Sonarqube Configuration Details

Sonarqube Configuration Details

SonarQube Configuration Details 2020-06-25 Table of Contents Server configuration. 2 Quality Gates . 2 Update . 3 Rules / quality profile . 4 Technical Debt . 5 Troubleshooting . 5 See SonarQube for an older build. 6 Make sure I’ve got all the relevant new rules in my profile . 6 Table 1. History Date Author Detail 2020-01-28 bcouetil Ὅ (all) refactor detail tag to new collapsible asciidoc feature 2020-01-28 bcouetil Ὅ (core) update theme 2020-01-28 bcouetil Ὅ (core) remove sample and build with docker 2019-12-15 Benoît Ὅ (doc) add asciidoc docker generation sample on gitlab + add pipeline sh scripts COUETIL 2018-12-11 bcouetil - Added reveal plugins and background - Fixed reveal css following change in structure in asciidoc-reveal master (from previous version : 1.1.3) - Implemented Zenika layout in HTML and PDF - Reported back reveal-js enhancements 2018-11-28 bcouetil - Updated reveal css for all syntax elements, for both light and dark themes : asciidoc-syntax-quick-reference is now nicely output - Refactored light and dark css, extracting common items into reveal-zenika.css - Added syntax quick reference in all format generated and linked in asciidoc page 2018-11-13 bcouetil - Updated sample project with Reveal.js generation - Duplicated Reveal.js execution to have multiple styles - Compromised layout between 4/3 and 16/9 - Minor changes in Reveal.js css - Added some web comics 2018-09-19 bcouetil - Sample asciidoctor maven project published on Github - Github & LinkedIn links - Sample project tree - new images + resizing and positioning 2018-08-23 bcouetil Initial commit 1 SonarQube helps you calculate and monitor in near real time your code quality for most development languages. Server configuration Quality Gates Click on Quality Gate Create a new one for your project and select your quality gate rules : • Comments is less than 30 then 25 • Coverage is less than 86 then 80 • Maintainability Raiting is worse than A then C • Reliability Raiting is worse than A then C • Security Raiting is worse than A then C • Unit Test Success (%) is worse than A then C In pipelines Use this script to enforce Quality Gate in pipelines. 2 Example 1. sonar-gateway-check.sh #!/bin/bash # # Getting analysis progress status # taskId=`cat $WORKSPACE/build/sonar/report-task.txt |grep ceTaskId |cut -f2 -d "="` sonarApiUrl="curl -u $TOKEN: http://localhost:9000/api" analysisResponse=`$sonarApiUrl/ce/task?id=$taskId` echo "*** global status of SonarQube analysis : $analysisResponse ***" sleep 10s status=`echo "$analysisResponse" | jq .task.status | sed -e 's/^"//' -e 's/"$//'` while [[ "$status" == "IN_PROGRESS" || "$status" == "PENDING" ]] do sleep 10s analysisResponse=`$sonarApiUrl/ce/task?id=$taskId` status=`echo "$analysisResponse" | jq .task.status | sed -e 's/^"//' -e 's/"$//'` done if [ "$status" = "SUCCESS" ] then analysisId=`echo "$analysisResponse" | jq .task.analysisId | sed -e 's/^"//' -e 's/"$//'` else echo "*** SonarQube server failed at analyzing this build ***" exit 1; fi # # Getting gateway result # gatewayResponse=`${sonarApiUrl}/qualitygates/project_status?analysisId=$analysisId` echo "$gatewayResponse" | jq . qualityGateStatus=`echo "$gatewayResponse" | jq '.projectStatus.status' | sed -e 's/^"//' -e 's/"$//'` if [ "$qualityGateStatus" != "OK" ]; then RED='\033[0;31m' echo -e "${RED}/!\ Quality gate shows WARNINGS/ERRORS : You shall not pass ! (∩`-´)⊃━☆" exit 1; fi Update This has to be done only for a new Production Line Administration → System → Update Center • SonarJava : install or update to latest • Findbugs : install • SoftVis3D : install 3 Rules / quality profile Export • Navigate to Quality Profiles → BCT (or your profile) → Actions → Back Up • This will download a XML • On CG-WM, the common java XML quality profile is saved here : src\docs\SonarQube.qualityProfile.BCT.xml Import for an import to be successful, SonarQube must know the rules, so SonarJava and Findbugs must be up to date • Navigate to Quality Profiles → dropdown menu next to Create → Restore Profile • Provide the saved XML Create This has to be done only if you want to define a custom set of rules • Choose Quality Profiles → Java → Sonar way → Copy • Select the newly created profile 4 • Now you can : ◦ Click on the number of active rules to deactivate some ◦ Click on Activate More ◦ Go to Rules, search one and change its value Technical Debt • Select Administration → Configuration → General Settings → Technical Debt • Set Maintainability rating grid = 0.01,0.02,0.03,0.05 ◦ This means that a tech debt < 1% is rated A, a tech debt > 5% is rated E. • Hit save technical debt Troubleshooting 5 See SonarQube for an older build SonarQube does not have history available for browsing, you can only see the last build. So you have to retrigger the gerrit patch to see specific data associated to your change. You can do an empty commit amend from Eclipse. But you can also retrigger from Jenkins. • Go to Jenkins homepage • Navigate to the pipeline/job • If your build is still in the history ◦ Open it ◦ Select Retrigger • Else if your build has been deleted ◦ Go to Jenkins homepage ◦ Click on Query and Trigger Gerrit Patches ◦ In Query String, put your change-id ◦ Click SEARCH ◦ Select the change ◦ Click TRIGGER SELECTED Make sure I’ve got all the relevant new rules in my profile Each time a language plugin update is released, new rules are added, but they won’t appear automatically in your profile unless you’re using a built-in profile such as Sonar way. If you’re not using a built-in profile, you can compare your profile to the built-in profile to see what new on- by-default rules you’re missing. 6 Another option is to go to the Rules space, and use the Available Since search facet to see what rules have been added to the platform since the day you upgraded the relevant plugin. And finally, the profile interface itself will help you be aware of rules added in a new plugin version in the Latest New Rules section on the right of the interface. 7.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    9 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us