SONARQUBE SUPPORT WILL END FEB-20

Please make sure there are no components left in SonarQube

Please implement SonarCloud coverage drop fix explained below

Timeline of events


To prevent dependency issues, this migration is planned to happen in 2 stages. 

Stage 1 will use hardcoded sonar goals to the needed plugin version to avoid waiting on dependencies from where this can be inherited.

Stage 2 will be a cleanup stage and work towards fixing the plugin in the dependencies like oparent and slowly migrate teams to it while removing hardcoded sonar goals.

STAGE 1

  1. RELENG → Will add the needed changes in ci-management for each project and run a test in the sandbox
  2. RELENG → will post the restults of the sandbox test in the 3rd column below.
    • This is not reflecting if the Sonar report actually pass or failed a quality gate. Instead, this result is the outcome of running the Sandbox job using the changes in ci-management.
  3. TECHTEAM → Review the results and comments posted by Releng in column 4. PTLs will be mentioned explicitly to notify them that the next action is on their team.
  4. TECHTEAM&RELENG → Will work on any additional comments/questions/issues from column 4 and 5.


SONAR COVERAGE DROP TO 0%

Sonar Cloud made an update on the jacoco plugin where they dropped support for .exec file format. We need to use .xml instead. 

Please look for more information in https://community.sonarsource.com/t/sonar-coverage-dropping-to-0-for-some-projects/18521/2

Some teams like APPC have upgraded their reports and coverage was restored for them. Please follow their examples: https://gerrit.onap.org/r/#/c/appc/parent/+/100156/https://gerrit.onap.org/r/#/c/appc/+/100155/


Also, OPARENT has been updated with the fix too https://gerrit.onap.org/r/#/c/oparent/+/100168/ included in 3.0.0-SNAPSHOT 


TaskAdd SonarCloud variables in project's yaml files Sandbox test of my change (DO NOT CONFUSE WITH SONAR REPORT RESULT) Review resultsComment on progress
ResponsibleRelEngRelengPTL
Estimated Duration5 min 15 min to 1 hr depending10 min per report
AAFhttps://gerrit.onap.org/r/#/c/ci-management/+/98542/PASS

Jonathan Gathman Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Need to fix 0% coverage:

https://sonarcloud.io/dashboard?id=onap_aaf-cadi-fproxy

https://sonarcloud.io/dashboard?id=onap_aaf-cadi-rproxy

AAIhttps://gerrit.onap.org/r/c/ci-management/+/98544PASS

James Forsyth Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed

Need to fix 0% coverage

Update 19 Feb 2020: Issues have been fixed. AAI repos all passing in sonarcloud

APPChttps://gerrit.onap.org/r/c/ci-management/+/98545PASS

Takamune Cho  This is marked as "PASS" becuase the build actually produced the same result as what we had in SonarQube, but I know we still are facing coverage issues. Shall we merge this change to move to SonarCloud and continue our investigation there?

Jessica Wagantall I +1 already. we still have to work with the issue. I have posted my last comment on IT-17899. Please take a look. thx

Coverage drop still low, we are taking our investigation to SonarCloud but the migration is completed

Issue has been fixed. back to 80%

CCSDKhttps://gerrit.onap.org/r/c/ci-management/+/98546PASS

Dan Timoney Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed

Dan Timoney CCSDK repos now all show coverage >= 55%.

CLAMPhttps://gerrit.onap.org/r/#/c/ci-management/+/98543/PASSall looks ok.Tested and working with JDK11
CLIhttps://gerrit.onap.org/r/c/ci-management/+/98547PASS

user-67d6f Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

completed with coverage 61 % (25 Feb 2020)

https://sonarcloud.io/organizations/onap/projects/?search=cli


DCAEhttps://gerrit.onap.org/r/c/ci-management/+/98548PASS

2/13 - All component migration completed and 0% coverage issue resolved

Demohttps://gerrit.onap.org/r/#/c/ci-management/+/98549/PASS

Morgan Richomme Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok


DMAAPhttps://gerrit.onap.org/r/#/c/ci-management/+/98550/PASS

Mandar Sawant Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Need to fix 0% coverage (Almost done)

3/18 - Done

ExtAPIhttps://gerrit.onap.org/r/#/c/ci-management/+/98551/fail

Adrian OSullivan , the Sonar jobs have been failing since before the migration. Can we please address them? -->

Completed
Holmeshttps://gerrit.onap.org/r/#/c/ci-management/+/98552/PASS

Guangrong Fu Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Need to fix 0% coverage:

https://sonarcloud.io/dashboard?id=onap_holmes-common

https://sonarcloud.io/dashboard?id=onap_holmes-engine-management

https://sonarcloud.io/dashboard?id=onap_holmes-rule-management

Integration


No Sonar jobs to migrate
Logginghttps://gerrit.onap.org/r/#/c/ci-management/+/98554/PASS

