launch a sonar analysis for the code of a pullRequest with Jenkinsfile and maven

Question

Currently on my project, each pull-Request on the organization-repository are build automatically by Jenkins, as specified in a jenkinsfile. When the build end, a message in send by Jenkins to github with the status of the build of this project.

I want to send a Sonar analyse to the conversation of the pull-request, but only for the file/code who have been updated by the pull request.

info for the bounty:

• It need to use a jenkinsFile (adding a full jenkinsfile in your response will be appreciate)
• the result should appear in the pullRequest page of github only for the code updated by the pullRequest.

Answer 1

As you haven't received an answer in 10 months i am going to help where i can Here is my working example for GitLab but you should be able to change this as the plugins are similar (https://wiki.jenkins.io/display/JENKINS/GitHub+Plugin#GitHubPlugin-Settingcommitstatus):

#!groovy

pipeline {
    options {
        buildDiscarder(
            logRotator(artifactDaysToKeepStr: '21', artifactNumToKeepStr: '4', daysToKeepStr: '21', numToKeepStr: '4')
        )
        gitLabConnection('GitLab')
    }

    agent any
    tools {
        maven 'Default Maven'
        jdk 'DefaultJDK'
    }

    stages {
        stage('Build') {
            steps {
                sh "mvn clean install -U"
            }
        }

        stage('Source Code Analysis') {
            steps {
                withMaven() {
                    sh "mvn " +
                        "-Dsonar.branch='${env.BRANCH_NAME}' " +
                        "-Dsonar.analysis.mode=preview " +
                        "-Dsonar.gitlab.commit_sha=\$(git log --pretty=format:%H origin/master..'${env.BRANCH_NAME}' | tr '\\n' ',') " +
                        "-Dsonar.gitlab.ref_name='${env.BRANCH_NAME}' " +
                        "sonar:sonar"
                }
                withMaven() {
                    sh "mvn -Dsonar.branch='${env.BRANCH_NAME}' sonar:sonar"
                }
            }
        }
    }

    post {
        success {
            echo 'posting success to GitLab'
            updateGitlabCommitStatus(name: 'jenkins-build', state: 'success')
        }
        failure {
            echo 'posting failure to GitLab'
            updateGitlabCommitStatus(name: 'jenkins-build', state: 'failed')
        }
        always {
            deleteDir()
        }
    }
}

This includes various bits but covers what you are trying to do, the sonar analysis occurs in two parts preview (which comments on the commit and these comments are transferred to a merge request when opened) and then a normal analysis afterwords

Within the project pom i also have defined:

<sonar.gitlab.project_id>${gitlab.project_id}</sonar.gitlab.project_id>
<sonar.gitlab.unique_issue_per_inline>true</sonar.gitlab.unique_issue_per_inline>
<sonar.gitlab.user_token>GITLAB_USER_TOKEN</sonar.gitlab.user_token>
<sonar.gitlab.url>${git.hostname.url}</sonar.gitlab.url>

If you add these and replace the missing bits i believe this will solve your issue.

Edit: I believe you need the following options for github instead of the GitLab one:

-Dsonar.analysis.mode=preview \
-Dsonar.github.pullRequest=$PULL_REQUEST_ID \
-Dsonar.github.repository=myOrganisation/myProject \
-Dsonar.github.oauth=$GITHUB_ACCESS_TOKEN \
-Dsonar.host.url=https://server/sonarqube \
-Dsonar.login=$SONARQUBE_ACCESS_TOKEN

Answer 2

It looks like your mvn sonar command is missing the GitHub oauth token parameter as noted in the sonar documentation. This GitHub article will step you through how to generate this token. Once it is generated, you can add it to your command (i.e. -Dsonar.github.oauth=your token).