Add more details

Author: sabollim-silabs

jenkins_integration/Jenkinsfile

@@ -28,9 +28,9 @@ pipeline
                     def sonarCommitSha = ""
 
                     withDockerContainer(image: 'sonarsource/sonar-scanner-cli:latest') {
-                        def sonarResult = pipelineFunctions.publishSonarAnalysis()
+                        def sonarResult = pipelineFunctions.publishSonarAnalysis(false)
 
-                        // Extract results for GitHub reporting
+                        // Extract results for GitHub posting outside Docker
                         staticAnalysisResult = sonarResult.result
                         staticAnalysisStatus = sonarResult.status
                         staticAnalysisOutput = sonarResult.output
@@ -40,7 +40,8 @@ pipeline
                         echo "Static Analysis Status: ${staticAnalysisStatus}"
                         echo "Commit SHA from SonarQube: ${sonarCommitSha}"
                     }
-                    // Send results to GitHub PR only
+                    
+                    // Post to GitHub outside of Docker container
                     try {
                         if (env.CHANGE_ID) {
                             pipelineFunctions.send_sonar_results_to_github(
@@ -50,11 +51,12 @@ pipeline
                                 staticAnalysisOutput,
                                 env.CHANGE_ID,
                                 env.CHANGE_BRANCH,
-                                env.CHANGE_TARGET
+                                env.CHANGE_TARGET,
+                                null  // sonar_token will be fetched from credentials
                             )
                             echo "✅ Posted SonarQube results to GitHub PR #${env.CHANGE_ID}"
                         } else {
-                            echo "ℹ️  Skipping GitHub PR comment (not a PR or bypass enabled)"
+                            echo "ℹ️  Skipping GitHub PR comment (not a PR)"
                         }
                     } catch (Exception githubEx) {
                         echo "❌ Failed to post to GitHub PR: ${githubEx.getMessage()}"

jenkins_integration/github/send_sonar_results_to_github.py

@@ -8,6 +8,7 @@
 import os
 import requests
 import sys
+import re
 from datetime import datetime
 
 def post_pr_comment(github_token, repo_owner, repo_name, pr_number, comment_body):
@@ -61,17 +62,137 @@ def post_commit_status(github_token, repo_owner, repo_name, commit_sha, state, d
         print(f"Response: {response.text}")
         return False
 
