Add more details

Author: sabollim-silabs

jenkins_integration/Jenkinsfile

@@ -28,9 +28,9 @@ pipeline
                     def sonarCommitSha = ""
 
                     withDockerContainer(image: 'sonarsource/sonar-scanner-cli:latest') {
-                        def sonarResult = pipelineFunctions.publishSonarAnalysis()
+                        def sonarResult = pipelineFunctions.publishSonarAnalysis(false)
 
-                        // Extract results for GitHub reporting
+                        // Extract results for GitHub posting outside Docker
                         staticAnalysisResult = sonarResult.result
                         staticAnalysisStatus = sonarResult.status
                         staticAnalysisOutput = sonarResult.output
@@ -40,7 +40,8 @@ pipeline
                         echo "Static Analysis Status: ${staticAnalysisStatus}"
                         echo "Commit SHA from SonarQube: ${sonarCommitSha}"
                     }
-                    // Send results to GitHub PR only
+                    
+                    // Post to GitHub outside of Docker container
                     try {
                         if (env.CHANGE_ID) {
                             pipelineFunctions.send_sonar_results_to_github(
@@ -50,11 +51,12 @@ pipeline
                                 staticAnalysisOutput,
                                 env.CHANGE_ID,
                                 env.CHANGE_BRANCH,
-                                env.CHANGE_TARGET
+                                env.CHANGE_TARGET,
+                                null  // sonar_token will be fetched from credentials
                             )
                             echo "✅ Posted SonarQube results to GitHub PR #${env.CHANGE_ID}"
                         } else {
-                            echo "ℹ️  Skipping GitHub PR comment (not a PR or bypass enabled)"
+                            echo "ℹ️  Skipping GitHub PR comment (not a PR)"
                         }
                     } catch (Exception githubEx) {
                         echo "❌ Failed to post to GitHub PR: ${githubEx.getMessage()}"

jenkins_integration/github/send_sonar_results_to_github.py

@@ -8,6 +8,7 @@
 import os
 import requests
 import sys
+import re
 from datetime import datetime
 
 def post_pr_comment(github_token, repo_owner, repo_name, pr_number, comment_body):
@@ -61,17 +62,119 @@ def post_commit_status(github_token, repo_owner, repo_name, commit_sha, state, d
         print(f"Response: {response.text}")
         return False
 
