Sonarqube将泄漏时间设置为除先前版本以外的特定版本 [英] Sonarqube set leak period to specific version other than previous version

问题描述

评估Sonarqube(版本5.4)，我们想使用另一个审核工具迁移当前的工作流程，方法如下:

Evaluating Sonarqube (Version 5.4), we want to migrate our current workflow
using another Audit tool, which works like that :

在生产环境中运行的当前版本是我们的参考版本.
从GIT中签出了新的开发版本，比较过程将计算新文件和修改后的文件. 参考版本，并开始审核这些文件.
遗留代码(2012年已经存在的组件)的处理方式也略有不同 新组件(2012年之后).

The current version that runs in production is our reference version.
A new development version is checked out from GIT, a diff process calculates the new and modified files vs. the reference version and starts the audit for these files.
There's also a slightly different handling of legacy code (components that already existed in 2012) and new components (after 2012).

如果出现以下情况，构建就会中断:

The build breaks if :

来自旧版组件的更改文件(这些文件已在2012年存在)中的阻止程序问题
旧文件和新组件中的新文件(2012年之后创建的文件)中的阻止程序或严重问题

Blocker issues in changed files (those files already existing in 2012) from legacy components
Blocker or critical issues in new files (files created after 2012) from legacy and new components

如何在Sonarqube中实现它?

How to implement that in Sonarqube ?

已经尝试了两件事:

Tried two things already :

1.)在开始Sonar任务=>无效之前，在Ant脚本中将属性sonar.timemachine.period1设置为生产/参考版本， 它始终是自先前版本起"

1.) Set property sonar.timemachine.period1 to the production/reference version in Ant script before starting Sonar task => didn't work, it's always 'since previous version'

2.)在Sonarqube中定义两个不同的项目，一个用于生产版本，一个用于新开发版本. 然后以编程方式使用Sonarqube Web UI更多/比较项目"中已知的功能并获得差异 阻止和严重问题.

2.) Define two different projects in Sonarqube, one for the production versions and one for the new dev versions. Then programmatically use the feature known from Sonarqube Web UI More / Compare Projects and get the diff for Blocker and Critcal issues.

问题:f.e.如果我已经解决了我的生产中已经存在的200个严重问题，那么我对严重问题不会有任何区别 参考，但在开发版本中引入了200个新问题.
比较项目"功能没有针对新问题或旧问题的度量标准，它只是计算比较项目的问题.

Problem : f.e. i'll get no diff for Critical issues if i have fixed 200 Critical issues that already existed in my production reference, but introduced 200 new issues in the development version.
The Compare Projects feature has no metric for new or old issues, it's just counting issues for the compared projects.

推荐答案

必须通过REST调用设置sonar.timemachine.period1属性(文档

The sonar.timemachine.period1 property has to be set via REST call (documentation here), before calling the Sonar task - if defined with Ant property task, it isn't transferred to Sonarqube Server. Works like that, created a macrodef for reuse :

<project xmlns:sonar="antlib:org.sonar.ant">

  <!-- Import Groovy -->
  <taskdef name="groovy" classname="org.codehaus.groovy.ant.Groovy"/>
  <!-- Import Sonar -->
  <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"/>

  <property name="sonar.language" value="java" />
  <property name="sonar.host.url" value="http://localhost:9000" />
  <property name="sonar.projectKey" value="com.whatever:foobar" />
  <property name="sonar.projectName" value="foobar" />
  <property name="sonar.projectVersion" value="v_1_2_3_xy" />
  <property name="sonar.scm.provider" value="git" />
  <property name="sonar.sources" value="src"/>
  <property name="sonar.java.binaries" value="bin"/>
  <property name="sonar.java.libraries" value=" ... " />

  <macrodef name="sonarsetproperty">
    <attribute name="host" default="${sonar.host.url}"/>
    <attribute name="property" />
    <attribute name="projectid" default="${sonar.projectKey}"/>
    <attribute name="value"/>
    <attribute name="usertoken" default="6e44ba2b9c0f47118d502fbf1d6d36fcfd5f7eb2"/>
    <attribute name="verbose" default="false"/>

    <sequential>
      <groovy>
      <![CDATA[
        println """
        ================ Sonar SetProperty ================
         SonarHost      => @{host}
         SonarProperty  => @{property}
         Value          => @{value}
        ================ Sonar SetProperty ================
        """
        s = '@{host}/api/properties?id=@{property}&value=@{value}&resource=@{projectid}'

        raw = '@{usertoken}:'
        bauth = 'Basic ' + javax.xml.bind.DatatypeConverter.printBase64Binary(raw.getBytes())
        url = new URL(s)

        HttpURLConnection conn = url.openConnection()
        conn.setRequestMethod('POST')
        conn.setRequestProperty("Authorization", bauth)
        conn.connect()

        if(conn.responseCode == 200 || conn.responseCode == 201) {
          response = conn.content.text
          if(@{verbose}) println '=== Response ===\n' + response + '\n=== Response ==='
        } else {
            ant.fail(message: "Error Connecting to ${url}, Errorcode ${conn.responseCode}")
        }
      ]]>
      </groovy>
    </sequential>
  </macrodef>

  <!-- user needs to be admin -->
  <sonarsetproperty property="sonar.timemachine.period1" value="v_1_0_0_xy"/>

  <!-- Execute Sonar -->
  <sonar:sonar />

</project>

我希望能在
中看到sonar.timemachine.period1 REST调用后，Sonarqube服务器Web UI/管理/常规设置/差异视图
，但并非如此.
注意=>不用在BasicAuth上使用username:password，只需在
http://sonarhost/account/security上创建一个用户令牌并使用usertoken:代替-表示将用户令牌作为用户ID，并使用分隔符':'和空密码.

Somehow i expected to see the sonar.timemachine.period1 in
Sonarqube Server Web UI / Administration /General Settings / Differential Views
after the REST call but that's not the case.
Note => Instead of using username:password for BasicAuth, simply create a usertoken at
http://sonarhost/account/security and use usertoken: instead - means usertoken as userid with separator ':' and a blank password.

这篇关于Sonarqube将泄漏时间设置为除先前版本以外的特定版本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！