Prudence Au Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Need to fix 0% coverage:

https://sonarcloud.io/dashboard?id=onap_logging-analytics

Modelinghttps://gerrit.onap.org/r/#/c/ci-management/+/98553/PASS

Hui Deng  Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed

Completed


MSBhttps://gerrit.onap.org/r/#/c/ci-management/+/98555/PASS

Huabing Zhao Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed

Completed

MultiCloudhttps://gerrit.onap.org/r/#/c/ci-management/+/98556/PASS

Completed

Done
Musichttps://gerrit.onap.org/r/#/c/ci-management/+/98557/Pass

Bharath Balasubramanian Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed


OOFhttps://gerrit.onap.org/r/#/c/optf/cmso/+/104333/1 fail, seems like a sandbox npm environment

Completed

Need to fix 0% coverage:

https://sonarcloud.io/dashboard?id=onap_optf-fgps

https://sonarcloud.io/dashboard?id=onap_optf-cmso

https://sonarcloud.io/dashboard?id=onap_optf-has

OOM


No Sonar jobs to migrate
O-parent


No Sonar jobs to migrate
Policyhttps://gerrit.onap.org/r/#/c/ci-management/+/98559/PASSDONECOMPLETED
Portalhttps://gerrit.onap.org/r/#/c/ci-management/+/98560/PASS

Manoop Talasila Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

COMPLETED
Portal SDKhttps://gerrit.onap.org/r/#/c/ci-management/+/98568/PASS

Manoop Talasila Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

'npm install' failed which also fails 
in SonarQube job. Not a migration issue.
SDChttps://gerrit.onap.org/r/#/c/ci-management/+/98561/PASS

Ofir Sonsino Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed


SDNChttps://gerrit.onap.org/r/#/c/ci-management/+/98562/PASS

Dan Timoney Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed
SOhttps://gerrit.onap.org/r/#/c/ci-management/+/98563/PASS

Seshu Kumar Mudiganti Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

https://sonarcloud.io/dashboard?id=onap_so


Completed

UUIhttps://gerrit.onap.org/r/#/c/ci-management/+/98564/PASS

xu ran Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed
VFChttps://gerrit.onap.org/r/#/c/ci-management/+/98565/PASS

Yan Yang Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed

Completed
VIDhttps://gerrit.onap.org/r/#/c/ci-management/+/98566/PASS

Tech team to compare reports:

SonarQube: https://sonar.onap.org/dashboard?id=org.onap.vid%3Avid-parent

SonarCloud: https://sonarcloud.io/dashboard?id=onap_vid

Completed

VNFSDK

https://gerrit.onap.org/r/#/c/ci-management/+/98567/PASS

Weitao Gao  Gerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

COMPLETED

https://sonarcloud.io/organizations/onap/projects?search=vnfsdk

VVPhttps://gerrit.onap.org/r/#/c/ci-management/+/98569/PASSGerrit ready, SonarCloud results pushed and waiting on committers to +1 my change if all looks ok

Completed

Need to fix 0% coverage

Fixed https://sonarcloud.io/dashboard?id=onap_vvp-validation-scripts

For python projects, see https://gerrit.onap.org/r/c/vvp/validation-scripts/+/101356 for an example.

STAGE 2

  1. Update oparent to upgrade the sonar plugin and Jacoco configuration to the latest plugin required by SonarCloud: https://sonarcloud.io/documentation/analysis/scan/sonarscanner-for-maven/
  2. Make an oparent release wit this change
  3. Migrate teams to the new oparent while also removing the hardcoded goals in their sonar ci-management changes from the above table

SonarCloud migration notes


Ready to migrate? Things to consider and challenges faced with the currently migrated teams

    • Teams will still be using the same Jenkins jobs
    • SonarCloud is based on SonarQube 8.0 with +- some feature and plugin differences
    • SonarQube will stay around for some time, but eventually will be deprecated (mid next year)
    • Warnings in Quality Gates are no longer applicable in SonarCloud
    • Teams using the "org.sonarsource.scanner.maven" plugin, might face issues during the migration since this plugin calls SonarQube directly in older versions.

Testing the migration

The reports will now be posted under: https://sonarcloud.io/organizations/onap/projects

Jenkins jobs do not change.


  • No labels

14 Comments

  1. Pamela Dragosh

    Jessica Wagantall and Brian Freeman : integration oparent doesn't have sonar jobs, but it is a place where it defines JaCoCo settings.  Do those need to be updated?

