Adding quality gate to Jenkins maven project's build section

Question

I have a Jenkins Maven project that runs a SonarQube analysis for my build. I would like to add quality gate, so that my build fails when quality gate fails. I also would like to do it without Jenkinsfile (so just using Jenkins project configurations). Currently, I use build section to perform SonarQube analysis. The 'Goals and options' field has this code:

clean package -Dmaven.test.skip=true sonar:sonar -Dsonar.projectKey=someName -Dsonar.sources=src/main/java

Here is where I would like quality gate to be defined and implemented:

I tried to add Quality Gate to 'Post Build' section but no available options worked for me (I was thinking to try to make 'SonarQube Analysis with Maven' option to work, but it is deprecated now). I also found 'Quality Gate' plugin available to Jenkins but it has a vulnerability that I do not want to have (but wonder if there are any alternatives to said plugin).

I am thinking that 'Execute SonarQube Scanner' option in 'Pre-Steps' section may do it but I cannot find the right line/lines that I need to add to sonar-project.properties file (is there a line like sonar.qualityGateFailBuild = true option?)

This question here mentioned that Maven version is an issue. Wonder if it is possible to work around it? (My maven version is 3.8.0 and I cannot change it)

Update

Found an 'Post step' section that allows for sonar.property file to be configured. Currently, it looks as below, but Quality Gate still does not fail my build. What other arguments do I need to add?:

Answer 1

After trial and error, I found this post which was a life saver. I had some errors when I tried to use Nanotron's code (last answer), so I have added some adjustments. Here is what worked for me (I used 'Post Steps' --> 'Execute shell command' section of my Jenkins project):

if [ -e tmp.txt ];
then
rm tmp.txt
rm error.txt
rm task.json
fi


url=$(cat $WORKSPACE/[your pathway here]/target/sonar/report-task.txt | grep ceTaskUrl | cut -c11- )
echo ${url}
pswd=${SONAR_AUTH_TOKEN} // env variable that fetches sonar token
curl -s -X GET -u "${pswd}" "$url" | python -m json.tool

stsCheck=1

while [ $stsCheck = 1 ]
do
sleep 10
curl -s -X GET -u "${pswd}" "$url" -o task.json
status=$(python -m json.tool < task.json | grep -i "status" | cut --delimiter=: --fields=2 | sed 's/"//g' | sed 's/,//g' )
echo ${status}

if [ $status = SUCCESS ]; then
analysisID=$(python -m json.tool < task.json | grep -i "analysisId" | cut -c24- | sed 's/"//g' | sed 's/,//g')
analysisUrl="http://my-sonar-server/api/qualitygates/project_status?analysisId=${analysisID}"
echo ${analysisID}
echo ${analysisUrl}

stsCheck=0
fi
done

curl -s -X GET -u "${pswd}" -L $analysisUrl | python -m json.tool
curl -s -X GET -u "${pswd}" -L $analysisUrl | python -m json.tool | grep -i "status" | cut -c28- | sed 's/.$//' >> tmp.txt
cat tmp.txt
sed -n '/ERROR/p' tmp.txt >> error.txt
cat error.txt
if [ $(cat error.txt | wc -l) -eq 0 ]; then
echo "Quality Gate Passed ! Setting up SonarQube Job Status to Success ! "
else
echo "Quality Gate Failed ! Setting up SonarQube Job Status to Failure ! "
exit 1
fi

Answer 2

Here is the most reliable way to achieve this.

You can achieve this using custom script to get the QualityGate status using sonar web api and set the job to be failed and success.

When you run the sonar analysis using maven sonar:sonar, after the analysis is completed report-task.txt will be created in the workspace folder.

Note: The location of the file report-task.txt depends on the tool that was used to generate it (in your case it is gradle). For eg. like The "mvn sonar:sonar" task defaults to "target/sonar". This location is controlled by the "sonar.scanner.metadataFilePath" property

You will get the ceTaskUrl and ceTaskId in report-task.txt. Now, you can use that ceTaskUrl to get the analysisId.

You can use the below web api to get the quality gate status using analysisId.

http://localhost:9000/sonarqube/api/qualitygates/project_status?analysisId=$ANALYSIS_ID