diff --git a/CHANGELOG.md b/CHANGELOG.md index 261ddd7d..60953e3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed +- SonarQube's `analyzeWith(mvn)` credential usage for tokens changed to avoid authentication errors + - With SonarQube 25.x the regular maven goal `sonar:sonar` changed the used authentication style because username/password no longer work. + - Instead, a SonarQube authentication token must be generated on the personal security profile page and used without username. This works best with setting the used credential to the config map entry `token` + ## [4.3.0](https://github.com/cloudogu/ces-build-lib/releases/tag/4.3.0) - 2025-08-21 ### Changed - Updates the BATS shell test image to 1.12 which supports the `--report-formatter` switch diff --git a/README.md b/README.md index de733e9c..43634f34 100644 --- a/README.md +++ b/README.md @@ -850,7 +850,7 @@ sonarQube.analyzeWith(mvn) Recommendation: Use Jenkins' replay feature for this. Then commit the `Jenkinsfile` with `isUsingBranchPlugin`. An alternative is running the first analysis locally, e.g. with maven -`mvn clean install sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=YOUR-ORG -Dsonar.login=YOUR-TOKEN` +`mvn clean install sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=YOUR-ORG -Dsonar.token=YOUR-TOKEN` ## SonarCloud diff --git a/src/com/cloudogu/ces/cesbuildlib/SonarQube.groovy b/src/com/cloudogu/ces/cesbuildlib/SonarQube.groovy index b8e86378..bd1b1931 100644 --- a/src/com/cloudogu/ces/cesbuildlib/SonarQube.groovy +++ b/src/com/cloudogu/ces/cesbuildlib/SonarQube.groovy @@ -174,9 +174,11 @@ class SonarQube implements Serializable { private static abstract class AnalysisStrategy { def script + def useTokenAuth - AnalysisStrategy(script) { + AnalysisStrategy(script, useTokenAuth=false) { this.script = script + this.useTokenAuth = useTokenAuth } abstract executeWith(Maven mvn) @@ -184,7 +186,12 @@ class SonarQube implements Serializable { protected analyzeWith(Maven mvn, String sonarMavenGoal, String sonarHostUrl, String sonarLogin, String sonarExtraProps = '') { - mvn "${sonarMavenGoal} -Dsonar.host.url=${sonarHostUrl} -Dsonar.login=${sonarLogin} ${sonarExtraProps}" + String sonarAuthProperty = "-Dsonar.login=${sonarLogin}" + if (useTokenAuth) { + sonarAuthProperty = "-Dsonar.token=${sonarLogin}" + } + + mvn "${sonarMavenGoal} -Dsonar.host.url=${sonarHostUrl} ${sonarAuthProperty} ${sonarExtraProps}" } } @@ -216,7 +223,7 @@ class SonarQube implements Serializable { String host TokenAnalysisStrategy(script, String tokenCredential, String host) { - super(script) + super(script, true) this.token = tokenCredential this.host = host } diff --git a/test/com/cloudogu/ces/cesbuildlib/SonarQubeTest.groovy b/test/com/cloudogu/ces/cesbuildlib/SonarQubeTest.groovy index 85fcf605..48921814 100644 --- a/test/com/cloudogu/ces/cesbuildlib/SonarQubeTest.groovy +++ b/test/com/cloudogu/ces/cesbuildlib/SonarQubeTest.groovy @@ -39,14 +39,14 @@ class SonarQubeTest { def branchName = 'develop.Or:somehing-completely_.different' scriptMock.env = [ - SONAR_AUTH_TOKEN: 'auth', + SONAR_AUTH_TOKEN: 'sqa_b8a90ec...', BRANCH_NAME : branchName ] sonarQube.analyzeWith(mavenMock) assert mavenMock.args == - 'sonar:sonar -Dsonar.host.url=http://ces/sonar -Dsonar.login=auth ' + 'sonar:sonar -Dsonar.host.url=http://ces/sonar -Dsonar.token=sqa_b8a90ec... ' assertBranchName(branchName, mavenMock) assert scriptMock.actualStringArgs['credentialsId'] == 'secretTextCred' }