Page tree
Skip to end of metadata
Go to start of metadata

Introduction

ASF Sonar Instance is deprecated and removed as of 29th November 2019. 

We have formally deprecated the use of the ASF Sonar Instance, and are no longer accepting new projects there.

Instead, we are migrating all jobs to sonarcloud.io . All new requests are to be configured there also.

If your project has not yet migrated, please see below for instructions on how to get back up and running again.


Notes for Committers/Projects:

Migrating from ASF Sonar to Sonarcloud


  1. Log in to sonarcloud.io with your Github Credentials.
  2. File an INFRA Jira ticket to have a new project created at sonarcloud.io .
  3. Ask on the INFRA ticket to be made Admin of the new project, mentioning your Github ID.
    1. Please confirm on the ticket that you have logged into sonarcloud.io with your ASF Linked Github ID.
    2. If you do not see any Apache project, please check if you configured a Public access to your ASF organisation membership in Github
  4. To configure the SonarCloud analysis, you need:
    1. A new project key: INFRA will give it to you - if you have a preference for the project key, mention this in the ticket.
    2. A user token: you can generate it on your own on https://sonarcloud.io/account/security/ .
    3. If you are using Github Actions, please email root.at.apache.org with the Secret details to be added.


In a Jenkins file, here is an example of how to run the SonarCloud analysis:


Example code
stage('Code Quality') {
    steps {
        echo 'Checking Code Quality on SonarCloud'
        // Main parameters
        def sonarcloudParams="-Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=apache -Dsonar.projectKey=apache_project_key_provided_by_infra"
        if ( env.BRANCH_NAME.startsWith("PR-") ) {
        // this is a pull request
        sonarcloudParams="${sonarcloudParams} -Dsonar.pullrequest.branch=${CHANGE_BRANCH} -Dsonar.pullrequest.base=${CHANGE_TARGET} -Dsonar.pullrequest.key=${CHANGE_ID}"
        } else {
        // this is just a branch
        sonarcloudParams="${sonarcloudParams} -Dsonar.branch.name=${BRANCH_NAME}"
        }
        // Then run the analysis
        // 'my-sonarcloud-token' needs to be defined for this job and contains the user token
        withCredentials([string(credentialsId: 'my-sonarcloud-token', variable: 'SONAR_TOKEN')]) {
            sh 'mvn clean verify sonar:sonar ${sonarcloudParams} -Dsonar.login=${SONAR_TOKEN}'
        }
    }
}
Configurations
Git/Github

You can look at some configuration done for already onboarded projects:

Subversion

SVN is not supported at Sonarcloud, so a workaround is to use an Apache Github mirror of your SVN project.
File an INFRA ticket if you need one set up.

See the PDFBox Jenkins job and this related INFRA Jira ticket as an example of an SVN based project using Sonarcloud and Github.

Permissions

Infra will add one or more committers to an auth group that will have full admin rights to the project's repository/repositories.
You can then add individuals' access via the repos admin area (as long as they have logged into sonarcloud.io) or you can request that Infra add them to the auth group.

Notes for INFRA:

  1. Goto sonarcloud.io and log in with your Github Credentials.
    1a. You will need to be a member of the 'owners' group to continue, ask Gavin McDonald for assistance.
  2. Goto https://sonarcloud.io/projects/create (This link is not seemingly anywhere navigable in the UI. Also there is a different url that can be navigated to in the UI - https://sonarcloud.io/organizations/apache/projects_management then there is a 'Create Project' link on that page. This is NOT the recommended way to do it so please avoid. Going direct to https://sonarcloud.io/projects/create is the correct way and searches for and links directly to the Github repo you need (See step 3)). See also screenshot Figure 1.
  3. Select "Apache" in the organization list, wait a bit (can be a bit long) and search for the project repository: select it and click "Set Up". You will end up on the new page for the project, and you can find its key (project key) in the URL. This project key needs to be provided to the committer who will created the INFRA ticket.
  4. (If needed) Goto https://sonarcloud.io/organizations/apache/groups and then 'Create Group'.
  5. Add requested members to the Group, they will only be listed if they have previously logged in to sonarcloud.io with their Github ID.
  6. Give the Group all 4 auth options to the project in the project's Administration → Permissions area.
  7. Optionally (i.e. If they ask for it!) , give the group the ability to manage custom quality profiles and gates, navigate to https://sonarcloud.io/organizations/apache/permissions See also screenshot Figure 2
    1. select Quality Gates
    2. select Quality Profiles


Figure 1


Figure 2


2 Comments

  1. for Apache projects that have many Git repositories, please provide instruction on how to manage these (I suppose through a tag like Sling did: https://sonarcloud.io/organizations/apache/projects?tags=sling)

    1. Hi Herve Boutemyyes that sounds like a good way, if I find any others will let you know. Will integrate the tags suggestion into the docs above.