I was wondering how to aggregate the SonarQube Maven analysis for multiple jobs in GitLab CI pipelines.
My GitLab CI pipeline builds backend and frontend components in separate jobs (in the same stage). They require different build environments and, hence, they use different images. Skeleton:
build-backend:
image: my-backend-image
stage: build
script:
- mvn xyz verify
build-frontend:
image: my-frontend-image
stage: build
script:
- build-frontend
If I add Sonar scanning to both jobs they would overwrite each others results on SonarQube. Hence, AFAIU I need either
- A way to "aggregate" results from each job i.e. somehow tell Sonar that the backend scan and the frontend scan belong together. I don't see options for that.
- Build a super image that can build both backend and frontend and somehow mingle both builds into the same job. This would have a significant impact on the pipeline as I would loose parallelization.
- Declare all build results in both jobs as GitLab artifacts (we currently do this selectively). This would include Java classes, coverage reports, test reports, etc. . Then introduce an additional job in a later stage that only gets those artifacts and does e.g.
mvn sonar:sonar.
Is there are simpler solution I missed?
Turning my earlier comment into an answer in order to "resolve" this Q.
We have been using option 3 at work and are very pleased with the results. I see three main advantages of this approach:
- It greatly simplifies the actual scanning task (in the additional job).
- It lowers the requirements towards the environment the analysis runs in. All required artifacts are produced by dedicated build jobs.
- It reduces the execution time as - again - artifacts required by SQ already exist.