Fix SonarQube run enable/disable logic (#1261)

Author: BraisVQ

CHANGELOG.md

@@ -10,6 +10,7 @@
 * Add component information in automatic release close notes ([#1254](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1254))
 
 ### Fixed
+* Fix SonarQube run enable/disable logic  ([#1259](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1259))
 * Log correct error message for wrong preview-branch value ([#1249](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1249))
 * Fail the pipeline when no version specified for a deploy to Q, P ([#1248](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1248))
 * Fix Tailor deployment drifts for D, Q envs ([#1055](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1055))

src/org/ods/component/AutomaticSonarScanner.groovy

@@ -66,22 +66,18 @@ class AutomaticSonarScanner implements Serializable {
                 "Parameter 'projects.${context.projectId}.enabled' at cluster level exists"
             )
         } else {
-            configurationSonarProject.put('enabled', true)
             logger.info(
-                "Not parameter 'projects.${context.projectId}.enabled' at cluster level. " +
-                "Default enabled"
+                "Not parameter 'projects.${context.projectId}.enabled' at cluster level."
             )
         }
 
-        boolean enabledInCluster = Boolean.valueOf(
-            configurationSonarCluster['enabled']?.toString() ?: "true"
-        )
-        boolean enabledInProject = Boolean.valueOf(
-            configurationSonarProject['enabled']?.toString() ?: "true"
-        )
+        // Project config takes precedence: if project is explicitly configured, use its value
+        // Otherwise, fall back to cluster config
+        boolean shouldRun = configurationSonarProject.isEmpty() ?
+            Boolean.valueOf(configurationSonarCluster['enabled']?.toString() ?: "true") :
+            Boolean.valueOf(configurationSonarProject['enabled']?.toString() ?: "true")
 
-        // Only run scan if enabled in both cluster and project
-        if (enabledInCluster && enabledInProject) {
+        if (shouldRun) {
             Stage sonarStage = new ScanWithSonarStage(
                 script,
                 context,
@@ -96,20 +92,14 @@ class AutomaticSonarScanner implements Serializable {
             sonarStage.execute()
             logger.info("Automatic SonarQube scan completed successfully")
         } else {
-            if (!enabledInCluster && !enabledInProject) {
-                logger.warn(
-                    "Skipping SonarQube scan because it is not enabled at cluster nor " +
-                    "project level"
-                )
-            } else if (enabledInCluster) {
-                logger.warn(
-                    "Skipping SonarQube scan because it is not enabled at project level"
-                )
-            } else {
-                logger.warn(
-                    "Skipping SonarQube scan because it is not enabled at cluster level"
-                )
-            }
+            String reason = !configurationSonarProject.isEmpty() ?
+                "project is not enabled" :
+                "is not enabled at cluster level"
+            logger.warn(
+                "Skipping SonarQube scan because $reason " +
+                "in '${ScanWithSonarStage.SONAR_CONFIG_MAP_NAME}' ConfigMap " +
+                "in ${config.odsNamespace.OPENSHIFT_BUILD_NAMESPACE} project"
+            )
         }
     }
 

test/groovy/vars/OdsComponentStageScanWithSonarSpec.groovy

@@ -117,29 +117,66 @@ class OdsComponentStageScanWithSonarSpec extends PipelineSpockTestBase {
         assertJobStatusSuccess()
     }
 
