Analyze your repository with Amazon CodeCatalyst
You can integrate SonarQube Cloud analysis into your Amazon CodeCatalyst CI/CD.
To configure an analysis of your project, you should follow the in-product tutorial when creating a new project.
The tutorial will walk you through the precise steps to set up the analysis but the basic steps are these:
- Define the
SONAR_TOKEN
environment variable in your repository by setting up a CodeCatalyst Secret. TheSONAR_TOKEN
identifies and authenticates you to SonarQube Cloud - Define your main branch on SonarQube Cloud to match the one in your repository (unbound projects only)
- Set the essential analysis parameters,
sonar.projectKey
,sonar.organization
, andsonar.host.url
.The tutorial will be populated with the correct values for your specific account. These parameters are set differently depending on your project type:- In the
pom.xml
for Java Maven projects - In the
build.gradle
file for Java Gradle projects - In the SonarScanner command line for .NET projects
- In the
sonar-project.properties
file for other types of projects. You can also add additional analysis parameters to further specify your analysis details (See Analysis Parameters)
- In the
- Create the
.codecatalyst/workflows/build.yml
file that defines the steps of your build. In addition to the usual steps that build your project, you need to invoke the SonarScanner to perform the analysis of your code. This is done differently depending on your project type (detailed below)
Creating a CodeCatalyst Secret
First of all, you need to go to your CodeCatalyst project, navigate to CI/CD → Secrets and create a new secret with the following details:
- In the Name field, enter
SONAR_TOKEN
- In the Value field, enter the token you generated on SonarQube Cloud
Defining your main branch
This step is relevant to manual projects that are not bound to a repository on one of the supported DevOps platforms.
You then need to define your main branch on SonarQube Cloud to match the one in your repository.
To do this, go to the Branches page within your SonarQube Cloud project, and rename it to match the main branch of your repository.
Analyzing a project
Create or update your .codecatalyst/workflows/build.yaml
file.
The following example shows a base configuration to run a SonarQube Cloud analysis on all your branches. If you already have existing workflows, you can simply add some of these new steps to an existing one.
Create a configuration file in the root directory of the project and name it sonar-project.properties
.
Analyzing a Java project with Maven
Update your pom.xml file with the following properties:
Create or update your .codecatalyst/workflows/build.yaml
file.
The following is a base configuration to run a SonarQube Cloud analysis on all your branches. If you already have existing workflows, you can simply add some of these new steps to an existing one.
Analyzing a Java project with Gradle
Update your build.gradle
file with the org.sonarqube
plugin and its configuration:
Create or update your .codecatalyst/workflows/build.yaml
file.
Here is a base configuration to run a SonarQube Cloud analysis on all your branches. If you already have existing workflows, you might want to just add some of these new steps to an existing one.
Analyzing a .NET solution
Create or update your .codecatalyst/workflows/build.yaml
file.
The following is a base configuration to run a SonarQube Cloud analysis on all your branches. If you already have existing workflows, you might want to just add some of these new steps to an existing one.
Replace <insert_your_clean_build_command> with the actual one.
Failing the workflow when the SonarQube Cloud Quality Gate fails
In order for the workflow to fail in CodeCatalyst when the Quality Gate fails on the SonarQube Cloud side, the SonarScanner needs to wait for the report and Quality Gate status to be processed by SonarQube Cloud. To enable this feature, set the sonar.qualitygate.wait=true
parameter in your workflow definition.
You can also set the sonar.qualitygate.timeout
property to a maximum amount of time (in seconds) that the SonarScanner should wait for a report to be processed. The default is 300 seconds. Reaching this timeout will count as a failure and stop the CodeCatalyst workflow.
Was this page helpful?