SonarCloud | Advanced setup | CI-based analysis | Amazon CodeCatalyst

Was this page helpful?

On this page

Creating a CodeCatalyst Secret Defining your main branch Analyzing a project Analyzing a Java project with Maven Analyzing a Java project with Gradle Analyzing a .NET solution Failing the workflow when the SonarCloud Quality Gate fails
Start FreeLog in

Analyze your repository with Amazon CodeCatalyst

You can integrate SonarCloud analysis into your Amazon CodeCatalyst CI/CD. 

To configure an analysis of your project, you should follow the in-product tutorial when creating a new project.

The tutorial will walk you through the precise steps to set up the analysis but the basic steps are these:

  • Define the SONAR_TOKEN environment variable in your repository by setting up a CodeCatalyst Secret. The SONAR_TOKEN identifies and authenticates you to SonarCloud
  • Define your main branch on SonarCloud to match the one in your repository (unbound projects only)
  • Set the essential analysis parameters, sonar.projectKeysonar.organization, and sonar.host.url.The tutorial will be populated with the correct values for your specific account. These parameters are set differently depending on your project type:
        • In the pom.xml for Java Maven projects
        • In the build.gradle file for Java Gradle projects
        • In the SonarScanner command line for .NET projects
        • In the sonar-project.properties file for other types of projects. You can also add additional analysis parameters to further specify your analysis details (See Analysis Parameters)
  • Create the .codecatalyst/workflows/build.yml file that defines the steps of your build. In addition to the usual steps that build your project, you need to invoke the SonarScanner to perform the analysis of your code. This is done differently depending on your project type (detailed below)

Creating a CodeCatalyst Secret

First of all, you need to go to your CodeCatalyst project, navigate to CI/CD → Secrets and create a new secret with the following details:

  • In the Name field, enter SONAR_TOKEN
  • In the Value field, enter the token you generated on SonarCloud

Defining your main branch

You then need to define your main branch on SonarCloud to match the one in your repository. 

To do this, go to the Branches page within your SonarCloud project, and rename it to match the main branch of your repository. 

Analyzing a project

Create or update your .codecatalyst/workflows/build.yaml file.

The following example shows a base configuration to run a SonarCloud analysis on all your branches. If you already have existing workflows, you can simply add some of these new steps to an existing one.

Name: SonarCloudAnalysis
SchemaVersion: "1.0"

Triggers:
  - Type: Push
Actions:
  GitHubActions_fa:
    Identifier: aws/github-actions-runner@v1.0.0
    Inputs:
      Sources:
        - WorkflowSource
    Compute:
      Type: EC2

    Configuration:
      Steps:
        - name: SonarCloud Scan
          uses: SonarSource/sonarcloud-github-action@master
          env:
            SONAR_TOKEN: ${Secrets.SONAR_TOKEN}
          with:
            args: >
              -Dsonar.branch.name=${WorkflowSource.BranchName}

Create a configuration file in the root directory of the project and name it sonar-project.properties.

sonar.projectKey=your-project-key
sonar.organization=your-organization-key

# This is the name and version displayed in the SonarCloud UI.
#sonar.projectName=csharp-my-app
#sonar.projectVersion=1.0

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
#sonar.sources=.
sonar.exclusions=venv/**

# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

Analyzing a Java project with Maven

Update your pom.xml file with the following properties:

<properties>
  <sonar.projectKey>your-project-key</sonar.projectKey>
  <sonar.organization>your-organization-key</sonar.organization>
  <sonar.host.url>https://sonarcloud.io</sonar.host.url>
</properties>

Create or update your .codecatalyst/workflows/build.yaml file. 

The following is a base configuration to run a SonarCloud analysis on all your branches. If you already have existing workflows, you can simply add some of these new steps to an existing one.

Name: SonarCloudAnalysis
SchemaVersion: "1.0"

Triggers:
  - Type: PUSH
Actions:
  Analysis:
    Identifier: aws/build@v1.0.0
    Inputs:
      Sources:
        - WorkflowSource
      Variables:
      - Name: SONAR_TOKEN
        Value: ${Secrets.SONAR_TOKEN}
    Compute:
      Type: EC2

    Configuration:
      Steps:
        - Run: mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.branch.name=${WorkflowSource.BranchName}

Analyzing a Java project with Gradle

Update your build.gradle file with the org.sonarqube plugin and its configuration:

plugins {
  id "org.sonarqube" version "4.2.1.3168"
}

sonar {
  properties {
    property "sonar.projectKey", "your-project-key"
    property "sonar.organization", "your-organization-key"
    property "sonar.host.url", "https://sonarcloud.io"
  }
}

Create or update your .codecatalyst/workflows/build.yaml file. 

Here is a base configuration to run a SonarCloud analysis on all your branches. If you already have existing workflows, you might want to just add some of these new steps to an existing one.

Name: SonarCloudAnalysis
SchemaVersion: "1.0"

Triggers:
  - Type: PUSH
Actions:
  Analysis:
    Identifier: aws/build@v1.0.0
    Inputs:
      Sources:
        - WorkflowSource
      Variables:
      - Name: SONAR_TOKEN
        Value: ${Secrets.SONAR_TOKEN}
    Compute:
      Type: EC2

    Configuration:
      Steps:
        - Run: ./gradlew build sonar -Dsonar.branch.name=${WorkflowSource.BranchName}

Analyzing a .NET solution

Create or update your .codecatalyst/workflows/build.yaml file. 

The following is a base configuration to run a SonarCloud analysis on all your branches. If you already have existing workflows, you might want to just add some of these new steps to an existing one.

Name: SonarCloudAnalysis
SchemaVersion: "1.0"

Triggers:
  - Type: PUSH
Actions:
  Analysis:
    Identifier: aws/build@v1.0.0
    Inputs:
      Sources:
        - WorkflowSource
    Compute:
      Type: EC2

    Configuration:
      Steps:
        - Name: Install SonarCloud scanner
          Run: dotnet tool install --global dotnet-sonarscanner
        - Name: Build and analyze
          Run: |
            dotnet sonarscanner begin /k:"manualorgcc_dotnetcc" /o:"manualorgcc" /d:sonar.token="${Secrets.SONAR_TOKEN}" /d:sonar.host.url="https://sonarcloud.io"
            <insert_your_clean_build_command>
            dotnet sonarscanner end /d:sonar.token="${Secrets.SONAR_TOKEN}"

Replace <insert_your_clean_build_command> with the actual one.

Failing the workflow when the SonarCloud Quality Gate fails

In order for the workflow to fail in CodeCatalyst when the Quality Gate fails on the SonarCloud side, the SonarScanner needs to wait for the report and Quality Gate status to be processed by SonarCloud. To enable this feature, set the sonar.qualitygate.wait=true parameter in your workflow definition. 

(...)
    Configuration:
      Steps:
        - Run: mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.branch.name=${WorkflowSource.BranchName} -Dsonar.qualitygate.wait=true

You can also set the sonar.qualitygate.timeout property to a maximum amount of time (in seconds) that the SonarScanner should wait for a report to be processed. The default is 300 seconds. Reaching this timeout will count as a failure and stop the CodeCatalyst workflow.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License