SonarQube is an open-source platform for static code analysis, used to verify the technical quality of the source code. The development is managed by sonarsource (Tool website: sonarqube.org). The tool was released in 2007 and was called “Sonar” until the name was changed in 2013.

Homepage: https://www.sonarqube.org/

Doc: https://docs.sonarqube.org/latest/analysis/gitlab-integration/

1. Create Access Token in Gitlab in the Instance, Group or Project
   1. Token name: SonarQube
   2. Scopes: api
   3. Expiration date: empty = no
   4. Role: Reporter

Save the group access token

1. Import GitLab Project into SonarQube
   1. Add Projekt
   2. Enter group access token
2. Select Project you want to add
3. Choose “With GitLab CI” for analyze your repository
4. Project key: Other
5. file: .sonar-project.properties
   • In root dir of the project.
   • Filename: .sonar-project.properties
   • Content:

     sonar.projectKey=<project-name>_<key from sonarqube>
     sonar.qualitygate.wait=false
     sonar.python.version=2

6. Add two vars to Project: Settings→ CI/CD → Variables
   1. key: SONAR_TOKEN
      1. Value: generate token in SonarQube Webinterface
      2. uncheck “Protect Variable”
      3. CHECK “Mask Variable”
   2. key: SONAR_HOST_URL
      1. Value: https://sq.schnuerle.com:9999
      2. Uncheck both: Protect Variable / Mask Variable

1. add sonarqube job in .gitlab-ci.yml

   stages:
    - sonarqube
    
    
   sonarqube_check_job:
     only:
       refs:
         - tags
       variables:
         - $CI_COMMIT_TAG =~ /^[Cc]heck_source-.*$/                                                         # commit tag starts job
     image: 
       name: sonarsource/sonar-scanner-cli:latest
       entrypoint: [""]
     tags:
       - sonarqube-runner
     stage: sonarqube
     variables:
       SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"                                                          # Defines the location of the analysis task cache
       GIT_DEPTH: "0"                                                                                       # Tells git to fetch all the branches of the project, required by the analysis task
     cache:
       key: "${CI_JOB_NAME}"
       paths:
         - .sonar/cache
       script: 
         # we use a wrapper script to detect files without extension - all parameters after the sonar-wrapper are used for the sonar-scanner call
         # additional we configure sonar-scanner to use config file ".sonar-project.properties" (dot)
         # -X is used for sonar-scanner and sonar-wrapper for trace output
         - chmod 0777 .sonar-wrapper
         - ./.sonar-wrapper -X  allow_failure: true
     

We use the .sonar-wrapper script in the project main branch to configure files without extensions