-def create_comment_body(result, status, commit_sha, branch_name, target_branch, sonar_output):
+def fetch_sonarqube_quality_gate(sonar_token, sonar_url, project_key, branch_name=None, pr_key=None):
+    """Fetch detailed quality gate information from SonarQube API"""
+    try:
+        headers = {"Authorization": f"Bearer {sonar_token}"}
+        
+        # Build the API URL for quality gate status
+        if pr_key:
+            # For pull requests
+            api_url = f"{sonar_url}/api/qualitygates/project_status?projectKey={project_key}&pullRequest={pr_key}"
+        elif branch_name:
+            # For branches
+            import urllib.parse
+            encoded_branch = urllib.parse.quote(branch_name, safe='')
+            api_url = f"{sonar_url}/api/qualitygates/project_status?projectKey={project_key}&branch={encoded_branch}"
+        else:
+            # Main branch
+            api_url = f"{sonar_url}/api/qualitygates/project_status?projectKey={project_key}"
+        
+        print(f"🔍 Fetching quality gate from: {api_url}")
+        response = requests.get(api_url, headers=headers, timeout=30)
+        
+        if response.status_code == 200:
+            data = response.json()
+            return data.get('projectStatus', {})
+        else:
+            print(f"⚠️  Failed to fetch quality gate details: {response.status_code}")
+            return None
+            
+    except Exception as e:
+        print(f"⚠️  Error fetching quality gate details: {str(e)}")
+        return None
+
+def fetch_sonarqube_measures(sonar_token, sonar_url, project_key, branch_name=None, pr_key=None):
+    """Fetch detailed measures from SonarQube API"""
+    try:
+        headers = {"Authorization": f"Bearer {sonar_token}"}
+        
+        # Metrics we want to fetch
+        metrics = [
+            "new_bugs", "new_vulnerabilities", "new_violations", "new_security_hotspots", 
+            "new_code_smells", "new_coverage", "new_duplicated_lines_density",
+            "new_maintainability_rating", "new_security_rating", "new_lines",
+            "bugs", "vulnerabilities", "violations", "security_hotspots", "code_smells",
+            "coverage", "duplicated_lines_density", "ncloc", "reliability_rating"
+        ]
+        
+        metric_keys = ",".join(metrics)
+        
+        if pr_key:
+            api_url = f"{sonar_url}/api/measures/component?component={project_key}&pullRequest={pr_key}&metricKeys={metric_keys}"
+        elif branch_name:
+            import urllib.parse
+            encoded_branch = urllib.parse.quote(branch_name, safe='')
+            api_url = f"{sonar_url}/api/measures/component?component={project_key}&branch={encoded_branch}&metricKeys={metric_keys}"
+        else:
+            api_url = f"{sonar_url}/api/measures/component?component={project_key}&metricKeys={metric_keys}"
+        
+        print(f"🔍 Fetching measures from: {api_url}")
+        response = requests.get(api_url, headers=headers, timeout=30)
+        
+        if response.status_code == 200:
+            data = response.json()
+            measures = {}
+            for measure in data.get('component', {}).get('measures', []):
+                metric_name = measure['metric']
+                # For "new_" metrics, the value is often in the period object
+                if 'period' in measure and measure['period']:
+                    value = measure['period'].get('value', '0')
+                else:
+                    value = measure.get('value', '0')
+                measures[metric_name] = value
+            return measures
+        else:
+            print(f"⚠️  Failed to fetch measures: {response.status_code}")
+            return {}
+            
+    except Exception as e:
+        print(f"⚠️  Error fetching measures: {str(e)}")
+        return {}
+
+def create_comment_body(status, commit_sha, branch_name, target_branch, sonar_output, quality_gate_details=None, measures=None):
     """Create formatted comment body for GitHub PR"""
 
     # Determine status emoji and text
-    if result == "PASS":
+    if status == "PASSED":
         result_emoji = "✅"
         result_text = "**PASSED**"
     else:
         result_emoji = "❌"
         result_text = "**FAILED**"
 
+    # Use measures if available, otherwise show N/A
+    default_metrics = {
+        'new_lines': 'N/A',
+        'new_duplicated_lines_density': 'N/A',
+        'new_violations': 'N/A',
+        'new_code_smells': 'N/A',
+        'new_bugs': 'N/A',
+        'new_vulnerabilities': 'N/A',
+        'new_security_hotspots': 'N/A',
+        'new_maintainability_rating': 'N/A',
+        'reliability_rating': 'N/A',
+        'new_security_rating': 'N/A'
+    }
+    
+    # Merge measures with defaults
+    metrics = default_metrics.copy()
+    if measures:
+        metrics.update(measures)
+    
+    # Get quality gate status
+    quality_gate_status = quality_gate_details.get('status', status) if quality_gate_details else status
+    
     # Truncate output if too long - show last 2000 characters for most relevant info
     max_output_length = 2000
     if len(sonar_output) > max_output_length:
@@ -90,7 +193,25 @@ def create_comment_body(result, status, commit_sha, branch_name, target_branch,
 - **Target:** `{target_branch}`
 - **Analysis Time:** {datetime.now().strftime('%Y-%m-%d %H:%M:%S UTC')}
 
