SonarCloud JenkinsCI organisation?

26 views
Skip to first unread message

Radek Antoniuk

unread,
Feb 1, 2020, 9:10:37 AM2/1/20
to Jenkins Developers
Hey,

I'm trying to hook jira-plugin into SonarCloud, but when I'm trying to create jenkins or jenkinsci organisation, it shows me that the organisation already exists.
Additionally, apparently I need organisation admin permissions on github.com/jenkinsci organisation to be able to link it automatically.

Anyone knows if we have already the organisation on SonarCloud?

Oleg Nenashev

unread,
Feb 1, 2020, 5:46:59 PM2/1/20
to Jenkins Developers
Looks like the project IDs are already used for jenkins: https://sonarcloud.io/dashboard?id=jenkins
"jenkinsci" is a registered organization, I believe. We have 3 repos with enabled SonarCloud app:

sonarcloud.PNG

Additionally, apparently I need organisation admin permissions on github.com/jenkinsci organisation to be able to link it automatically.

I am not sure it is something we want. If we add organization, all 2000+ Jenkins GitHub org members will be added to SonarCloud/
Not sure we would ever want to do so, and definitely it will require a long discussion.

If someone is interested, I manually created an org manually for now: https://sonarcloud.io/organizations/jenkinsci/
I can add anyone who is interested in evaluation. Mark and Stefan were definitely talking about it at the contributor summit yesterday...

Oleg Nenashev

unread,
Feb 1, 2020, 5:55:53 PM2/1/20
to Jenkins Developers
Hi all, 

UPD: it looks like we cannot really add projects to SonarCloud without linking the entire organization there.
Not going to happen without explicit approval by the security team and the governance meeting.

I suggest other alternate options:
  • Use personal forks for analysis. It nukes all benefits from pull requests integration
  • Contact SonarCloud support to allow adding new projects without linking the entire organization
  • Use alternate services which have a less greedy requirements
BR, Oleg

Radosław Antoniuk

unread,
Feb 2, 2020, 6:26:37 AM2/2/20
to jenkin...@googlegroups.com
Hi Oleg,

Thanks for picking this up. Yes, I totally agree that the requirement for the organisation admin to link to specific repository won't work in the Jenkins OSS forking approach. 
I already asked the same question in the help forum and let's see where it goes from there: https://community.sonarsource.com/t/unable-to-create-organisation-account-with-github/19322/3
The problem with personal forks is that I wanted to have this in the Pull Request process which won't work unless every "forker" will configure it for them.
I'll give it a try to configure this manually via maven plugin and variable token though, but not sure if I can get the PR comments automatically in this way.

Cheers,
Radek


--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/aBdbOyKU2B8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/372fd43b-a809-4393-8b21-8f0f9858b8bd%40googlegroups.com.

Oleg Nenashev

unread,
Feb 2, 2020, 6:59:08 AM2/2/20
to JenkinsCI Developers
Thanks for raising this in their community forum! I often meet with SonarSource engineers and PMs at meetups in Switzerland, and I will make sure to bring up this topic with them

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWgqb8NCi4rxufgqc435cAOrhCAegmXwBWkoTp1rYRnudA%40mail.gmail.com.

Oliver Gondža

unread,
Feb 2, 2020, 7:35:48 AM2/2/20
to jenkin...@googlegroups.com
I am not sure what specific kind of integration are you guys looking
for, but I managed to get sonar publishing to work a while ago[1][2].

- There is no requirement to have a centralized "jenkins" sonarcloud org
nor having it connected to "jenkinsci" github org to have projects in
that org validated.

- It does work for master and branches, but cannot work for pull
requests AFAIK. The problem there is travis is injecting the credentials
(so results can be published), but it does not inject that in case the
code comes from out of given repo for security reasons.

[1]
https://github.com/jenkinsci/ws-cleanup-plugin/commit/c7553f470723c4ec0749b49f944ba97cb4a3e230#diff-354f30a63fb0907d4ad57269548329e3
[2] https://sonarcloud.io/dashboard?id=jenkins_ws-cleanup-plugin
> * Use personal forks for analysis. It nukes all benefits from
> pull requests integration
> * Contact SonarCloud support to allow adding new projects
> without linking the entire organization
> * Use alternate services which have a less greedy requirements
>
> BR, Oleg
>
>
> On Saturday, February 1, 2020 at 11:46:59 PM UTC+1, Oleg
> Nenashev wrote:
>
> Looks like the project IDs are already used for jenkins:
> https://sonarcloud.io/dashboard?id=jenkins
> "jenkinsci" is a registered organization, I believe. We have
> 3 repos with enabled SonarCloud app:
>
> sonarcloud.PNG
>
> Additionally, apparently I need organisation admin
> permissions on github.com/jenkinsci
> <http://github.com/jenkinsci> organisation to be able to
> link it automatically.
>
>
> I am not sure it is something we want. If we add
> organization, all 2000+ Jenkins GitHub org members will be
> added to SonarCloud/
> Not sure we would ever want to do so, and definitely it will
> require a long discussion.
>
> If someone is interested, I manually created an org manually
> for now: https://sonarcloud.io/organizations/jenkinsci/
> I can add anyone who is interested in evaluation. Mark and
> Stefan were definitely talking about it at the contributor
> summit yesterday...
>
>
>
> On Saturday, February 1, 2020 at 3:10:37 PM UTC+1, Radek
> Antoniuk wrote:
>
> Hey,
>
> I'm trying to hook jira-plugin into SonarCloud, but when
> I'm trying to create jenkins or jenkinsci organisation,
> it shows me that the organisation already exists.
> Additionally, apparently I need organisation admin
> permissions on github.com/jenkinsci
> <http://github.com/jenkinsci> organisation to be able to
> link it automatically.
>
> Anyone knows if we have already the organisation on
> SonarCloud?
>
> --
> You received this message because you are subscribed to a topic
> in the Google Groups "Jenkins Developers" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-dev/aBdbOyKU2B8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email
> to jenkinsci-de...@googlegroups.com
> <mailto:jenkinsci-de...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/372fd43b-a809-4393-8b21-8f0f9858b8bd%40googlegroups.com
> <https://groups.google.com/d/msgid/jenkinsci-dev/372fd43b-a809-4393-8b21-8f0f9858b8bd%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "Jenkins Developers" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-dev/aBdbOyKU2B8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> jenkinsci-de...@googlegroups.com
> <mailto:jenkinsci-de...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWgqb8NCi4rxufgqc435cAOrhCAegmXwBWkoTp1rYRnudA%40mail.gmail.com
> <https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWgqb8NCi4rxufgqc435cAOrhCAegmXwBWkoTp1rYRnudA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jenkinsci-de...@googlegroups.com
> <mailto:jenkinsci-de...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLDGGgwNU5PnGwEinGRd5Jj%2BEv0x64pX0DBheOhArzCj8g%40mail.gmail.com
> <https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLDGGgwNU5PnGwEinGRd5Jj%2BEv0x64pX0DBheOhArzCj8g%40mail.gmail.com?utm_medium=email&utm_source=footer>.