    1. Jessica Wagantall

      Thanks for noticing and for the reviews Pamela Dragosh, yes.. oparent is using sonar-maven-plugin which calls libraries from SonarQube and we need to remove it. 

      That is the reason why most of my tests are failing in the sandbox since it is inheriting. 

      I believe we need to do something like Taka did here https://gerrit.onap.org/r/#/c/appc/+/98197/4/pom.xml

      Can anyone tell me if the same code applied in Oparent? I noticed Taka configured this plugin in two places too .. 

      1. Pamela Dragosh

        Yes - we override the oparent definition in our repositories because we need to aggregate the reports. Why is Taka not aggregating his reports? That could be why his % is low. We aggregate and that gets our coverage up. In other words, if code is used by one sub-module for testing then it will get counted vs just relying on an individual JUnit to cover the whole class.

        1. Jessica Wagantall

          Thanks for pointing it out! Takamune Cho, Can we please define your reports for Sonar? 

          We still haven't been able to test APPC in SonarCloud since we are waiting for CCSDK-parent to remove their sonar-maven-plugin too, but maybe a similar reason is making APPC coverage drop in SonarQube?


          Pamela Dragosh Brian Freeman If we fix oparent't pom.xml, it should not break dependnecies since they are pointing to a specific released version for Oparent right?

          Will the right process be:

          • Migrate oparent to SonarCloud
          • Make an oparent release
          • Migrate teams to use the new Oparent release


          I understand this will cause some downtime for Sonar reports to be not produced meanwhile the migration is going, but at least we can still do it per component right?


          By the sounds of it, it also seems that teams need to make more detailed configuration for their individual jacoco plugin. 

          1. Pamela Dragosh

            Probably just need to update the SNAPSHOT for both elalto and master branch.

            Teams can point to the SNAPSHOT.

            Once we have multiple teams ported over and tested, then go ahead and release the oparent (at least from el alto branch, the master branch is in flux due to Java 11 upgrade).

            1. Jessica Wagantall

              Thanks Pamela Dragosh my biggest concern of using a Snapshot is what we normally face with the short life of Snapshots which might cause

              some issues if the migration takes longer than few days. 

              I think we can make the release of Oparent from elalto and, as we planned before, migrate component by component. That way we save some steps 

              compare to migrating to the Snapshot and then re-migrate to the release version. 

              But if you want we can talk about it in the TSC and get more opinions. 

              Another concern is what you mentioned about aggregating the reports. I am not sure how to do that but I would definitely will need your help

              explaining to the teams what to do if you don't mind.  


              1. Pamela Dragosh

                I don't worry about SNAPSHOTs disappearing when we are full on in development. As a last resort, just do a re-merge.


                All I'm saying is use the next few weeks to settle the oparent down and ensure it works with a good set of projects before bothering with a release. IMO its a moving target right now.

  2. Takamune Cho

    Please find comment on IT-17899 for more details. We got 60+ sonar java exceptions when sonarqube is trying to render the coverage report, over 2600 test cases are still successful during java verify build jenkins job. We do not use oparent, so I can't comment on oparent.  Jessica Wagantall and I will try to migrate to sonar cloud to see if we can restore the test coverage back to 80%.

    1. Jessica Wagantall

      Takamune Cho  thanks!  In APPC's case, I had contacted Dan Timoney for help because we need CCSDK migrated first. I think they are depending on Oparent, is it?

  3. Ram Krishna Verma

    Login to new dashboard (https://sonarcloud.io/organizations/onap/projects) has no options for LF user/password. Do we need to create separate credentials for it?

    1. Pamela Dragosh

      Jessica Wagantall  - this would be good to have. Previously I was able to login and create a list of favorites so I could easily keep track of the policy repositories.

  4. Jessica Wagantall

    I believe I forgot to mentioned here. The login needs to be done with your GithubID and matching pass

  5. Seshu Kumar Mudiganti

    Jessica Wagantall :

     Could you please help me understand what needs to be done or the 0% coverage fix.

  6. Henrik Andersson

    I found this page with a very handy command to run Sonar from the command line: ExtAPI Developer guide#Sonar. Unfortunately it has not been updated with the new URL for SonarCloud instead of SonarQube. I have tried by just replacing the URL with the new one, https://sonarcloud.io/organizations/onap/projects, but I get an error:

    [ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar (default-cli) on project a1-policy-management-service: Unable to execute SonarQube: Fail to parse entry in bootstrap index: <!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta http-equiv="x-ua-compatible" content="ie=edge"/><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/><style data-href="/styles.527f8da3001da95b4467.css">@import url(https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900);@import url(https://fonts.googleapis.com/css?family=Fira+Code:300,400,500);*,:after,:before{margin:0;paddin...

    It would be relly nice if someone could also update this page to the new SonarCloud useage.