Refactor Jenkins pipeline to enhance SonarQube analysis stage with manual scanner installation and improved environment variable handling

Jenkins/Build.Jenkinsfile

@@ -3,29 +3,42 @@ pipeline {
     // Defines the execution environment. Using 'agent any' to ensure an agent is available.
     agent any 
 
+    // Define environment variables for fixed values and credentials needed later
+    environment {
+        // Sonar Host URL taken from your previous successful log injection
+        SONAR_HOST_URL = 'https://sonarqube.ennogelhaus.de/'
+        // IMPORTANT: Replace this with the ID of your Jenkins Secret Text credential containing the Sonar Token
+        SONAR_TOKEN_CREDENTIAL_ID = 'YOUR_SECRET_TOKEN_ID' 
+        // This will hold the path to the downloaded scanner directory later
+        SCANNER_HOME = '' 
+    }
+
     stages {
         // Stage 1: Checkout the code (Relies on the initial SCM checkout done by Jenkins)
         stage('Source Checkout') {
             steps {
                 echo "Workspace already populated by the initial SCM checkout. Proceeding."
-                // No explicit checkout needed, as the initial checkout is successful.
             }
         }
 
         // Stage 2: Setup Node.js v20 and install pnpm
         stage('Setup Environment') {
             steps {
-                // Simplified environment setup based on previous successful execution.
+                // Ensure required utilities are installed (curl, unzip, which is needed for scanner extraction)
+                sh '''
+                    echo "Ensuring required utilities are installed (curl, unzip)..."
+                    sudo apt-get update
+                    sudo apt-get install -y curl unzip
+                '''
+                
+                // Install Node.js v20 and pnpm
                 sh '''
-                    # 1. Install Node.js v20 (closest matching the specified version '20.17.0')
-                    # We assume 'curl' is available and installation proceeds without lock conflicts now.
                     echo "Setting up Node.js v20..."
                     curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
                     sudo apt-get install -y nodejs
-                    
                     echo "Node.js version: \$(node -v)"
                     
-                    # 2. Install pnpm globally (version 8)
+                    echo "Installing pnpm globally..."
                     npm install -g pnpm@8
                     echo "pnpm version: \$(pnpm -v)"
                 '''
@@ -40,27 +53,44 @@ pipeline {
             }
         }
 
-        // Stage 4: Run SonarQube analysis using the Jenkins plugin's environment.
+        // Stage 4: Manual SonarQube Analysis (Download Scanner + Execute)
         stage('SonarQube Analysis') {
             steps {
                 script {
                     // 1. Get the short 8-character commit SHA for project versioning
                     def commitShaShort = sh(returnStdout: true, script: 'git rev-parse --short=8 HEAD').trim()
                     echo "Commit SHA (short) is: ${commitShaShort}"
-                    
-                    // 2. Use withSonarQubeEnv to set up the environment and PATH for sonar-scanner.
-                    // IMPORTANT: Replace 'YourSonarServerName' with the name you configured 
-                    // for your SonarQube server instance in Jenkins (Manage Jenkins -> Configure System).
-                    withSonarQubeEnv(installationName: 'SonarQube-Server') {
-                        // 3. Execute sonar-scanner CLI
+
+                    // --- Manual Scanner Installation ---
+                    // Download the latest scanner CLI package and extract it into the workspace
+                    sh """
+                        echo "Downloading Sonar Scanner CLI..."
+                        # Using a stable, public download link for the scanner CLI
+                        curl -sS -o sonar-scanner.zip \
+                        "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747.zip"
+                        
+                        unzip -q sonar-scanner.zip -d .
+                        
+                        # Find the extracted directory name (e.g., sonar-scanner-4.7.0.2747)
+                        def scannerDir = sh(returnStdout: true, script: 'find . -maxdepth 1 -type d -name "sonar-scanner*" | head -n 1').trim()
+                        
+                        echo "Scanner extracted to: \${scannerDir}"
+                        env.SCANNER_HOME = "\${scannerDir}"
+                    """
+
+                    // 2. Use withCredentials to inject the token securely
+                    // The token is temporarily available as SONAR_TOKEN_VAR inside this block.
+                    withCredentials([string(credentialsId: env.SONAR_TOKEN_CREDENTIAL_ID, variable: 'SONAR_TOKEN_VAR')]) {
+                        // 3. Execute sonar-scanner CLI using the direct path
                         sh """
                             echo "Starting SonarQube Analysis for project version: ${commitShaShort}"
-                            sonar-scanner \\
+                            
+                            \${SCANNER_HOME}/bin/sonar-scanner \\
                                 -Dsonar.projectVersion=${commitShaShort} \\
                                 -Dsonar.sources=. \\
-                                -Dsonar.host.url=\${SONAR_HOST_URL} \\
-                                -Dsonar.token=\${SONAR_AUTH_TOKEN}
-                                # Add -Dsonar.projectKey=YourKeyHere if not defined in sonar-project.properties
+                                -Dsonar.host.url=${env.SONAR_HOST_URL} \\
+                                -Dsonar.token=\${env.SONAR_AUTH_TOKEN}
+                                # Replace 'YOUR_PROJECT_KEY_HERE' with the unique key for your project in SonarQube.
                         """
                     }
                 }