--
oliver

Radosław Antoniuk

unread,
Feb 11, 2020, 7:04:53 AM2/11/20
to jenkin...@googlegroups.com
Hi all, 

For future reference, I made it work with my personal organisation on SC, here are the relevant changes:
https://github.com/jenkinsci/jira-plugin/commit/56cbe1d54eacfed207a7c6bfa04ce56cccfd604c

Thanks for help guys.

Cheers,
Radek

Mark Waite

unread,
Feb 11, 2020, 7:24:56 AM2/11/20
to jenkinsci-dev
I would like to know how to publish a better set of metrics to SonarCloud from the jobs that I run on ci.jenkins.io.  If that isn't feasible, then I'd like to know how to publish a better set of metrics from jobs that I run on my own CI servers.  I think that I can probably extract the techniques from the examples that Radoslaw and Oliver provided.

Eventually, I'd like to have one or more Jenkins developer online meetups for tools and services that can help open source authors create better code.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPe2pWh_A7QEwiMLsJJjURatAPDEsa_DOcJ8%2BCsANEK5Pg-SZg%40mail.gmail.com.

Radosław Antoniuk

unread,
Feb 11, 2020, 7:55:20 AM2/11/20
to jenkin...@googlegroups.com
Hi Mark,

What kind of metrics are you looking for? Are you talking about code quality metrics? from what components? 
Yes, you should be able to re-use it simply from our repositories. If you are talking about visualising non-code-quality metrics, then probably Grafana would be a better choice.

For the Jenkins developers meetups, I'm definitely for it and would help. I think that should be a generic "Productivity" meetup and the other thread about moving from JIRA to GH issues could also be part of this? (i'm now experimenting with export/import of those for jira-plugin)

-- 
Cheers, 
Radek

Mark Waite

unread,
Feb 11, 2020, 7:31:56 PM2/11/20
to jenkinsci-dev
I'm looking to track progress in areas like:
  • code coverage by automated tests
  • spotbugs warnings
  • style checker warnings like checkstyle and pmd
  • security check results
  • dependency check results
I want something that persists longer than jobs in a Jenkins instance and allows exploration of long term trends.

For commit and pull request related measurements, I've been exploring https://jenkins.devstats.cd.foundation/ to see what might be learned from that data.  Is that the type of data you were suggesting is probably better managed in Grafana?

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.

Oleg Nenashev

unread,
Feb 24, 2020, 7:32:09 AM2/24/20
to Jenkins Developers
To follow-up on the original topics, I have approved all SonarCloud GitHub app requests by plugin maintainers. If it addresses the use-case, no need to setup the official organization for the moment. 

Custom project setups are going to be a mess in the case of plugin adoption, because we won't be able to manage the permission transfer requests on SonarCloud. Probably not a big deal, because SonarCloud projects can be recreated by new maintainers if needed I prefer to kick this can down the road.

BR, Oleg

On Wednesday, February 12, 2020 at 1:31:56 AM UTC+1, Mark Waite wrote:
I'm looking to track progress in areas like:
  • code coverage by automated tests
  • spotbugs warnings
  • style checker warnings like checkstyle and pmd
  • security check results
  • dependency check results
I want something that persists longer than jobs in a Jenkins instance and allows exploration of long term trends.

For commit and pull request related measurements, I've been exploring https://jenkins.devstats.cd.foundation/ to see what might be learned from that data.  Is that the type of data you were suggesting is probably better managed in Grafana?

Mark Waite

On Tue, Feb 11, 2020 at 5:55 AM Radosław Antoniuk <radek....@gmail.com> wrote:
Hi Mark,

What kind of metrics are you looking for? Are you talking about code quality metrics? from what components? 
Yes, you should be able to re-use it simply from our repositories. If you are talking about visualising non-code-quality metrics, then probably Grafana would be a better choice.

For the Jenkins developers meetups, I'm definitely for it and would help. I think that should be a generic "Productivity" meetup and the other thread about moving from JIRA to GH issues could also be part of this? (i'm now experimenting with export/import of those for jira-plugin)

-- 
Cheers, 
Radek

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkin...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages