diff --git a/Jenkinsfile b/Jenkinsfile index d9777978b61f..d290bf64da1d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -44,14 +44,23 @@ node('ubuntu') { withEnv(["Path+JDK=$JAVA_JDK_17/bin","JAVA_HOME=$JAVA_JDK_17"]) { withCredentials([string(credentialsId: 'SONARCLOUD_TOKEN', variable: 'SONAR_TOKEN')]) { def JVM_ARGS = "-XX:+UseG1GC -Xmx1536m -XX:MaxMetaspaceSize=512m" - def COMMON_ARGS = "build --no-parallel --no-daemon jacocoAggregateTestReport sonar -PenableJacoco -Porg.sonarqube.version=4.4.1.3373 -Dsonar.token=${SONAR_TOKEN} -Dorg.gradle.jvmargs='${JVM_ARGS}' " + // SONAR_TOKEN is a secret and can't be interpolated in a Groovy string for security measures, + // see https://www.jenkins.io/doc/book/pipeline/jenkinsfile/#interpolation-of-sensitive-environment-variables + def COMMON_ARGS = """ + build --no-parallel --no-daemon jacocoAggregateTestReport \ + sonar -PenableJacoco -Porg.sonarqube.version=4.4.1.3373 \ + -Dorg.gradle.jvmargs='${JVM_ARGS}' + """ if (env.BRANCH_NAME.startsWith("PR-")) { - def PR_ARGS = "-Dsonar.pullrequest.branch=${CHANGE_BRANCH} -Dsonar.pullrequest.base=${CHANGE_TARGET} -Dsonar.pullrequest.key=${CHANGE_ID}" - sh "./gradlew ${COMMON_ARGS} ${PR_ARGS}" + def PR_ARGS = """ + -Dsonar.pullrequest.branch=${CHANGE_BRANCH} \ + -Dsonar.pullrequest.base=${CHANGE_TARGET} \ + -Dsonar.pullrequest.key=${CHANGE_ID} + """ + sh "./gradlew ${COMMON_ARGS} ${PR_ARGS} -Dsonar.token=${SONAR_TOKEN}" } else { - def BRANCH_ARGS = "-Dsonar.branch.name=${BRANCH_NAME}" - sh "./gradlew ${COMMON_ARGS} ${BRANCH_ARGS}" + sh "./gradlew ${COMMON_ARGS} -Dsonar.branch.name=${BRANCH_NAME} -Dsonar.token=${SONAR_TOKEN}" } } } @@ -59,4 +68,3 @@ node('ubuntu') { } cleanWs() } -