-def create_comment_body(result, status, commit_sha, branch_name, target_branch, sonar_output):
+def fetch_sonarqube_quality_gate(sonar_token, sonar_url, project_key, branch_name, pr_number=None):
+    """Fetch SonarQube quality gate information"""
+    try:
+        headers = {
+            'Authorization': f'Bearer {sonar_token}',
+            'Accept': 'application/json'
+        }
+        
+        component_key = project_key
+        if pr_number:
+            component_key = f"{project_key}/pull/{pr_number}"
+        
+        qg_url = f"{sonar_url}/api/qualitygates/project_status"
+        qg_params = {'projectKey': component_key}
+        
+        qg_response = requests.get(qg_url, headers=headers, params=qg_params, timeout=30)
+        
+        if qg_response.status_code == 200:
+            qg_data = qg_response.json()
+            if 'projectStatus' in qg_data:
+                return qg_data['projectStatus']
+        else:
+            print(f"⚠️  Could not fetch quality gate status: {qg_response.status_code}")
+    except Exception as e:
+        print(f"⚠️  Error fetching quality gate: {str(e)}")
+    
+    return None
+
+def fetch_sonarqube_measures(sonar_token, sonar_url, project_key, branch_name, pr_number=None):
+    """Fetch SonarQube measures from SonarQube server API"""
+    metrics = {
+        'duplicated_lines': 'N/A',
+        'new_violations': 'N/A',
+        'new_code_smells': 'N/A',
+        'new_maintainability_rating': 'N/A',
+        'new_bugs': 'N/A',
+        'reliability_rating': 'N/A',
+        'new_vulnerabilities': 'N/A',
+        'new_security_rating': 'N/A',
+        'new_security_hotspots': 'N/A',
+        'ncloc': 'N/A'
+    }
+    
+    try:
+        # Prepare headers for SonarQube API
+        headers = {
+            'Authorization': f'Bearer {sonar_token}',
+            'Accept': 'application/json'
+        }
+        
+        # Determine component key - use pullRequest key if it's a PR analysis
+        component_key = project_key
+        if pr_number:
+            component_key = f"{project_key}/pull/{pr_number}"
+        
+        # Define metrics to fetch from SonarQube API
+        metric_keys = [
+            'duplicated_lines',
+            'new_violations',
+            'new_code_smells', 
+            'new_maintainability_rating',
+            'new_bugs',
+            'reliability_rating',
+            'new_vulnerabilities',
+            'new_security_rating',
+            'new_security_hotspots',
+            'ncloc'
+        ]
+        
+        # Fetch metrics from SonarQube API
+        metrics_url = f"{sonar_url}/api/measures/component"
+        params = {
+            'component': component_key,
+            'metricKeys': ','.join(metric_keys)
+        }
+        
+        print(f"🔍 Fetching metrics from SonarQube: {metrics_url}")
+        print(f"📊 Component: {component_key}")
+        
+        response = requests.get(metrics_url, headers=headers, params=params, timeout=30)
+        
+        if response.status_code == 200:
+            data = response.json()
+            
+            if 'component' in data and 'measures' in data['component']:
+                for measure in data['component']['measures']:
+                    metric_key = measure.get('metric')
+                    value = measure.get('value', 'N/A')
+                    
+                    if metric_key in metrics:
+                        metrics[metric_key] = value
+                        print(f"📈 {metric_key}: {value}")
+            else:
+                print("⚠️  No measures found in SonarQube response")
+        else:
+            print(f"❌ Failed to fetch metrics from SonarQube: {response.status_code}")
+            print(f"Response: {response.text}")
+            
+    except Exception as e:
+        print(f"❌ Error fetching SonarQube metrics: {str(e)}")
+    
+    return metrics
+
+def create_comment_body(status, commit_sha, branch_name, target_branch, sonar_output, quality_gate_details=None, measures=None):
     """Create formatted comment body for GitHub PR"""
 
     # Determine status emoji and text
-    if result == "PASS":
+    if status == "PASSED":
         result_emoji = "✅"
         result_text = "**PASSED**"
     else:
         result_emoji = "❌"
         result_text = "**FAILED**"
 
+    # Use measures if available, otherwise show N/A
+    metrics = measures if measures else {
+        'ncloc': 'N/A',
+        'duplicated_lines': 'N/A',
+        'new_violations': 'N/A',
+        'new_code_smells': 'N/A',
+        'new_bugs': 'N/A',
+        'new_vulnerabilities': 'N/A',
+        'new_security_hotspots': 'N/A',
+        'new_maintainability_rating': 'N/A',
+        'reliability_rating': 'N/A',
+        'new_security_rating': 'N/A'
+    }
+    
+    # Get quality gate status
+    quality_gate_status = quality_gate_details.get('status', status) if quality_gate_details else status
+    
     # Truncate output if too long - show last 2000 characters for most relevant info
     max_output_length = 2000
     if len(sonar_output) > max_output_length:
@@ -90,7 +211,26 @@ def create_comment_body(result, status, commit_sha, branch_name, target_branch,
 - **Target:** `{target_branch}`
 - **Analysis Time:** {datetime.now().strftime('%Y-%m-%d %H:%M:%S UTC')}
 
