MortezaJavadian/.gitlab-ci.yml

## .gitlab-ci.yml
stages:
  - sonar

sonar_scan:
  stage: sonar
  image: sonarsource/sonar-scanner-cli:latest
  variables:
    GIT_DEPTH: "0"
    SONAR_SCANNER_CLI_OPTS: "-Dsonar.projectKey=$SONAR_PROJECTKEY
                             -Dsonar.sources=.
                             -Dsonar.host.url=$SONAR_HOST_URL
                             -Dsonar.token=$SONAR_TOKEN
                             -Dsonar.branch.name=master
                             -Dsonar.exclusions=.git/**/*
                             -Dsonar.telemetry.enabled=false
                             -Dsonar.update.disable=true"
  script:
    - echo "Running Sonar Scanner"
    - sonar-scanner $SONAR_SCANNER_CLI_OPTS

## README.md

      
    Raw
  

              README.md
            
          
    Run SonarQube with PostgreSQL via Docker Compose

Quick setup of SonarQube using Docker Compose.
Requirements

sudo sysctl -w vm.max_map_count=262144
sudo sysctl -p
Start Services

Use this Docker Compose file: sonarqube-docker-compose.yml
sudo docker compose up -d
Access the SonarQube Dashboard

Once your SonarQube container is up and running, you can access the web dashboard via the following URL:
http://localhost:9000

or

http://<YOUR_SONAR_HOST>:9000
Use the default credentials on the first login:

Username: admin
Password: admin

Change the default password after your first login.
Create a Project in SonarQube

You can create a new project locally or by integrating with DevOps platforms (such as GitHub, GitLab, Bitbucket, etc.).
Option 1: Create a Local Project


Navigate to the Projects tab in the SonarQube dashboard.
Click "Create Project", then choose "Local Project".
Enter Project display Name and unique Project Key:
Set your project settings and click Create Project.

Option 2: Import from DevOps Platforms (e.g., GitLab)

Step 1: Configure DevOps Integration in SonarQube


Go to the Administration tab.
Navigate to General Settings → DevOps Platform Integrations.


Under GitLab Configuration, fill in the fields:

Name: A label like GitLab.
GitLab API URL: e.g., https://gitlab.com/api/v4 or http://your-gitlab-server/api/v4.
Personal Access Token: Create this in GitLab (see below).


Create a Personal Access Token in GitLab:


In GitLab, click your profile avatar on the top-right → select Edit Profile.


From the sidebar, click Access Tokens.
Enter a name, select API scope, and click Create Token.


Copy the token (it will only be shown once) and paste it into SonarQube’s GitLab integration form.
Click Save and ensure the configuration is marked as Valid.

Step 2: Import the Project from GitLab


Go back to the Projects tab.
Click "Create Project", then choose "From DevOps Platform (e.g., GitLab)".
Select your GitLab repository from the list.
Set your project settings and click Create Project.


Tip: You can find the Project Key in the "Project Information" tab of the your project in the SonarQube dashboard.

Find Project Key in SonarQube

You need the Project Key whenever you scan this project and send the analysis results to SonarQube.
Steps:


In the SonarQube dashboard, go to Projects and click on your project.
Inside the project, open the Project Information.
On this page, locate the Project Key field.
Copy the value of Project Key and keep it – you will use this value whenever you configure a scanner to analyze this project.


Generate an Authentication Token in SonarQube

To authenticate and send scan reports to SonarQube, you need to create a personal access token.
Steps:


Log into the SonarQube dashboard.
Click on your profile avatar (top-right corner) and select "My Account".


Go to the "Security" tab.
Under "Generate Tokens", generate a token for a project or global.


Copy and save the token. You will need it to authenticate the scanner.


Tokens are shown only once. Make sure to store them securely.

Running the SonarScanner (Manual & CI/CD)

You can run SonarScanner either manually from your terminal or automatically in your CI/CD pipeline.
Manual Scan with Docker

Use the official Docker image of sonar-scanner:
docker run --rm \
  -v "$(pwd):/usr/src" \
  sonarsource/sonar-scanner-cli \
  -Dsonar.projectKey=<YOUR_PROJECT_KEY> \
  -Dsonar.sources=. \
  -Dsonar.host.url=http://<YOUR_SONAR_HOST>:9000 \
  -Dsonar.token=<YOUR_SONAR_TOKEN> \
  -Dsonar.exclusions=.git/**/* \
  -Dsonar.telemetry.enabled=false \
  -Dsonar.update.disable=true
Or you can make a sonar-project.properties file at the project root:
docker run --rm \
  -v "$(pwd):/usr/src" \
  sonarsource/sonar-scanner-cli
SonarScanner will read all settings from sonar-project.properties.

