Blog post

Announcing the SonarQube Cloud Pipe for Bitbucket Cloud users!

Nicolas Bontoux photo

Nicolas Bontoux

Product Marketer

Date

  • SonarQube Cloud
  • Bitbucket
  • Pipelines
  • Announcement

The value of powerful pipelines

At SonarSource, we're continually striving to not only build the most powerful code analyzers that detect bugs and vulnerabilities, but also provide a seamless user experience around it. It's about helping developers focus on what they care about most: coding. Build pipelines should be easy to configure and actionable data presented to developers whenever they open a pull request or push new code.


With this in mind, we're excited to partner with Atlassian, launching Bitbucket Pipes. This solution lets Bitbucket Cloud users more easily configure their pipeline using pre-configured, high-level tasks (so-called Pipes). Code quality analysis is a must for any modern pipeline, and we've therefore partnered to build the SonarQube Cloud Scan Pipe. With this functionality, all Bitbucket Cloud users can set-up the SonarQube Cloud analysis of their code repository in no time.

How it works in practice

Let's look at the scenario where you want to analyze your latest TypeScript (for example) project on SonarQube Cloud. Prior to Bitbucket Pipes, your CI script had to download the Sonar Scanner CLI, extract it and set the correct environment variables - all of this before the actual scan could be triggered to perform the analysis. In Bitbucket Pipelines, the step to run the analysis was usually looking something like this:

definitions:
  steps:
    - step: &build-test-sonarcloud
        name: Build, test and analyze on SonarCloud
        script:
          - export SONAR_SCANNER_VERSION=3.2.0.1227
          - curl -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION.zip
          - export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION
          - rm -rf $SONAR_SCANNER_HOME && mkdir -p $SONAR_SCANNER_HOME
          - unzip $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
          - export PATH=$SONAR_SCANNER_HOME/bin:$PATH
          - sonar-scanner -Dsonar.login=$SONAR_TOKEN


On top of this, you had to make sure that a JRE (Java Runtime Environment) was installed in your Pipelines image - which is probably not the case since you're doing TypeScript in this example. All in all, a lot of boilerplate code and configuration that can be costly to write and maintain over time!


With the new Pipes feature, you can refactor this piece of your bitbucket-pipelines.yml file to make it easier to read and maintain. In "Edit" mode, open the Pipes side panel, search for SonarQube Cloud and click on the "Copy" button to insert the pipe inside your configuration file.


Now, with the SonarQube Cloud Scan Pipe, the step to trigger a SonarQube Cloud analysis within your pipeline is much simpler to describe!


definitions:
  steps:
    - step: &build-test-sonarcloud
        name: Build, test and analyze on SonarCloud
        script:
          - pipe: sonarsource/sonarcloud-scan:0.1.4
            variables:
              SONAR_TOKEN: ${SONAR_TOKEN}


Also, no more JRE installation needed: sweet! An added bonus is there's no need to worry about the internal details of this higher level operation, the SonarQube Cloud Scan Pipe does what you expect: trigger a SonarQube Cloud code analysis on your repository.


Once you've deployed this nice face-lift of your Pipelines configuration, you can keep on enjoying the analysis results on the main page of your repository or on the pull requests. Exactly like before, but with a simpler and smarter way to do it!


A continued partnership

The SonarQube Cloud Scan Pipe for Bitbucket Pipelines is yet another example of how SonarQube Cloud intends to Enhance Your Workflow with Continuous Code Quality. Configuration remains simple thanks to an all-encapsulated Pipe; developers get to stay focused on their code changes and Pull Requests; CI/CD pipeline takes care of the rest. We hope you'll enjoy this new Pipe! And be sure that SonarSource and Atlassian teams will continue working together to allow development teams of all sizes to build and deploy top quality software.


If you are a Bitbucket Cloud user and want to try out the SonarQube Cloud Scan Pipe, the SonarQube Cloud Get started with Bitbucket Cloud guide is the place to start from! For any feedback/question, please come over and join our community forums.

  • 法律文件
  • 信任中心
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA。保留所有权利。SONAR、SONARSOURCE、SONARQUBE、 和 CLEAN AS YOU CODE 是 SonarSource SA 的商标。