Cut to the chase : I think I need to disable SonarQube Github Plugin from the sonarqube server for specific projects if I want to do both of the following :
Publish to sonarqube server & report to github using github plugin.
It is my understanding that installing SonarQube Github Plugin on a SonarQube server forbids the whole server from storing any analysis, forever. Therefore, I need to find a way to stop using the github plugin for only specific projects. Is there a way to do that?
P.S. Backstory
My original question was Can't publish results to Sonarqube server).
However, Upon finding Why does SonarQube not show results, although the analysis succeeded?, user "Wirone" says that it doesn't show results in sonar server because Sonarqube Github plugin forces sonar.analysis.mode to be set as preview or issues, but not publish.
According to Wirone, sonarscanner doesn't send result to the server unless the mode is set as publish.
I've tried to find out the exact meaning of sonar.analysis.mode, but articles https://groups.google.com/forum/#!topic/sonarqube/JguVVO4OorE or SonarQube analysis mode: preview vs issues were not helpful at all, and I'm still confused about what mode to set if I want to see the analysis result in sonar server instead of github.
Fig.1 : The whole server is empty. This server is actually working, and it has been commenting on github for couple weeks now. However, the server itself does not store any analysis at all - it just pipelines everything to github and then forgets it without storing anything in the database itself. The reason? Fig 2.
Fig.2 : This is the reason. Github plugin prevents the sonar.analysis.mode from ever being set as publish. Without publish mode, the server can never store results in itself. I can't just uninstall this because I need the github commenting feature.
Therefore, I need a separate project to store the whole analysis, but to do that I need to disable this plugin behavior for just that specific project...
Solved : I think leaving in github credentials in SonarScanner properties was the problem. After removing all the github related information in properties, it seems to be working.
Scroll down to bottom to read the conclusion.
Git integration working config:
sonar.projectKey=${componentName}
sonar.projectVersion=0.1
sonar.sourceEncoding=UTF-8
sonar.analysis.mode=issues
sonar.profile=My_Analysis_Profile
sonar.github.repository=${repository}
sonar.github.endpoint=https://customossendpoint/api/v3
sonar.github.login=someusername
sonar.github.oauth=somehashkey123
sonar.login=id
sonar.password=pass
sonar.github.pullRequest=${pr}
sonar.host.url=http://sonarserver:19000
sonar.issuesReport.console.enable=true
sonar.github.disableInlineComments=false
sonar.sources=.
sonar.exclusions=
sonar.java.binaries=**/target/classes
Tried to make it publish to server but analysis couldn't start due to "Doesn't support sonar.analysis.mode=publish" error message:
sonar.projectKey=${componentName}
sonar.projectVersion=0.1
sonar.sourceEncoding=UTF-8
sonar.analysis.mode=publish
sonar.profile=My_Analysis_Profile
sonar.github.repository=${repository}
sonar.github.endpoint=https://customossendpoint/api/v3
sonar.github.login=someusername
sonar.github.oauth=somehashkey123
sonar.login=id
sonar.password=pass
sonar.github.pullRequest=${pr}
sonar.host.url=http://sonarserver:19000
sonar.issuesReport.console.enable=true
sonar.github.disableInlineComments=false
sonar.sources=.
sonar.exclusions=
sonar.java.binaries=**/target/classes
Rolling back to "issues" mode because nobody knew what the mode's purpose even was, and tried to make it stop publishing to github by erasing github related options (it didn't send to github, but now it didn't send to server either):
sonar.projectKey=${componentName}
sonar.projectVersion=0.1
sonar.sourceEncoding=UTF-8
sonar.analysis.mode=issues
sonar.profile=My_Analysis_Profile
sonar.login=id
sonar.password=pass
sonar.host.url=http://sonarserver:19000
sonar.issuesReport.console.enable=false
sonar.sources=.
sonar.exclusions=
sonar.java.binaries=**/target/classes
Finally figured out the answer:
sonar.projectKey=${componentName}
sonar.projectName=${componentName}
sonar.projectVersion=0.1
sonar.sourceEncoding=UTF-8
sonar.analysis.mode=publish
sonar.profile=My_Analysis_Profile
sonar.login=id
sonar.password=pass
sonar.host.url=http://sonarserver:19000
sonar.issuesReport.console.enable=false
sonar.sources=.
sonar.exclusions=
sonar.java.binaries=**/target/classes
Conclusion: sonar.analysis.mode is very confusing. issues and preview seem to be almost identical; it doesn't store results in the server, and it's just a pipeline either by showing on console when running sonarrunner manually, or by pipelining it to sonarqube github plugin to post as a comment.
When sonarqube github plugin is active, it prohibits any mode other than issues and preview. In order to post it to the server, it needs to be set as publish. To do that, we need to make sure the github plugin isn't used. We can "disable" the plugin project-wise simply by omitting any github related properties(ie. sonar.github.login).
Related
I recently downloaded the SonarQube demo from Devops official page. I used it a little bit and kind of left it there for a week.
No changes were made but when I came back today for showing how the sonarQube pipeline integration works, build fails.
From the logs, I see the following error
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project myshuttle: Not authorized. Please check the properties sonar.login and sonar.password
From there I tried adding username and password at the Prepare analysis for sonar Qube stage om advanced options (which was not necessary before) but the build keeps failing.
I think sonarQube was updated recently and the problem may be there. Issue is still weird because im following word by word the steps on setting up a sonarQube scan.
Any idea on what could be going on?
You may need to update your sonarQube service connection.
You can go to your Project settings and click the Service Connections under Pipelines.
