--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/gxEnxGiXikw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/bf760d2a-fcdd-43b1-9cc5-650782df91a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
Fabrice BELLINGARD | SonarSource SonarQube Platform Product Manager http://sonarsource.com |
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/590abfd0-1d5b-4951-a2b3-4972ba42c734%40googlegroups.com.
what is the status of this problem? Anything still being done for it?We have hundreds of projects that get a new branch each time we prepare a new release, and we are starting to ramp up our release cycle. Each domain/departement decides for itself what quality profile to use. All our Sonar jobs in Jenkins are automatically created using the jobdsl Jenkins plugin.But one person has to manually change the quality profile for each project now, this is almost becoming a fulltime job.
Regex won't even be a solution because there is nothing to match on between our domains, there is no prefix or something.I read there is now support in the REST api to attach a qp to a new project but that would mean we have to start scripting to create the new projects beforehand, nullifying the advantage of automatic project creation in Sonar.
There was a great solution for this: sonar.profile, but that is deprecated now for reasons many users do not agree with.
On Wednesday, 15 July 2015 10:51:01 UTC+2, Julien HENRY wrote:Hi guys,If your only concern is branches, then my feeling is that when a branch is created (ie first analysis with a new value of sonar.branch) then all settings from baseline should be copied. Not only QP/QG association but also all project/module settings. The only issue here is to identify the "baseline"...My 2 cents,Julien
Le vendredi 3 juillet 2015 13:24:20 UTC+2, Jan S a écrit :Hi Fabrice,
thanks for your reply. I'm glad you joined the discussion.
I agree that QG association is not necessarily linked to department structure. But going through the manual process, what does an administrator do? - They look at the project name (~ part of the project key) to first of all identify the correct project. Or even a bunch of projects which are just branches of a certain module. The next step is to (bulk?) change QG association if that project has reached such maturity level (including its branches). But for any new (future) branch of the current maturity level I might want to apply this QG as well. So IMO a regexp would do just the same, but in an automated way for all the times when there are no QG association changes and for new branches of the current maturity level. I think the project key should always have a certain part identifying the module/component/service it accounts for, because otherwise there would be collisions of project keys: I'm imagining some modules developed in only one department and the project key containing department-related information only. That way, how would I make a difference between branches of module A and branches of module B if not by a certain naming scheme regarding the project key?
(Are we talking about something like com.department:moduleA-branchA vs. com.department.moduleA:branchA? Or am I thinking too much Java/Maven specific at this point?)
The case of profiles seems similar to me: If I assign a profile manually, I basically have to identify the right project (i.e. read the key + project name). So I'm actually deciding which QP to apply on the basis of the project key. Anyhow I agree with your concerns if we are talking about branches of a certain project, which use the same or a similar key in Sonar: I might want to override the automated (regexp-based) association here depending on what I'm doing in this branch.
To me it feels like regexp-based association would be some kind of "advanced default" for QGs/QPs. Just wondering if this is an advantage that compensates for the development effort of such a feature, because the new quality profile web service somewhat solves this issue. Though, this mechanism seems to drag automated QG and QP association away from Sonar UI towards the CI platform triggering & configuring the analyses.
Best regards,
Jan
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/0342bc14-1296-44a3-aedf-446d45e74d3c%40googlegroups.com.
> > we dropped it because anyone who has commit access to the code could change themOur site has started using SonarQube (5.3). We integrate with Stash and Jenkins. Every repository in Stash is configured to start a build upon a new push. We currently have 1,152 projects in SonarQube representing individual Stash repositories and all the branches waiting on Pull Requests. We want consistent code analysis across all projects, and we have defined a very limited set of quality profiles for use by our teams. But more importantly, we have defined a specific profile that is used by release management to assess new release candidates. This specific profile has a very limited set of rules to allow the release manager to easily identify issues that we have deemed will prevent a release. So our teams build with a complete profile (Sonar way) and the release manager uses a more refined profile.
The only way to allow for such use is to specify the sonar.profile on the command line. If this feature is actually dropped, we have no effective way of allowing release managers to focus on the specific issues they care about.Rather than drop the feature, it would be better (for us) if the feature could be restricted to specific user accounts.If there is a better way to accomplish this, I would love to hear it.
Fabrice BELLINGARD | SonarSource SonarQube & SonarLint Product Manager http://sonarsource.com |
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/2da2cea6-ab92-4805-a97f-7e5b6542f883%40googlegroups.com.
