Virendra Oswal
Virendra Oswal's Blog

Virendra Oswal's Blog

AWS Elastic BeanStalk CI/CD with GitHub Actions - SONAR Cloud Integration

AWS Elastic BeanStalk CI/CD with GitHub Actions - SONAR Cloud Integration

Setup SONAR Cloud and integrate it as part of CI/CD pipeline using GitHub Actions.

Virendra Oswal's photo
Virendra Oswal
·Apr 30, 2022·

5 min read

Subscribe to my newsletter and never miss my upcoming articles

This article is a follow-up to the first part of an article.

In the second part of the article, we will integrate the SONAR cloud in our CI/CD workflow created via GitHub actions. We will try to replicate by creating small bugs in code, so we can cause Sonar Cloud Scanner to fail, causing CI/CD workflow to fail.

SonarCloud is the leading online service to catch Bugs and Security Vulnerabilities in your Pull Requests or throughout your code repositories.

Agenda

  • Setup SONAR Cloud Account.
  • Setup Github Actions Workflow Step.
  • Custom Quality Gate For Failure Simulation.
  • Break CI/CD Pipeline in case of Quality Gate Failure.

Pre-requisites

  • GitHub Actions CI/CD Workflow. (I suggest following the first part of an article over here)

Setup SONAR Cloud Account.

  • Visit sonarcloud.io
  • Connect with one of the Git Hosting services of your choice, we will be using GitHub as we have our code hosted there. Perform Authorization when asked, so it can fetch repositories if required and perform analysis. 1.JPG
  • Click on Analyze new Project or visit sonarcloud.io/projects/create directly
  • We will first time manually scan from our Github Repository, by clicking "Import an Organization from Github"

  • Here it will allow us to select a repository of our choice to be analyzed, which in this case is eb-java-ci-cd.

  • Setup a new organization, give the name of your choice, and remember it :)
  • Select Free Plan and Create Organization. Reselect the same Repositories and Click Setup 2.JPG 3.JPG
  • This will trigger SONAR Analysis. 4.JPG
  • Report will be shown once the analysis is done, we don't have much code to analyze as of now.
  • One thing you can see below is Quality Gate is not activated because we have not set up Code Definition which specifies if the New code is deployable or not. 6.JPG

We will click on Set New Code Definition, here you can specify how your Quality gate should analyze like based on days, dates, or on the addition of new code. Latter is the most preferred way, we will select that. The next run would perform analysis and the Quality gate will be computed. 8.JPG

Setup Github Actions Workflow Step

We will now set up SONAR Analysis to be triggered as a part of our Github CI/CD Pipeline, this is quite straightforward, click on Setup CI-based analysis on the summary page of your project

  • There is a lot of analysis method provided, we would go with Recommended way of Github Actions. 9.JPG
  • Capture the SONAR_TOKEN value and keep it handy, we will add that as Github Secrets later so we have permission to trigger analysis on our code via Github actions Workflow. 10-blur.png
  • Select Build tool, we are going ahead with Maven.
  • This will help us generate a few maven properties which our sonar-maven-plugin will use during analysis and also help generate steps to trigger SONAR Cloud analysis for Github Actions as below.

11.JPG

  • Also make sure to disable Automatic Analysis.

12.JPG

  • We will now add Github Secret named SONAR_TOKEN with the value we captured earlier against our repository as below 13-blur.png

  • We now have 3 Github Secrets including AWS one set up in the previous article. 13-1.JPG

  • Update Github actions workflow with required steps as mentioned, also I put additional needs in the deploy job, so if analysis fails we won't do the deployment. We will cover how to set up later in the article. 14.JPG
  • Validate YAML markup of your workflow to avoid any breaks using yamllint.com
  • Update your pom.xml to include properties requested and add the maven sonar plugin. 15.JPG 16.JPG
  • As soon as we commit changes to our main branch, it triggers the workflow.
  • We can see quality gate passed on the new trigger, the workflow was successful as well with AWS EB deployment done as SONAR analysis passed. 17.JPG 18.JPG

Custom Quality Gate For Failure Simulation

By default Quality Gate against which code is validated is the default one which has the most basic things covered. If you go to your Quality gates under administration, you will see Sonar way as the default Quality Gate.

19.JPG

We don't have much code to analyze, so we will set up Custom Quality Gate which will be marked as Failed if we have a Major Issue. So just click on Copy of default Quality Gate, named it anything, we are naming Custom. We will also add a new Condition that if Major Issues > 0, mark it as Failure. Also, set it as Default. 20.JPG

To reproduce Quality Gate Failure, we will just add an Unused Variable in our code, so as to cause Quality Gate to fail as below 21.JPG

Commit code, and let Github Action workflow trigger automatically. Now if we see Quality Gate was marked as Failure, due to introduction of Major Issue being found as per Custom Quality Gate setup. 22.JPG

23.JPG

However, we see Github Action workflow still deployed code, even if SONAR Analysis Quality Gate failed. 23-1.JPG

So we need to tell the Github Action Workflow step to fail if Quality Gate to Fail step in case of failure by just adding the below parameter (-Dsonar.qualitygate.wait=true) to our SONAR plugin step in the Github Workflow file as below. 24.JPG

Once added, manually trigger the workflow. Now if we see SONAR analysis failed, we can see errors in logs too. Also, Deploy to Elastic Beanstalk was skipped as it was dependent on the SONAR analysis job. 25.JPG

Quality Gate Failure Error in Logs 26.JPG

Voila, we have built end to end CI/CD pipeline with Code analysis integrated.

We can just remove an unused variable, and let workflow re-trigger to result in a successful CI/CD pipeline. 27.JPG

Resources

Thank you for reading, If you have reached it so far, please like the article, It will encourage me to write more such articles. Do share your valuable suggestions, I appreciate your honest feedback and suggestions!

I would love to connect with you at Twitter | LinkedIn.

 
Share this