AWS Elastic BeanStalk CI/CD with GitHub Actions - SONAR Cloud Integration
Setup SONAR Cloud and integrate it as part of CI/CD pipeline using GitHub Actions.
This article is a follow-up to the first part of an article.
In the second part of the article, we will integrate the SONAR cloud in our CI/CD workflow created via GitHub actions. We will try to replicate by creating small bugs in code, so we can cause Sonar Cloud Scanner to fail, causing CI/CD workflow to fail.
SonarCloud is the leading online service to catch Bugs and Security Vulnerabilities in your Pull Requests or throughout your code repositories.
Agenda
- Setup SONAR Cloud Account.
- Setup Github Actions Workflow Step.
- Custom Quality Gate For Failure Simulation.
- Break CI/CD Pipeline in case of Quality Gate Failure.
Pre-requisites
- GitHub Actions CI/CD Workflow. (I suggest following the first part of an article over here)
Setup SONAR Cloud Account.
- Visit sonarcloud.io
- Connect with one of the Git Hosting services of your choice, we will be using GitHub as we have our code hosted there. Perform Authorization when asked, so it can fetch repositories if required and perform analysis.
- Click on Analyze new Project or visit sonarcloud.io/projects/create directly
We will first time manually scan from our Github Repository, by clicking "Import an Organization from Github"
Here it will allow us to select a repository of our choice to be analyzed, which in this case is eb-java-ci-cd.
- Setup a new organization, give the name of your choice, and remember it :)
- Select Free Plan and Create Organization. Reselect the same Repositories and Click Setup
- This will trigger SONAR Analysis.
- Report will be shown once the analysis is done, we don't have much code to analyze as of now.
- One thing you can see below is Quality Gate is not activated because we have not set up Code Definition which specifies if the New code is deployable or not.
We will click on Set New Code Definition, here you can specify how your Quality gate should analyze like based on days, dates, or on the addition of new code. Latter is the most preferred way, we will select that. The next run would perform analysis and the Quality gate will be computed.
Setup Github Actions Workflow Step
We will now set up SONAR Analysis to be triggered as a part of our Github CI/CD Pipeline, this is quite straightforward, click on Setup CI-based analysis on the summary page of your project
- There is a lot of analysis method provided, we would go with Recommended way of Github Actions.
- Capture the
SONAR_TOKENvalue and keep it handy, we will add that as Github Secrets later so we have permission to trigger analysis on our code via Github actions Workflow.
- Select Build tool, we are going ahead with
Maven. - This will help us generate a few maven properties which our
sonar-maven-pluginwill use during analysis and also help generate steps to trigger SONAR Cloud analysis for Github Actions as below.
- Also make sure to disable Automatic Analysis.
We will now add Github Secret named
SONAR_TOKENwith the value we captured earlier against our repository as below
We now have 3 Github Secrets including AWS one set up in the previous article.
- Update Github actions workflow with required steps as mentioned, also I put additional needs in the deploy job, so if analysis fails we won't do the deployment. We will cover how to set up later in the article.
- Validate YAML markup of your workflow to avoid any breaks using yamllint.com
- Update your pom.xml to include properties requested and add the maven sonar plugin.
- As soon as we commit changes to our main branch, it triggers the workflow.
- We can see quality gate passed on the new trigger, the workflow was successful as well with AWS EB deployment done as SONAR analysis passed.
Custom Quality Gate For Failure Simulation
By default Quality Gate against which code is validated is the default one which has the most basic things covered. If you go to your Quality gates under administration, you will see Sonar way as the default Quality Gate.
We don't have much code to analyze, so we will set up Custom Quality Gate which will be marked as Failed if we have a Major Issue.
So just click on Copy of default Quality Gate, named it anything, we are naming Custom. We will also add a new Condition that if Major Issues > 0, mark it as Failure. Also, set it as Default.
To reproduce Quality Gate Failure, we will just add an Unused Variable in our code, so as to cause Quality Gate to fail as below
Commit code, and let Github Action workflow trigger automatically.
Now if we see Quality Gate was marked as Failure, due to introduction of Major Issue being found as per Custom Quality Gate setup.
However, we see Github Action workflow still deployed code, even if SONAR Analysis Quality Gate failed.
So we need to tell the Github Action Workflow step to fail if Quality Gate to Fail step in case of failure by just adding the below parameter (-Dsonar.qualitygate.wait=true) to our SONAR plugin step in the Github Workflow file as below.
Once added, manually trigger the workflow. Now if we see SONAR analysis failed, we can see errors in logs too. Also, Deploy to Elastic Beanstalk was skipped as it was dependent on the SONAR analysis job.
Quality Gate Failure Error in Logs
Voila, we have built end to end CI/CD pipeline with Code analysis integrated.
We can just remove an unused variable, and let workflow re-trigger to result in a successful CI/CD pipeline.
Resources
Thank you for reading, If you have reached it so far, please like the article, It will encourage me to write more such articles. Do share your valuable suggestions, I appreciate your honest feedback and suggestions!