Quality Gate Failure in SonarQube does not fail the build in Teamcity

Question

I set up a Build project in TeamCity and integrated Sonarqube with it. The project is getting build and even publish the report successfully in SonarQube console. But when the quality gate fails, it's not breaking the build. I searched and read about the build breaker, but its already supported with Sonarqube plugin of TeamCity as this document https://confluence.jetbrains.com/display/TW/SonarQube+Integration

Am I missing something to configure/or any gotcha? I tried to search a lot but didn't find any sort of proper documentation or lead on that.

Answer 1

In my scenario CI is Github actions , irrespective of any CI tool sonar's status (Red/Green) of quality gates should be sent to your CI. you can browse the report status at this url http://:/api/ce/task?id= one report are generated . you have to run this script after reports are generated to check the status and fail the job if SQ fail

Answer 2

I managed to fail the build based on Quality Gate settings using the sonar.qualitygate.wait=true parameter.

There's an example on their GitLab pipeline sample page: https://docs.sonarqube.org/latest/analysis/gitlab-cicd/

Answer 3

Follow below post that might help you.

https://docs.sonarqube.org/display/SONARQUBE45/Build+Breaker+Plugin

run your sonarqube task with the attribute "sonar.buildbreaker.skip".

eg: gradle clean build sonarqube publish -Dsonar.buildbreaker.skip=false

Answer 4

SonarQube plugin doesn't break the build when quality gate has failed. Why? Everything is described here: Why You Shouldn't Use Build Breaker

The main conclusion is:

[...] SonarSource doesn't want to continue the feature. [...]

Once we started using wallboards we stopped using the Build Breaker plugin, but still believed that using it was an okay practice. And then came SonarQube 5.2, which cuts the connection between the analyzer and the database. Lots of good things came with that cut, including a major change in architecture: analysis of source code is done on the analyzer side and all aggregate number computation is now done on the server side. Which means… that the analyzer doesn't know about the Quality Gate anymore. Only the server does, and since analysis reports are processed serially, first come first served, it can take a while before the Quality Gate result for a job is available.

In other words, from our perspective, the Build Breaker feature doesn't make sense anymore.

You have to verity quality gate status by your own. You can read how to do it here: Access quality gate status from sonarqube api

---

The answer to xpmatteo question:

Am I the only one that finds it difficult to understand what the quoted explanation means?

You have two tools. SonarScanner and SonarQube.

1) SonarScanner is executed on CI servers. It analyses source code and pushes analysis results to SonarQube sever.

2) SonarQube server processes data and knows if the new changes pass Quality Gates.

SonarScanner has no idea about the final result (pass or doesn't pass), so it cannot fail the build (it had such information before SQ 5.2, because it was processing all data and pushing only results to databases). It means the Build Breaker plugin has nonsense, because it won't work due to the current design. After executing the SonarScanner you have to poll the server and check the Quality Gates status. Then you may decide if the build should fail or not.

Answer 5

Yeah I have to write a custom script using exit status to break the build. I used API to analyse the status of QG.

PROJECTKEY="%teamcity.project.id%"
QGSTATUS=`curl -s -u  SONAR_TOKEN: http://SONAR_URL:9000/api/qualitygates/project_status?projectKey=$PROJECTKEY | jq '.projectStatus.status' | tr -d '"'`
if [ "$QGSTATUS" = "OK" ]
then
exit 0
elif [ "$QGSTATUS" = "ERROR" ]
then
exit 1
fi