Hi everyone,
thank you for all your comments and contributions. I'd like to sum up the discussion so far.
I feel that these two points sum up the dicussion pretty well:
a) There are supporters out there for this feature.
b) "Creating a new project in SonarQube is not something that should happen everyday" (as stated by Fabrice)
I'd like to challenge point b) though: Suppose a team develops new features using branches. A reasonable decision would be the GitFlow branching model - because of its vast tool support. As a developer I press buttons to start and finish features and in between I can concentrate on development.
A new branch (e.g. a new feature) in my SCM equals a new project in SonarQube, using sonar.branch analysis parameter. Why? Because I'd like to see code quality measures on my branch and I'd like to see issues before merging back on the development line.
And this is where
automated QP assignment in SonarQube could kick in: On a central SonarQube
instance hosting a bunch of products (e.g. facilitaed by SonarSource Views
plugin) there is no easy way of provisioning this branch.
Which alternatives are there?
1.) Give developers the "provision project" permission and make them copy and paste group id, artifact id etc. for there branch. Which doesn't sound too convenient.
2.) Have a script within the CI platform doing the provisioning against SonarQube REST API. This approach would work but also doesn't feel too convenient.
3.) Use SonarLint in my IDE - which is convenient, but not comprehensive as PMD, Findbugs and Checkstyle rules are missing.
4.) Have SonarQube decide on a wildcard on the project's group id decide on the QP. <- Still my favorite...
Maybe we just have different approaches of SonarQube integration in mind. That's why I'm looking forward to discussing this with some of you in Frankfurt tomorrow at SonarSource City Tour.
Best regards,
Jan
3.) Use SonarLint in my IDE - which is convenient, but not comprehensive as PMD, Findbugs and Checkstyle rules are missing.
Hi everyone,
thank you for all your comments and contributions. I'd like to sum up the discussion so far.
I feel that these two points sum up the dicussion pretty well:
a) There are supporters out there for this feature.
b) "Creating a new project in SonarQube is not something that should happen everyday" (as stated by Fabrice)
I'd like to challenge point b) though: Suppose a team develops new features using branches. A reasonable decision would be the GitFlow branching model - because of its vast tool support. As a developer I press buttons to start and finish features and in between I can concentrate on development.
A new branch (e.g. a new feature) in my SCM equals a new project in SonarQube, using sonar.branch analysis parameter. Why? Because I'd like to see code quality measures on my branch and I'd like to see issues before merging back on the development line.
And this is where automated QP assignment in SonarQube could kick in: On a central SonarQube instance hosting a bunch of products (e.g. facilitaed by SonarSource Views plugin) there is no easy way of provisioning this branch.
Which alternatives are there?
1.) Give developers the "provision project" permission and make them copy and paste group id, artifact id etc. for there branch. Which doesn't sound too convenient.
2.) Have a script within the CI platform doing the provisioning against SonarQube REST API. This approach would work but also doesn't feel too convenient.
3.) Use SonarLint in my IDE - which is convenient, but not comprehensive as PMD, Findbugs and Checkstyle rules are missing.
4.) Have SonarQube decide on a wildcard on the project's group id decide on the QP. <- Still my favorite...
Maybe we just have different approaches of SonarQube integration in mind. That's why I'm looking forward to discussing this with some of you in Frankfurt tomorrow at SonarSource City Tour.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/05b8c421-2d5f-4b4c-84df-6f00daba86c2%40googlegroups.com.
sonar.branch
" property) all settings (quality profiles, quality gates, false positive filters) from the main (sonar.branch =
trunk, master, develop, or empty) project are copied over. Not having this gives us a lot extra work plus it is a blocker to mark false positives through the SQ UI.-Dsonar.analysis.mode=preview
with SQ 5.3) on the CI server and use the Jenkins Sonar Gerrit plugin to push the found issues as comments to the Gerrit Changes. The result will never hit the SQ server and will not be in the Database, which matches what we want here - there is no need to store this short living result in the SQ Database but in whatever review tool is used.Fabrice BELLINGARD | SonarSource SonarQube & SonarLint Product Manager http://sonarsource.com |
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/199eb7e3-a7a8-4cb1-b1a8-ec35e28289a7%40googlegroups.com.
Fabrice BELLINGARD | SonarSource SonarQube & SonarLint Product Manager http://sonarsource.com |
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/aa634414-06ef-431d-8d93-4b5232df2b19%40googlegroups.com.