Tip: Replace <YOUR_PROJECT_KEY>, <YOUR_SONAR_HOST> and <YOUR_SONAR_TOKEN> with your real values.

Automated Scan in GitLab CI/CD

Add this job to your .gitlab-ci.yml to trigger analysis on every branch push:

Tip: Add SONAR_PROJECTKEY, SONAR_HOST_URL and SONAR_TOKEN CI/CD Variable in repository of project.

Gitlab CI/CD Variable


Go to Settings → CI/CD → Variables in your GitLab project.


Add the following variables (exact key names):

SONAR_HOST_URL → http://<YOUR_SONAR_HOST>:9000
SONAR_TOKEN → your SonarQube access token
SONAR_PROJECT_KEY → the Project Key of your SonarQube project


Push your code; each branch will automatically be scanned and results uploaded to the SonarQube dashboard.


## docker-compose.yml
services:
  sonarqube:
    image: sonarqube:latest
    container_name: sonarqube
    depends_on:
      - db
    ports:
      - "9000:9000"
    extra_hosts:
      - "gitlab.domain.tld:<YOUR_GITLAB_HOST>"  # if you have domain
    restart: always
    environment:
      - SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonarqube
      - SONAR_JDBC_USERNAME=sonar
      - SONAR_JDBC_PASSWORD=sonar
    volumes:
      - sonarqube_conf:/opt/sonarqube/conf
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_logs:/opt/sonarqube/logs
      - sonarqube_extensions:/opt/sonarqube/extensions

  db:
    image: postgres:latest
    container_name: postgres
    restart: always
    environment:
      - POSTGRES_USER=sonar
      - POSTGRES_PASSWORD=sonar
      - POSTGRES_DB=sonarqube
    volumes:
      - postgresql:/var/lib/postgresql

volumes:
  sonarqube_conf:
  sonarqube_data:
  sonarqube_logs:
  sonarqube_extensions:
  postgresql:

## sonar-project.properties
sonar.projectKey=<YOUR_PROJECT_KEY>
sonar.projectName=<Your Project Name>
sonar.projectVersion=1.0
sonar.sources=.
sonar.exclusions=.git/**/*
sonar.host.url=http://<YOUR_SONAR_HOST>:9000
sonar.token=<YOUR_SONAR_TOKEN>
sonar.telemetry.enabled=false
sonar.update.disable=true
	stages:
	- sonar

	sonar_scan:
	stage: sonar
	image: sonarsource/sonar-scanner-cli:latest
	variables:
	GIT_DEPTH: "0"
	SONAR_SCANNER_CLI_OPTS: "-Dsonar.projectKey=$SONAR_PROJECTKEY
	-Dsonar.sources=.
	-Dsonar.host.url=$SONAR_HOST_URL
	-Dsonar.token=$SONAR_TOKEN
	-Dsonar.branch.name=master
	-Dsonar.exclusions=.git/*/
	-Dsonar.telemetry.enabled=false
	-Dsonar.update.disable=true"
	script:
	- echo "Running Sonar Scanner"
	- sonar-scanner $SONAR_SCANNER_CLI_OPTS
	services:
	sonarqube:
	image: sonarqube:latest
	container_name: sonarqube
	depends_on:
	- db
	ports:
	- "9000:9000"
	extra_hosts:
	- "gitlab.domain.tld:<YOUR_GITLAB_HOST>" # if you have domain
	restart: always
	environment:
	- SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonarqube
	- SONAR_JDBC_USERNAME=sonar
	- SONAR_JDBC_PASSWORD=sonar
	volumes:
	- sonarqube_conf:/opt/sonarqube/conf
	- sonarqube_data:/opt/sonarqube/data
	- sonarqube_logs:/opt/sonarqube/logs
	- sonarqube_extensions:/opt/sonarqube/extensions

	db:
	image: postgres:latest
	container_name: postgres
	restart: always
	environment:
	- POSTGRES_USER=sonar
	- POSTGRES_PASSWORD=sonar
	- POSTGRES_DB=sonarqube
	volumes:
	- postgresql:/var/lib/postgresql

	volumes:
	sonarqube_conf:
	sonarqube_data:
	sonarqube_logs:
	sonarqube_extensions:
	postgresql:
	sonar.projectKey=<YOUR_PROJECT_KEY>
	sonar.projectName=<Your Project Name>
	sonar.projectVersion=1.0
	sonar.sources=.
	sonar.exclusions=.git/*/
	sonar.host.url=http://<YOUR_SONAR_HOST>:9000
	sonar.token=<YOUR_SONAR_TOKEN>
	sonar.telemetry.enabled=false
	sonar.update.disable=true