Sonarqube 将泄漏期设置为以前版本以外的特定版本 [英] Sonarqube set leak period to specific version other than previous version

问题描述

在评估 Sonarqube(5.4 版)时，我们希望
使用另一个审计工具迁移我们当前的工作流程，其工作方式如下:

Evaluating Sonarqube (Version 5.4), we want to migrate our current workflow
using another Audit tool, which works like that :

在生产中运行的当前版本是我们的参考版本.
从 GIT 检出一个新的开发版本，一个 diff 过程计算新的和修改的文件 vs.参考版本并开始审核这些文件.
对遗留代码(2012 年已经存在的组件)的处理也略有不同，新组件(2012 年之后).

The current version that runs in production is our reference version.
A new development version is checked out from GIT, a diff process calculates the new and modified files vs. the reference version and starts the audit for these files.
There's also a slightly different handling of legacy code (components that already existed in 2012) and new components (after 2012).

构建中断，如果:

来自旧组件的更改文件(2012 年已经存在的文件)中的阻止程序问题
来自旧组件和新组件的新文件(2012 年之后创建的文件)中的阻止程序或严重问题

Blocker issues in changed files (those files already existing in 2012) from legacy components
Blocker or critical issues in new files (files created after 2012) from legacy and new components

如何在 Sonarqube 中实现?

How to implement that in Sonarqube ?

已经尝试了两件事:

Tried two things already :

1.) 在启动 Sonar 任务之前，在 Ant 脚本中将属性 sonar.timemachine.period1 设置为生产/参考版本 => 不起作用，它总是从以前的版本开始"

1.) Set property sonar.timemachine.period1 to the production/reference version in Ant script before starting Sonar task => didn't work, it's always 'since previous version'

2.) 在 Sonarqube 中定义两个不同的项目，一个用于生产版本，一个用于新的开发版本.然后以编程方式使用 Sonarqube Web UI More/Compare Projects 中已知的功能并获取差异阻止程序和关键问题.

2.) Define two different projects in Sonarqube, one for the production versions and one for the new dev versions. Then programmatically use the feature known from Sonarqube Web UI More / Compare Projects and get the diff for Blocker and Critcal issues.

问题:f.e.如果我修复了生产中已经存在的 200 个关键问题，我将不会在关键问题上获得任何差异参考，但在开发版本中引入了 200 个新问题.
比较项目功能没有衡量新旧问题的指标，它只是计算比较项目的问题.

Problem : f.e. i'll get no diff for Critical issues if i have fixed 200 Critical issues that already existed in my production reference, but introduced 200 new issues in the development version.
The Compare Projects feature has no metric for new or old issues, it's just counting issues for the compared projects.

推荐答案

sonar.timemachine.period1 属性必须通过 REST 调用设置(文档 此处)，在调用 Sonar 任务之前 - 如果使用 Ant 属性任务定义，则不会传输到 Sonarqube Server.像这样工作，创建了一个可重用的宏定义:

The sonar.timemachine.period1 property has to be set via REST call (documentation here), before calling the Sonar task - if defined with Ant property task, it isn't transferred to Sonarqube Server. Works like that, created a macrodef for reuse :

<project xmlns:sonar="antlib:org.sonar.ant">

  <!-- Import Groovy -->
  <taskdef name="groovy" classname="org.codehaus.groovy.ant.Groovy"/>
  <!-- Import Sonar -->
  <taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml"/>

  <property name="sonar.language" value="java" />
  <property name="sonar.host.url" value="http://localhost:9000" />
  <property name="sonar.projectKey" value="com.whatever:foobar" />
  <property name="sonar.projectName" value="foobar" />
  <property name="sonar.projectVersion" value="v_1_2_3_xy" />
  <property name="sonar.scm.provider" value="git" />
  <property name="sonar.sources" value="src"/>
  <property name="sonar.java.binaries" value="bin"/>
  <property name="sonar.java.libraries" value=" ... " />

  <macrodef name="sonarsetproperty">
    <attribute name="host" default="${sonar.host.url}"/>
    <attribute name="property" />
    <attribute name="projectid" default="${sonar.projectKey}"/>
    <attribute name="value"/>
    <attribute name="usertoken" default="6e44ba2b9c0f47118d502fbf1d6d36fcfd5f7eb2"/>
    <attribute name="verbose" default="false"/>

    <sequential>
      <groovy>
      <![CDATA[
        println """
        ================ Sonar SetProperty ================
         SonarHost      => @{host}
         SonarProperty  => @{property}
         Value          => @{value}
        ================ Sonar SetProperty ================
        """
        s = '@{host}/api/properties?id=@{property}&value=@{value}&resource=@{projectid}'

        raw = '@{usertoken}:'
        bauth = 'Basic ' + javax.xml.bind.DatatypeConverter.printBase64Binary(raw.getBytes())
        url = new URL(s)

        HttpURLConnection conn = url.openConnection()
        conn.setRequestMethod('POST')
        conn.setRequestProperty("Authorization", bauth)
        conn.connect()

        if(conn.responseCode == 200 || conn.responseCode == 201) {
          response = conn.content.text
          if(@{verbose}) println '=== Response ===\n' + response + '\n=== Response ==='
        } else {
            ant.fail(message: "Error Connecting to ${url}, Errorcode ${conn.responseCode}")
        }
      ]]>
      </groovy>
    </sequential>
  </macrodef>

  <!-- user needs to be admin -->
  <sonarsetproperty property="sonar.timemachine.period1" value="v_1_0_0_xy"/>

  <!-- Execute Sonar -->
  <sonar:sonar />

</project>

不知何故，我希望在
中看到 sonar.timemachine.period1REST 调用后的 Sonarqube 服务器 Web UI/管理/常规设置/差异视图
，但事实并非如此.
注意 =>无需为 BasicAuth 使用 username:password，只需在
http://sonarhost/account/security 创建一个用户令牌并使用用户令牌: 相反 - 表示 usertoken 作为用户 ID，带有分隔符:"和空白密码.

Somehow i expected to see the sonar.timemachine.period1 in
Sonarqube Server Web UI / Administration /General Settings / Differential Views
after the REST call but that's not the case.
Note => Instead of using username:password for BasicAuth, simply create a usertoken at
http://sonarhost/account/security and use usertoken: instead - means usertoken as userid with separator ':' and a blank password.

这篇关于Sonarqube 将泄漏期设置为以前版本以外的特定版本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！