Once you understand gates and coverage, the next step is to implement them in tools like SonarQube and your CI system. Proper configuration ensures that when quality conditions are not met, builds are visibly marked as failed or blocked.
Configuring Quality Gates in SonarQube and CI
SonarQube allows you to define quality gates based on metrics such as coverage on new code, duplicated lines, code smells and security issues. CI pipelines then run Sonar analysis and can fail the build if the gate is not passed.
# Example: GitHub Actions with SonarQube/SonarCloud (conceptual)
name: Sonar Analysis
on:
pull_request:
branches: [ main ]
jobs:
sonar:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: '21'
- name: Build and test
run: mvn -B verify
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_PROJECT_KEY: my-org_my-project
SONAR_ORGANIZATION: my-org
Other tools, such as GitHub branch protection rules or custom scripts, can also enforce gates like βno failing testsβ or βrequired checks must pass.β
Common Mistakes
Mistake 1 β Enabling strict gates without support
This creates resistance.
β Wrong: Turning on aggressive thresholds overnight without documentation or training.
β Correct: Roll out gates gradually, with examples and coaching.
Mistake 2 β Treating gate failures as optional
This weakens trust.
β Wrong: Overriding or ignoring failed gates whenever there is schedule pressure.
β Correct: Treat failures seriously and have a clear process for exceptions.