-### 📋 Detailed Results
+### � Key Metrics
+| Metric | Value |
+|--------|-------|
+| **New Lines of Code** | {metrics.get('new_lines', 'N/A')} |
+| **New Duplicated Lines Density** | {metrics.get('new_duplicated_lines_density', metrics.get('duplicated_lines_density', 'N/A'))}% |
+| **New Violations** | {metrics.get('new_violations', 'N/A')} |
+| **New Code Smells** | {metrics.get('new_code_smells', 'N/A')} |
+| **New Bugs** | {metrics.get('new_bugs', 'N/A')} |
+| **New Vulnerabilities** | {metrics.get('new_vulnerabilities', 'N/A')} |
+| **New Security Hotspots** | {metrics.get('new_security_hotspots', 'N/A')} |
+
+### 🏆 Quality Ratings
+| Category | Rating |
+|----------|--------|
+| **New Maintainability Rating** | {metrics.get('new_maintainability_rating', 'N/A')} |
+| **Reliability Rating** | {metrics.get('reliability_rating', 'N/A')} |
+| **New Security Rating** | {metrics.get('new_security_rating', 'N/A')} |
+
+### �📋 Detailed Results
 <details>
 <summary>Click to view SonarQube output</summary>
 
@@ -117,30 +238,67 @@ def main():
 
     parser.add_argument("--branch_name", required=True, help="Source branch name")
     parser.add_argument("--target_branch", required=True, help="Target branch name")
-    parser.add_argument("--sonar_output_file", required=True, help="Path to file containing SonarQube scanner output")
+    parser.add_argument("--sonar_output", help="SonarQube scanner output (deprecated - use --sonar_output_file)")
+    parser.add_argument("--sonar_output_file", help="Path to file containing SonarQube scanner output")
+    parser.add_argument("--sonar_token", help="SonarQube token for API access")
+    parser.add_argument("--sonar_url", default="https://sonarqube.silabs.net", help="SonarQube server URL")
+    parser.add_argument("--project_key", default="github_matter_sdk", help="SonarQube project key")
 
     args = parser.parse_args()
 
     try:
-        # Read SonarQube output from file
-        try:
-            with open(args.sonar_output_file, 'r', encoding='utf-8') as f:
-                sonar_output = f.read()
-        except FileNotFoundError:
-            print(f"❌ Error: SonarQube output file not found: {args.sonar_output_file}")
-            sys.exit(1)
-        except Exception as e:
-            print(f"❌ Error reading SonarQube output file: {str(e)}")
-            sys.exit(1)
+        # Read sonar output from file or use direct argument
+        sonar_output = ""
+        if args.sonar_output_file:
+            try:
+                with open(args.sonar_output_file, 'r') as f:
+                    sonar_output = f.read()
+                print(f"✅ Read SonarQube output from file: {args.sonar_output_file}")
+            except Exception as e:
+                print(f"❌ Error reading sonar output file {args.sonar_output_file}: {str(e)}")
+                if args.sonar_output:
+                    sonar_output = args.sonar_output
+                    print("⚠️  Falling back to direct sonar_output argument")
+                else:
+                    raise
+        elif args.sonar_output:
+            sonar_output = args.sonar_output
+            print("✅ Using direct sonar_output argument")
+        else:
+            raise ValueError("Either --sonar_output_file or --sonar_output must be provided")
+        
+        # Fetch detailed SonarQube information if token is provided
+        quality_gate_details = None
+        measures = None
+        
+        if args.sonar_token:
+            print("🔍 Fetching detailed SonarQube quality gate information...")
+            quality_gate_details = fetch_sonarqube_quality_gate(
+                args.sonar_token, 
+                args.sonar_url, 
+                args.project_key, 
+                args.branch_name, 
+                pr_key=args.pr_number
+            )
+            
+            print("📊 Fetching SonarQube measures...")
+            measures = fetch_sonarqube_measures(
+                args.sonar_token, 
+                args.sonar_url, 
+                args.project_key, 
+                args.branch_name, 
+                pr_key=args.pr_number
+            )
 
         # Create comment body
         comment_body = create_comment_body(
-            args.result,
             args.status,
             args.commit_sha,
             args.branch_name,
             args.target_branch,
-            sonar_output
+            sonar_output,
+            quality_gate_details,
+            measures
         )
 