-    def "skips scan if not enabled in cluster and project"() {
-        given:
-        def c = config + [environment: 'dev']
-        IContext context = new Context(null, c, logger)
-        BitbucketService bitbucketService = Stub(BitbucketService.class)
-        ServiceRegistry.instance.add(BitbucketService, bitbucketService)
-        NexusService nexusService = Mock(NexusService.class)
-        ServiceRegistry.instance.add(NexusService, nexusService)
-        SonarQubeService sonarQubeService = Stub(SonarQubeService.class)
-        ServiceRegistry.instance.add(SonarQubeService, sonarQubeService)
-        def script = loadScript('vars/odsComponentStageScanWithSonar.groovy')
-        script.env.OPENSHIFT_BUILD_NAMESPACE = 'test-namespace'
-        helper.registerAllowedMethod('emailext', [Map]) { Map args -> }
-        // Mock sh to return config map with enabled=false
-        helper.registerAllowedMethod('sh', [Map]) { Map args -> '{"data": {"enabled": "false", "alertEmails": "test@example.com"}}' }
-        when:
-        script.call(context)
-        then:
-        printCallStack()
-        assertCallStackContains('SonarQube scan not enabled at cluster level')
-        assertJobStatusSuccess()
+  @Unroll
+  def "enable/disable scan: clusterEnabled=#clusterEnabled, projectEnabled=#projectEnabled"() {
+    // The configmap key for project-level override is "projects.<projectId>.enabled".
+    // The shared config has projectId='foo', so the key is "projects.foo.enabled".
+    // Project value always governs when the key is present; cluster value is ignored.
+    given:
+    def c = config + [environment: 'dev']
+    IContext context = new Context(null, c, logger)
+    BitbucketService bitbucketService = Stub(BitbucketService.class)
+    bitbucketService.findPullRequest(*_) >> [:]
+    ServiceRegistry.instance.add(BitbucketService, bitbucketService)
+    NexusService nexusService = Mock(NexusService.class)
+    ServiceRegistry.instance.add(NexusService, nexusService)
+    SonarQubeService sonarQubeService = Stub(SonarQubeService.class)
+    sonarQubeService.readProperties() >> ['sonar.projectKey': 'foo']
+    sonarQubeService.readTask() >> ['ceTaskId': 'AXxaAoUSsjAMlIY9kNmn']
+    sonarQubeService.scan(*_) >> null
+    sonarQubeService.getQualityGateJSON(*_) >> '{"projectStatus":{"status":"OK"}}'
+    sonarQubeService.getComputeEngineTaskResult(*_) >> 'SUCCESS'
+    sonarQubeService.getSonarQubeHostUrl() >> 'https://sonarqube.example.com'
+    ServiceRegistry.instance.add(SonarQubeService, sonarQubeService)
+
+    when:
+    def script = loadScript('vars/odsComponentStageScanWithSonar.groovy')
+    script.env.WORKSPACE = tempFolder.getRoot().absolutePath
+    script.env.OPENSHIFT_BUILD_NAMESPACE = 'test-namespace'
+    helper.registerAllowedMethod('archiveArtifacts', [Map]) { Map args -> }
+    helper.registerAllowedMethod('stash', [Map]) { Map args -> }
+    helper.registerAllowedMethod('readFile', [Map]) { Map args -> '' }
+    helper.registerAllowedMethod('emailext', [Map]) { Map args -> }
+    helper.registerAllowedMethod('sh', [Map]) { Map args -> configMapJson }
+    script.call(context)
+
+    then:
+    printCallStack()
+    assertJobStatusSuccess()
+    if (shouldScan) {
+      assertCallStackContains('SonarQube Analysis')
+    } else {
+      assertCallStackContains(skipReason)
+      assertCallStackContains('SonarQube scan not enabled')
     }
 
+    where:
+    // Project value always takes precedence; cluster value is irrelevant when project key is present.
+    clusterEnabled | projectEnabled || configMapJson                                                                          | shouldScan | skipReason
+    'true'         | 'true'         || '{"data": {"enabled": "true",  "projects.foo.enabled": "true"}}'                      | true       | ''
+    'true'         | 'false'        || '{"data": {"enabled": "true",  "projects.foo.enabled": "false"}}'                     | false      | 'Skipping SonarQube scan because project is not enabled'
+    // Project enabled=true overrides a disabled cluster → scan MUST run
+    'false'        | 'true'         || '{"data": {"enabled": "false", "projects.foo.enabled": "true"}}'                      | true       | ''
+    // Project disabled regardless of cluster state → scan MUST NOT run
+    'false'        | 'false'        || '{"data": {"enabled": "false", "projects.foo.enabled": "false"}}'                     | false      | 'Skipping SonarQube scan because project is not enabled'
+    // Cluster enabled not explicitly set (defaults true); project value still governs
+    'not set'      | 'true'         || '{"data": {"projects.foo.enabled": "true"}}'                                           | true       | ''
+    'not set'      | 'false'        || '{"data": {"projects.foo.enabled": "false"}}'                                          | false      | 'Skipping SonarQube scan because project is not enabled'
+    // Project not set (empty map) → falls back to cluster configuration
+    'true'         | 'not set'      || '{"data": {"enabled": "true"}}'                                                         | true       | ''
+    'false'        | 'not set'      || '{"data": {"enabled": "false"}}'                                                        | false      | 'Skipping SonarQube scan because is not enabled at cluster level'
+  }
+
   @Unroll
   def "checks quality gate"() {
     given:

vars/odsComponentStageScanWithSonar.groovy

@@ -103,11 +103,11 @@ private List fetchSonarConfig(OpenShiftService openShiftService, IContext contex
     Map configurationSonarProject = [:]
     def key = "projects." + context.projectId + ".enabled"
     if (configurationSonarCluster.containsKey(key)) {
+        // Store the actual project-level configuration
         configurationSonarProject.put('enabled', configurationSonarCluster.get(key))
         logger.info "Parameter 'projects.${context.projectId}.enabled' at cluster level exists"
     } else {
-        configurationSonarProject.put('enabled', true)
-        logger.info "Not parameter 'projects.${context.projectId}.enabled' at cluster level. Default enabled"
+        logger.info "Not parameter 'projects.${context.projectId}.enabled' at cluster level."
     }
     return [configurationSonarCluster, configurationSonarProject, alertEmails]
 }
@@ -120,12 +120,15 @@ private String handleSonarScan(
     Map services // expects keys: bitbucketService, sonarQubeService, nexusService, logger
 ) {
     String errorMessages = ''
-    boolean enabledInCluster = Boolean.valueOf(configurationSonarCluster['enabled']?.toString() ?: "true")
-    boolean enabledInProject = Boolean.valueOf(configurationSonarProject['enabled']?.toString() ?: "true")
     if (configurationSonarCluster['nexusRepository']) {
         config.sonarQubeNexusRepository = configurationSonarCluster['nexusRepository']
     }
-    if (enabledInCluster && enabledInProject) {
+    // Project config takes precedence: if project is explicitly configured, use its value
+    // Otherwise, fall back to cluster config
+    boolean shouldRun = configurationSonarProject.isEmpty() ?
+        Boolean.valueOf(configurationSonarCluster['enabled']?.toString() ?: "true") :
+        Boolean.valueOf(configurationSonarProject['enabled']?.toString() ?: "true")
+    if (shouldRun) {
         new ScanWithSonarStage(
             this,
             context,
@@ -137,21 +140,14 @@ private String handleSonarScan(
             configurationSonarCluster,
             configurationSonarProject
         ).execute()
-    } else if (!enabledInCluster && !enabledInProject) {
-        services.logger.warn("Skipping SonarQube scan because is not enabled nor cluster nor project " +
+    } else {
+        String reason = !configurationSonarProject.isEmpty() ?
+            "project is not enabled" :
+            "is not enabled at cluster level"
+        services.logger.warn("Skipping SonarQube scan because $reason " +
             "in '${ScanWithSonarStage.SONAR_CONFIG_MAP_NAME}' ConfigMap " +
             "in ${config.odsNamespace.OPENSHIFT_BUILD_NAMESPACE} project")
-        errorMessages += "<li>SonarQube scan not enabled at cluster nor project level</li>"
-    } else if (enabledInCluster) {
-        services.logger.warn("Skipping SonarQube scan because is not enabled at project level " +
-            "in '${ScanWithSonarStage.SONAR_CONFIG_MAP_NAME}' " +
-            "ConfigMap in ${config.odsNamespace.OPENSHIFT_BUILD_NAMESPACE} project")
-        errorMessages += "<li>SonarQube scan not enabled at project level</li>"
-    } else {
-        services.logger.warn("Skipping SonarQube scan because is not enabled at cluster level " +
-            "in '${ScanWithSonarStage.SONAR_CONFIG_MAP_NAME}' " +
-            "ConfigMap in ${config.odsNamespace.OPENSHIFT_BUILD_NAMESPACE} project")
-        errorMessages += "<li>SonarQube scan not enabled at cluster level</li>"
+        errorMessages += "<li>SonarQube scan not enabled</li>"
     }
     return errorMessages
 }