mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 235 Wiki Activity
Browse Source

SONAR-12588 Update 'SonarScanner for Jenkins' docs to include configuration of webhook secret validation

tags/8.1.0.31237
MikeBirnstiehl 4 years ago
parent
e7e6956074
commit
33b2f79ff8
1 changed files with 24 additions and 6 deletions
Split View Show Diff Stats
  1. 24
    6
      server/sonar-docs/src/pages/analysis/scan/sonarscanner-for-jenkins.md

+ 24
- 6
server/sonar-docs/src/pages/analysis/scan/sonarscanner-for-jenkins.md View File

@@ -20,10 +20,10 @@ Once the job is complete, the plugin will detect that a SonarQube analysis was m

## Installation
1. [Install the SonarScanner for Jenkins via the Jenkins Update Center](https://plugins.jenkins.io/sonar).
1. Configure your SonarQube server(s)
* Log into Jenkins as an administrator and go to Manage Jenkins > Configure System
* Scroll down to the SonarQube configuration section, click on Add SonarQube, and add the values you're prompted for.
* The server authentication token should be created as a 'Secret Text' credential
1. Configure your SonarQube server(s):
1. Log into Jenkins as an administrator and go to **Manage Jenkins > Configure System**.
1. Scroll down to the SonarQube configuration section, click **Add SonarQube**, and add the values you're prompted for.
1. The server authentication token should be created as a 'Secret Text' credential.

## Analyzing a .NET solution
**Global Configuration**
@@ -42,11 +42,11 @@ If you do not see any available version under Install from GitHub, first go to M
1. Add the SonarQube for MSBuild - End Analysis build steps to your build

## Analyzing a Java project with Maven or Gradle
** Global Configuration**
**Global Configuration**
1. Log into Jenkins as an administrator and go to Manage Jenkins > Configure System
1. Scroll to the SonarQube servers section and check Enable injection of SonarQube server configuration as build environment variables

** Job Configuration**
**Job Configuration**
1. **Configure** the project, and go to the **Build Environment** section.
1. Enable **Prepare SonarScanner environment** to allow the injection of SonarQube server values into this particular job. If multiple SonarQube instances are configured, you will be able to choose which one to use.
Once the environment variables are available, use them in a standard Maven build step (Invoke top-level Maven targets) by setting the Goals to include, or a standard Gradle build step (Invoke Gradle script) by setting the Tasks to execute.
@@ -237,3 +237,21 @@ pipeline {
}
}
```

### Configuring a webhook secret

If you want to verify the webhook payload that is sent to Jenkins, you can add a secret to your webhook on SonarQube.

To set the secret:

1. In Jenkins, navigate to **Manage Jenkins > Configure System > SonarQube Server > Advanced > Webhook Secret** and click the **Add** button.
1. Select **Secret text** and give the secret an ID.
1. Select the secret from the dropdown menu.

If you want to override the webhook secret on a project level, you can add the secret to Jenkins and then reference the secret ID when calling `waitForQualityGate`.

waitForQualityGate(webhookSecretId: 'yourSecretID')
if your pipeline is declarative or

waitForQualityGate webhookSecretId: 'yourSecretID'
if your pipeline is scripted.

Write Preview
Loading…
Cancel
Save