-### 📋 Detailed Results
+### � Key Metrics
+| Metric | Value |
+|--------|-------|
+| **Lines of Code (NCLOC)** | {metrics['ncloc']} |
+| **Duplicated Lines** | {metrics['duplicated_lines']} |
+| **New Violations** | {metrics['new_violations']} |
+| **New Code Smells** | {metrics['new_code_smells']} |
+| **New Bugs** | {metrics['new_bugs']} |
+| **New Vulnerabilities** | {metrics['new_vulnerabilities']} |
+| **New Security Hotspots** | {metrics['new_security_hotspots']} |
+
+### 🏆 Quality Ratings
+| Category | Rating |
+|----------|--------|
+| **New Maintainability Rating** | {metrics['new_maintainability_rating']} |
+| **Reliability Rating** | {metrics['reliability_rating']} |
+| **New Security Rating** | {metrics['new_security_rating']} |
+| **Quality Gate Details** | {metrics['quality_gate_details']} |
+
+### �📋 Detailed Results
 <details>
 <summary>Click to view SonarQube output</summary>
 
@@ -117,30 +257,67 @@ def main():
 
     parser.add_argument("--branch_name", required=True, help="Source branch name")
     parser.add_argument("--target_branch", required=True, help="Target branch name")
-    parser.add_argument("--sonar_output_file", required=True, help="Path to file containing SonarQube scanner output")
+    parser.add_argument("--sonar_output", help="SonarQube scanner output (deprecated - use --sonar_output_file)")
+    parser.add_argument("--sonar_output_file", help="Path to file containing SonarQube scanner output")
+    parser.add_argument("--sonar_token", help="SonarQube token for API access")
+    parser.add_argument("--sonar_url", default="https://sonarqube.silabs.net", help="SonarQube server URL")
+    parser.add_argument("--project_key", default="github_matter_sdk", help="SonarQube project key")
 
     args = parser.parse_args()
 
     try:
-        # Read SonarQube output from file
-        try:
-            with open(args.sonar_output_file, 'r', encoding='utf-8') as f:
-                sonar_output = f.read()
-        except FileNotFoundError:
-            print(f"❌ Error: SonarQube output file not found: {args.sonar_output_file}")
-            sys.exit(1)
-        except Exception as e:
-            print(f"❌ Error reading SonarQube output file: {str(e)}")
-            sys.exit(1)
+        # Read sonar output from file or use direct argument
+        sonar_output = ""
+        if args.sonar_output_file:
+            try:
+                with open(args.sonar_output_file, 'r') as f:
+                    sonar_output = f.read()
+                print(f"✅ Read SonarQube output from file: {args.sonar_output_file}")
+            except Exception as e:
+                print(f"❌ Error reading sonar output file {args.sonar_output_file}: {str(e)}")
+                if args.sonar_output:
+                    sonar_output = args.sonar_output
+                    print("⚠️  Falling back to direct sonar_output argument")
+                else:
+                    raise
+        elif args.sonar_output:
+            sonar_output = args.sonar_output
+            print("✅ Using direct sonar_output argument")
+        else:
+            raise ValueError("Either --sonar_output_file or --sonar_output must be provided")
+        
+        # Fetch detailed SonarQube information if token is provided
+        quality_gate_details = None
+        measures = None
+        
+        if args.sonar_token:
+            print("🔍 Fetching detailed SonarQube quality gate information...")
+            quality_gate_details = fetch_sonarqube_quality_gate(
+                args.sonar_token, 
+                args.sonar_url, 
+                args.project_key, 
+                args.branch_name, 
+                args.pr_number
+            )
+            
+            print("📊 Fetching SonarQube measures...")
+            measures = fetch_sonarqube_measures(
+                args.sonar_token, 
+                args.sonar_url, 
+                args.project_key, 
+                args.branch_name, 
+                args.pr_number
+            )
 
         # Create comment body
         comment_body = create_comment_body(
-            args.result,
             args.status,
             args.commit_sha,
             args.branch_name,
             args.target_branch,
-            sonar_output
+            sonar_output,
+            quality_gate_details,
+            measures
         )
 
