Enabling Jenkins job sonar-verify

In order to be "security by design" ready, the ONAP code must be analyzed before the merge. Here are the steps to enable the Jenkins job called "{PROJECT_NAME}-sonar-verify" which will allow you run proactive SonarCloud scans for your project on every new code patch-set through Gerrit.

Requirements

• global-jjb >= v0.71.0

Steps

• clone the ci-management repo: https://gerrit.onap.org/r/admin/repos/ci-management
• enter the jjb folder of your project (e.g. ci-management/jjb/cps/)
• edit or create the yaml file with the JJB templates (e.g. cps.yaml)

• add a new project section with the following configuration (update the fields based on the project name you are editing, this example is for CPS project)

  https://gerrit.onap.org/r/c/ci-management/+/125534

  - project:
      name: cps-sonar-verify
      java-version: openjdk11
      mvn-version: "mvn36"
      maven-version: "mvn36"
      jobs:
        - gerrit-maven-sonar-verify
      sonarcloud: true
      sonarcloud-project-organization: '{sonarcloud_project_organization}'
      sonarcloud-api-token: '{sonarcloud_api_token}'
      sonarcloud-project-key: '{sonarcloud_project_organization}_{project-name}'
      sonar-mvn-goal: '{sonar_mvn_goal}'
      build-node: centos7-docker-8c-8g
      project: 'cps'
      project-name: 'cps'
      branch: 'master'
      mvn-settings: 'cps-settings'
      mvn-goals: 'clean install'
      mvn-opts: '-Xmx1024m -XX:MaxPermSize=256m'

• OPTIONAL (Quality Gate result can block the merge):
  • if you are ready to get more restrictive proactive scans that will block a merge if code quality issues are found, then set the field sonarcloud-qualitygate-wait to 'true'

  • example: https://gerrit.onap.org/r/c/ci-management/+/126562

         sonarcloud-project-organization: '{sonarcloud_project_organization}'
         sonarcloud-api-token: '{sonarcloud_api_token}'
         sonarcloud-project-key: '{sonarcloud_project_organization}_{project-name}'
    +    sonarcloud-qualitygate-wait: true
         sonar-mvn-goal: '{sonar_mvn_goal}'
         build-node: centos7-docker-8c-8g
         project: 'cps'

• save your work with git and push a change to Gerrit with git-review
• now your project will get a new "{PROJECT_NAME}-sonar-verify" Jenkins job that will execute SonarCloud scans every time there is a new code patchset