Select your sonarqube connection and click update service connection under Actions, Recopy your SonarQube Token and click Ok. Please refer to below screenshot.
I want to use a specific sonar profile with analysis mode preview for generating comments that go into our github pull requests.
The default quality profile for the project includes minor and info level rules which will cause hundreds of extra comments (and literally thousands of github notification emails). So it has to be a quality profile specific to this purpose.
Running the build like this:
mvn sonar:sonar -Dsonar.profile.java=PRComments -Dsonar.analysis.mode=preview
Fails with the following error:
sonar.profile was set to 'PRComments' but didn't match any profile for any language.
The PRComments quality profile exists and works perfectly if I don't specify the preview mode. And yes I know that -Dsonar.profile is deprecated and it makes me sad too.
For info I'm using the sonarqube github plugin http://docs.sonarqube.org/display/PLUG/GitHub+Plugin to push the comments into github - but the failure above appears even if I don't use this plugin. Unfortunately the github plugin doesn't seem to have an option to skip adding comments for violations below a configurable severity level.
Is this possible or do I have to give up?
I am trying to run SonarQube using Sonar runner in local dev box for pre-commit check. We have a central SonarQube server where a analysis is done every day and published to the dashboard. When we are running on local dev box everytime the the issue report contains all the issues as new hence incremental data is not available. I have also tried both incremental and preview mode but the result is some.
Please find below the version of the tools used.And also configuration files. Please let me know if some other data is required.
SonarQube version : 5.1
Sonar Runner version : 2.4
sonar-runner.properties
sonar.host.url=http://[central sonar server]:9000/
sonar.issuesReport.html.enable=true
sonar.login=admin
sonar.password=admin
sonar-project.properties
sonar.projectKey=myProj:myProj-master
sonar.projectName=MASTER_PROJECT
sonar.projectVersion=21.0
sonar.sources=./src
sonar.binaries=./bin/
sonar.issuesReport.html.enable=true
sonar.exclusions=com/**/test/*.java
sonar.skipPackageDesign=true
sonar.profile=SonarWay
sonar.preview.excludePlugins=devcockpit,buildstability,pdfreport,report,buildbreaker,views,jira,issueassign,scmstats
Command Used :
c:\sonar-runner-dist-2.4\sonar-runner-2.4\bin\sonar-runner -e -Dsonar.analysis.mode=preview -Dsonar.issuesReport.console.enable=true -Dsonar.issuesReport.html.enable=true
Updated with additional properties tried as well. in sonar-runner.properties
I believe your problem is tied directly to your use of a local server.
The purpose of preview analysis is to allow you to compare your local changes with what's on the remote SonarQube server. Since your remote server is update every night, running your preview against it will show you the issues you've introduced that day. Instead, you're running against a local instance which gets updated with a full analysis... never? Which (if true) would be why all your issues show up as new.
To execute a preview analysis against your remote server, you will need both the global Execute Preview Analysis permission and the project-level Browse permission for the project in question.
If for some reason you're unable to get those permissions (which is possibly why you're running a local SonarQube server?) Then you'll want to do the same full checkout and analysis locally every night that's being done for the official, remote server. I.e. you'll probably have to set up a second, parallel architecture. In short, it's probably easier in the long run to nag to get the appropriate permissions on the remote server.
Issue is resolved . 2 things fixed the issue.
Creating a user with the required permissions.
Installing "Issues Report" plugin
We have upgarded sonar server 3.5.1. In order to use sonar I have upgraded my local eclipse to Juno(4.2) and sonar plugin to 3.1. Sonar server is able to exclude some packages usign sonar.excustions key and does not show violations for those packages. But when I run report for sonar local analysis I see even though I added sonar.exclusions from local properties it does show violations for exluded files. How i can resolve this issue.
Thanks in advance.
Sapana.
There's currently a limitation on Sonar side (see http://jira.codehaus.org/browse/SONAR-4265) that prevents modules to retrieve all their related settings when analyzed independently from their root project.
Feel free to watch and vote for the ticket.
We are trying to install a CI Platform with (Jenkins,sonar,eclipse ...).
So that every developer can make analysis on his code before commit, I'm wondering between two alternatives :
running local analysis with the sonar plugin.
install the different plugins that sonar use (findbug,pmd,checkstyle ...) and configure them to meet the sonar configuration.
I'm not sure which alternative to use? I used to work with findbugs,pmd, checkstyle in eclipse and they look great.
Can you tell me which is the best alternative?
Thanks in advance.
Regards.
With Sonar plugin you can manage the violations like:
Create a review
Mark a violations as false positive or fixed
View the hot classes and hot violations
View yours reviews
If you use separate plugins you have to go sonar web to do that.
The great advance of sonar is the reviews.
Other question is how many projects you have and will have. I currently work with more than 70 projects and many profiles. Is more simple to me run analysis with one plugin, because I need just add the server and find the project. With other plugin you need add the link for each project in each plugin configuration.
Why not install the Sonar Eclipse plugin?
This was designed to solve the following problems:
Sonar does not support parallel analysis of the same project. This issue rules out the option of each developer running Sonar locally. (See SONAR-2761, SONAR-3306)
You don't really want developers uploading metrics and source code into the Sonar database. They could be working on an uncommitted workspace and would therefore cause both inaccuracies and confusion if Sonar is being used for code review.
Sonar is really designed to be run from a continuous integration server (like Jenkins), building code that has been submitted onto a shared codestream (or branch)
The big advantages of using the Eclipse plugin are:
True local analysis, no updates of the Sonar database
Configuration of the other tools is retrieved from the Sonar server and jars automatically downloaded.
Centralized management of Sonar quality profiles