         # Post PR comment

jenkins_integration/jenkinsFunctions.groovy

@@ -1,28 +1,46 @@
 /**
  * Send SonarQube results to GitHub PR using Python script
  */
-def send_sonar_results_to_github(commit_sha, result, status, sonar_output, pr_number, branch_name, target_branch) {
+def send_sonar_results_to_github(commit_sha, result, status, sonar_output, pr_number, branch_name, target_branch, sonar_token = null) {
     withCredentials([
-        usernamePassword(credentialsId: 'Matter-Extension-GitHub', usernameVariable: 'GITHUB_APP', passwordVariable: 'GITHUB_ACCESS_TOKEN')
+        usernamePassword(credentialsId: 'Matter-Extension-GitHub', usernameVariable: 'GITHUB_APP', passwordVariable: 'GITHUB_ACCESS_TOKEN'),
+        string(credentialsId: 'sonarqube_token', variable: 'SONAR_SECRET')
     ]) {
+        // Use passed token or get from credentials
+        def actualSonarToken = sonar_token ?: SONAR_SECRET
         // Write sonar output to a temporary file to avoid "Argument list too long" error
         def tempFile = "${env.WORKSPACE}/sonar_output_${BUILD_NUMBER}.txt"
         writeFile file: tempFile, text: sonar_output
 
         try {
-            sh """
-                python3 -u jenkins_integration/github/send_sonar_results_to_github.py \\
-                    --github_token \${GITHUB_ACCESS_TOKEN} \\
-                    --repo_owner "SiliconLabsSoftware" \\
-                    --repo_name "matter_sdk" \\
-                    --pr_number ${pr_number} \\
-                    --commit_sha ${commit_sha} \\
-                    --result ${result} \\
-                    --status ${status} \\
-                    --branch_name "${branch_name}" \\
-                    --target_branch "${target_branch}" \\
-                    --sonar_output_file "${tempFile}"
-            """
+            // Get SonarQube server URL with fallbacks
+            def sonarHost = env.SONAR_HOST_URL ?: env.SONAR_SERVER_URL ?: "https://sonarqube.silabs.net"
+            
+            echo "Using SonarQube host: ${sonarHost}"
+            echo "Available SonarQube environment variables:"
+            echo "SONAR_HOST_URL: ${env.SONAR_HOST_URL}"
+            echo "SONAR_SERVER_URL: ${env.SONAR_SERVER_URL}"
+            echo "Sonar token available: ${actualSonarToken != null && !actualSonarToken.isEmpty()}"
+            
+            // Use environment variable to avoid Groovy string interpolation security warning
+            withEnv(["SONAR_TOKEN=${actualSonarToken}", "SONAR_OUTPUT_FILE=${tempFile}"]) {
+                sh """
+                    python3 -u jenkins_integration/github/send_sonar_results_to_github.py \\
+                        --github_token "\${GITHUB_ACCESS_TOKEN}" \\
+                        --repo_owner "SiliconLabsSoftware" \\
+                        --repo_name "matter_sdk" \\
+                        --pr_number ${pr_number} \\
+                        --commit_sha ${commit_sha} \\
+                        --result ${result} \\
+                        --status ${status} \\
+                        --branch_name "${branch_name}" \\
+                        --target_branch "${target_branch}" \\
+                        --sonar_output_file "\${SONAR_OUTPUT_FILE}" \\
+                        --sonar_url "${sonarHost}" \\
+                        --sonar_token "\${SONAR_TOKEN}" \\
+                        --project_key "github_matter_sdk"
+                """
+            }
         } finally {
             // Clean up temporary file
             sh "rm -f '${tempFile}'"
@@ -34,7 +52,7 @@ def send_sonar_results_to_github(commit_sha, result, status, sonar_output, pr_nu
 /**
  * Publishes static analysis results to SonarQube.
  */
-def publishSonarAnalysis() {
+def publishSonarAnalysis(postToGitHub = false) {
 
         // Use the SonarQube environment defined in Jenkins
         withSonarQubeEnv('Silabs SonarQube') {