Versions Compared

Old Version 2

changes.mady.by.user Kevin Sandi

Saved on

compared with

New Version Current

changes.mady.by.user Kevin Sandi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In order to be "security by design" ready, the ONAP code must be analyzed before the merge. Here are the steps to enable the Jenkins job called "maven{PROJECT_NAME}-sonar-verify" which will allow us to you run proactive SonarCloud scans :for your project on every new code patch-set through Gerrit.

Requirements

  • global-jjb to >= v0.71.0

Steps

  • clone the ci-management repo: https://gerrit.onap.org/r/admin/repos/ci-management
  • enter the jjb folder of the project you want to active the proactive scans your project (e.g. ci-management/jjb/cps/)
  • edit or create the yaml file with the JJB templates (e.g. cps.yaml)

  • add a new project section with the following configuration (update the fields based on the project name you are editing, this example is for CPS project)

    Code Block
    titlehttps://gerrit.onap.org/r/c/ci-management/+/125534
    - project:
    name: cps-sonar-verify
    java-version: openjdk11
    mvn-version: "mvn36"
    maven-version: "mvn36"
    jobs:
      - gerrit-maven-sonar-verify
    sonarcloud: true
    sonarcloud-project-organization: '{sonarcloud_project_organization}'
    sonarcloud-api-token: '{sonarcloud_api_token}'
    sonarcloud-project-key: '{sonarcloud_project_organization}_{project-name}'
    sonar-mvn-goal: '{sonar_mvn_goal}'
    build-node: centos7-docker-8c-8g
    project: 'cps'
    project-name: 'cps'
    branch: 'master'
    mvn-settings: 'cps-settings'
    mvn-goals: 'clean install'
    mvn-opts: '-Xmx1024m -XX:MaxPermSize=256m'


  • OPTIONAL (Quality Gate result can block the merge):
    • if you are ready to get more restrictive proactive scans that will block a merge if code quality issues are found, then set the field sonarcloud-qualitygate-wait to 'true'

    • example: https://gerrit.onap.org/r/c/ci-management/+/126562

       

      Code Block
           sonarcloud-project-organization: '{sonarcloud_project_organization}'
     sonarcloud-api-token: '{sonarcloud_api_token}'
     sonarcloud-project-key: '{sonarcloud_project_organization}_{project-name}'
+    sonarcloud-qualitygate-wait: true
     sonar-mvn-goal: '{sonar_mvn_goal}'
     build-node: centos7-docker-8c-8g
     project: 'cps'


  • save your work with git and push a change to Gerrit with git-review
  • now your project will get a new "{PROJECT_NAME}-sonar-verify" Jenkins job that will execute SonarCloud scans every time there is a new code patchset

...