声纳:声纳如何工作? [英] How does sonar:sonar work?

问题描述

我们想在我们的项目中将SonarQube与某些CI工具一起使用.在主要的 pom.xml 中配置了Sonar Server的URL.

We want to use SonarQube with some CI tool in our project. Sonar Server url is configured in main pom.xml.

该项目中有几个团队成员.因此，当一个团队成员使用其本地更改在本地执行 sonar:sonar ，然后另一个团队成员使用其本地更改执行 sonar:sonar ，然后有人执行时会发生什么> CI工具中的> sonar:sonar (已配置为分析Git存储库中的源代码)?

There are several team memebers in the project. So what happen when one team member executes sonar:sonar locally with his local changes, then another team member executes sonar:sonar with his local changes, and then someone executes sonar:sonar from CI tool (it is configured to analyse source code in Git repository)?

SonarQube是否会显示与团队成员本地更改相关的问题?如果团队成员的本地源代码和Git存储库中的源代码之间存在差异怎么办?

Will SonarQube display issues related team members local changes? What if there are differences between team members local source code and source code in Git repository?

推荐答案

sonar:sonar执行分析并将结果发送到服务器-假定您使用具有适当特权的帐户的令牌运行该分析.

sonar:sonar executes analysis and sends the results to the server - assuming you're running it with the token of an account that has the appropriate privileges.

开发人员不应在本地运行这种类型的分析以检查其更改.相反，他们应该使用 SonarLint 甚至可能是

Developers should not be running this type of analysis locally to check their changes. Instead, they should be using SonarLint and perhaps pull request analysis (depending on your infrastructure).

(:拉取请求分析已被弃用，并由功能更全面的分支分析($).)

( Pull request analysis has been deprecated and replaced by a fuller-featured Branch analysis($).)

稍微扩展一下为什么开发人员不应该在本地使用sonar:sonar的原因:它以最后一次获胜的方式更新中央服务器.因此，如果您在提交之前已经编辑了A.java并在本地对其进行了分析，并且我已经将A.java重命名为B.java并进行了类似的预提交本地分析... SonarQube服务器上可以看到什么?取决于最后保存/分析的人.

To expand a little on why developers shouldn't be using sonar:sonar locally: it updates the central server in a last-saved-wins manner. So if you've edited A.java and analyzed it locally before commit, and I've renamed A.java to B.java and done a similar pre-commit local analysis... what's visible on the SonarQube server? Depends on who saved/analyzed last.

相反，sonar:sonar应该仅从CI工具在已对整个团队可见的已签入代码上运行.

Instead, sonar:sonar should be run only from your CI tool on the checked-in code that's already visible to the whole team.

这篇关于声纳:声纳如何工作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！