         # Post PR comment

jenkins_integration/jenkinsFunctions.groovy

@@ -1,28 +1,46 @@
 /**
  * Send SonarQube results to GitHub PR using Python script
  */
-def send_sonar_results_to_github(commit_sha, result, status, sonar_output, pr_number, branch_name, target_branch) {
+def send_sonar_results_to_github(commit_sha, result, status, sonar_output, pr_number, branch_name, target_branch, sonar_token = null) {
     withCredentials([
-        usernamePassword(credentialsId: 'Matter-Extension-GitHub', usernameVariable: 'GITHUB_APP', passwordVariable: 'GITHUB_ACCESS_TOKEN')
+        usernamePassword(credentialsId: 'Matter-Extension-GitHub', usernameVariable: 'GITHUB_APP', passwordVariable: 'GITHUB_ACCESS_TOKEN'),
+        string(credentialsId: 'sonarqube_token', variable: 'SONAR_SECRET')
     ]) {
+        // Use passed token or get from credentials
+        def actualSonarToken = sonar_token ?: SONAR_SECRET
         // Write sonar output to a temporary file to avoid "Argument list too long" error
         def tempFile = "${env.WORKSPACE}/sonar_output_${BUILD_NUMBER}.txt"
         writeFile file: tempFile, text: sonar_output
 
         try {
-            sh """
-                python3 -u jenkins_integration/github/send_sonar_results_to_github.py \\
-                    --github_token \${GITHUB_ACCESS_TOKEN} \\
-                    --repo_owner "SiliconLabsSoftware" \\
-                    --repo_name "matter_sdk" \\
-                    --pr_number ${pr_number} \\
-                    --commit_sha ${commit_sha} \\
-                    --result ${result} \\
-                    --status ${status} \\
-                    --branch_name "${branch_name}" \\
-                    --target_branch "${target_branch}" \\
-                    --sonar_output_file "${tempFile}"
-            """
+            // Get SonarQube server URL with fallbacks
+            def sonarHost = env.SONAR_HOST_URL ?: env.SONAR_SERVER_URL ?: "https://sonarqube.silabs.net"
+            
+            echo "Using SonarQube host: ${sonarHost}"
+            echo "Available SonarQube environment variables:"
+            echo "SONAR_HOST_URL: ${env.SONAR_HOST_URL}"
+            echo "SONAR_SERVER_URL: ${env.SONAR_SERVER_URL}"
+            echo "Sonar token available: ${actualSonarToken != null && !actualSonarToken.isEmpty()}"
+            
+            // Use environment variable to avoid Groovy string interpolation security warning
+            withEnv(["SONAR_TOKEN=${actualSonarToken}", "SONAR_OUTPUT_FILE=${tempFile}"]) {
+                sh """
+                    python3 -u jenkins_integration/github/send_sonar_results_to_github.py \\
+                        --github_token "\${GITHUB_ACCESS_TOKEN}" \\
+                        --repo_owner "SiliconLabsSoftware" \\
+                        --repo_name "matter_sdk" \\
+                        --pr_number ${pr_number} \\
+                        --commit_sha ${commit_sha} \\
+                        --result ${result} \\
+                        --status ${status} \\
+                        --branch_name "${branch_name}" \\
+                        --target_branch "${target_branch}" \\
+                        --sonar_output_file "\${SONAR_OUTPUT_FILE}" \\
+                        --sonar_url "${sonarHost}" \\
+                        --sonar_token "\${SONAR_TOKEN}" \\
+                        --project_key "github_matter_sdk"
+                """
+            }
         } finally {
             // Clean up temporary file
             sh "rm -f '${tempFile}'"
@@ -34,7 +52,7 @@ def send_sonar_results_to_github(commit_sha, result, status, sonar_output, pr_nu
 /**
  * Publishes static analysis results to SonarQube.
  */
-def publishSonarAnalysis() {
+def publishSonarAnalysis(postToGitHub = false) {
 
         // Use the SonarQube environment defined in Jenkins
         withSonarQubeEnv('Silabs SonarQube') {