Permission Access
Repository permissions Checks Read & write
Repository permissions Contents Read
Repository permissions Metadata Read
Repository permissions Pull requests Read & write
Organization permissions Members Read
Organization permissions Projects Read
Account permissions Email addresses Read

Step 2: Configure the Github App in Sonarqube

Sonarqube Github Integration

  • Go to DevOps Platform Integrations
  • Click on Create configuration
  • Fill the form
    • Configuration name: <name>
    • GitHub API URL: https://api.github.com (if use GitHub Enterprise, change the URL in https://github.company.com/api/v3)
    • GitHub App ID: <app_id>
    • Client ID: <client_id created at the Step 1>
    • Client Secret: <client_secret created at the Step 1>
    • Private Key: <private_key generated at the Step 1> (.pem)
  • By clicking on Ckeck configuration, it will be possible to check whether the configuration is correct:

Sonarqube Github Integration Check Configuration

Sonarqube Github Integration Check Configuration Success

Step 3: Configure the SonarQube Scanner in Jenkins

  • Install the SonarQube Scanner plugin in Jenkins

Jenkins SonarQube Scanner Plugin

Create a Pipeline Job

Sonarqube Project Configuration

  1. From Jenkins' dashboard, click New Item and create a Pipeline Job.
  2. Under Build Triggers, choose Trigger builds remotely. You must set a unique, secret token for this field.
  3. Under Pipeline, make sure the parameters are set as follows:
    • Definition: Pipeline script from SCM
    • SCM: Configure your SCM. Make sure to only build your main branch. For example, if your main branch is called "main", put "*/main" under Branches to build.
    • Script Path: Jenkinsfile
  4. Click Save.

Create a Github Webhook

Create a Webhook in your repository to trigger the Jenkins job on push. You may skip this step if you already have a Webhook configured.

  1. Go to the GitHub Webhook creation page for your repository and enter the following information: URL: Enter the following URL, replacing the values between *** as needed:
***JENKINS_SERVER_URL***/job/***JENKINS_JOB_NAME***/build?token=***JENKINS_BUILD_TRIGGER_TOKEN***
  1. Under Which events would you like to trigger this webhook? select Let me select individual events and check the following:
  • Pushes
  1. Click Add webhook.

TODO

Step 4: Configure the Project in Sonarqube

Go to Sonarqube Projects

Import from Github:

Sonarqube Project Configuration

If the configuration is correct, the project will be imported:

Select the organization connected to the Github App and the repository:

Sonarqube Project Configuration

Then press the 'Import' button to import the project.

Sonarqube Project Configuration

Click the button "Create Project" to finish the configuration.