1

Evaluating Sonarqube (Version 5.4), we want to migrate our current workflow
using another Audit tool, which works like that :

The current version that runs in production is our reference version.
A new development version is checked out from GIT, a diff process calculates the new and modified files vs. the reference version and starts the audit for these files.
There's also a slightly different handling of legacy code (components that already existed in 2012) and new components (after 2012).

The build breaks if :

Blocker issues in changed files (those files already existing in 2012) from legacy components
Blocker or critical issues in new files (files created after 2012) from legacy and new components

How to implement that in Sonarqube ?

Tried two things already :

1.) Set property sonar.timemachine.period1 to the production/reference version in Ant script before starting Sonar task => didn't work, it's always 'since previous version'

2.) Define two different projects in Sonarqube, one for the production versions and one for the new dev versions. Then programmatically use the feature known from Sonarqube Web UI More / Compare Projects and get the diff for Blocker and Critcal issues.

Problem : f.e. i'll get no diff for Critical issues if i have fixed 200 Critical issues that already existed in my production reference, but introduced 200 new issues in the development version.
The Compare Projects feature has no metric for new or old issues, it's just counting issues for the compared projects.

Rebse
  • 10,307
  • 2
  • 38
  • 66

1 Answers1

3

The sonar.timemachine.period1 property has to be set via REST call (documentation here), before calling the Sonar task - if defined with Ant property task, it isn't transferred to Sonarqube Server. Works like that, created a macrodef for reuse :

<project xmlns:sonar="antlib:org.sonar.ant">

  <!-- Import Groovy -->
  <taskdef name="groovy" classname="org.codehaus.groovy.ant.Groovy"/>
  <!-- Import Sonar -->
  <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"/>

  <property name="sonar.language" value="java" />
  <property name="sonar.host.url" value="http://localhost:9000" />
  <property name="sonar.projectKey" value="com.whatever:foobar" />
  <property name="sonar.projectName" value="foobar" />
  <property name="sonar.projectVersion" value="v_1_2_3_xy" />
  <property name="sonar.scm.provider" value="git" />
  <property name="sonar.sources" value="src"/>
  <property name="sonar.java.binaries" value="bin"/>
  <property name="sonar.java.libraries" value=" ... " />

  <macrodef name="sonarsetproperty">
    <attribute name="host" default="${sonar.host.url}"/>
    <attribute name="property" />
    <attribute name="projectid" default="${sonar.projectKey}"/>
    <attribute name="value"/>
    <attribute name="usertoken" default="6e44ba2b9c0f47118d502fbf1d6d36fcfd5f7eb2"/>
    <attribute name="verbose" default="false"/>

    <sequential>
      <groovy>
      <![CDATA[
        println """
        ================ Sonar SetProperty ================
         SonarHost      => @{host}
         SonarProperty  => @{property}
         Value          => @{value}
        ================ Sonar SetProperty ================
        """
        s = '@{host}/api/properties?id=@{property}&value=@{value}&resource=@{projectid}'

        raw = '@{usertoken}:'
        bauth = 'Basic ' + javax.xml.bind.DatatypeConverter.printBase64Binary(raw.getBytes())
        url = new URL(s)

        HttpURLConnection conn = url.openConnection()
        conn.setRequestMethod('POST')
        conn.setRequestProperty("Authorization", bauth)
        conn.connect()

        if(conn.responseCode == 200 || conn.responseCode == 201) {
          response = conn.content.text
          if(@{verbose}) println '=== Response ===\n' + response + '\n=== Response ==='
        } else {
            ant.fail(message: "Error Connecting to ${url}, Errorcode ${conn.responseCode}")
        }
      ]]>
      </groovy>
    </sequential>
  </macrodef>

  <!-- user needs to be admin -->
  <sonarsetproperty property="sonar.timemachine.period1" value="v_1_0_0_xy"/>

  <!-- Execute Sonar -->
  <sonar:sonar />

</project>

Somehow i expected to see the sonar.timemachine.period1 in
Sonarqube Server Web UI / Administration /General Settings / Differential Views
after the REST call but that's not the case.
Note => Instead of using username:password for BasicAuth, simply create a usertoken at
http://sonarhost/account/security and use usertoken: instead - means usertoken as userid with separator ':' and a blank password.

Community
  • 1
  • 1
Rebse
  • 10,307
  • 2
  • 38
  • 66