Jenkins和SonarQube Scanner配置可脱机工作

Question

I have the following situation:

Server Configuration: Jenkins ver. 2.7.1, SonarQube Plugin 2.4.4

My jobs are using SonarQube to check some quality measures. SonarQube Server is well configured in Jenkins and it was working well.

Till now I used SonarQube Scanner as a post build step, but now it is deprecated to do so.

Then I change this to build step and ...

... after configuring SonarQube Scanner build step

SonarCube Scanner Configuration

, I started job build, then I got:

Skipping installation of https://repo1.maven.org/maven2/org/sonarsource/scanner/cli/sonar-scanner-cli/2.6.1/sonar-scanner-cli-2.6.1.zip to /.../.jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/Sonar_Runner: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.0 403 Forbidden"
------------------------------------------------------------------------
SONAR ANALYSIS FAILED
------------------------------------------------------------------------
FATAL: SonarQube Scanner executable was not found for Sonar Runner
Build step 'Execute SonarQube Scanner' marked build as failure

OK. That is true. It is not allowed to download anything from Internet direct to the Build Server.

On the page Analyzing with SonarQube Scanner there is nothing about this kind of automatic download made in the background and how to configure it.

Here are all SonarCube options I see in Jenkins:

    SonarQube servers

    Environment variables
    SonarQube installations

    Name
    Server URL
    Server version
    Server authentication token
    SonarQube account login
    SonarQube account password
    Version of sonar-maven-plugin
    Additional arguments
    Additional analysis properties
    Database URL
    Database login
    Database password

    Skip if triggered by SCM Changes
    Skip if triggered by the build of a dependency
    Skip if environment variable is defined and set to true

I tried to set proxy as JAVA_OPTS or as environment variable, but it does not help, and anyhow I would not be very happy about that.

Had someone found a way to use SonarQube Scanner offline?

Remark: Setting up normal maven build step with sonar:sonar is not very comfortable, as every job shall be manually configured and shall explicitly call SonarQube Server (including complete parameterization).

Answer 1

To your question: You can download SonarQube Scanner manually, make it available to Jenkins by dropping it on your Jenkins server/slaves, and in Global configuration ( Jenkins > Manage Jenkins > Configure System ) configure the path to it. You'll see the input to configure the path once you uncheck "Install automatically".

To your situation: If you were previously using the Post Build Action, then you're talking about Maven jobs. You say you don't want to use a standard mvn build step because of the configuration required in each job. I would argue that switching your Maven jobs to use the SonarQube Scanner imposes a far higher configuration burden: now you must configure each analysis property manually, rather than having them read automatically from the pom.

Compared to that,

1. enabling the "Prepare SonarQube Scanner environment" Build Environment option and
2. setting up a mvn build step that looks (literally!) like this sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_AUTH_TOKEN

seems like chicken feed.