Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In order to be "security by design" ready, the ONAP code must be analyzed before the merge. Here are the steps to enable the Jenkins job called "{PROJECT_NAME}-sonar-verify" which will allow you run proactive SonarCloud scans for your project on every new code patch-set through Gerrit.

Requirements

  • global-jjb to >= v0.71.0

Steps

  • clone the ci-management repo
  • enter the jjb folder of the project you want to active the proactive scans (e.g. ci-management/jjb/cps/)
  • edit or create the yaml file with the JJB templates (e.g. cps.yaml)
  • add a new project section with the following configuration (update the fields based on the project name you are editing, this example is for CPS project)

    Code Block
    titlehttps://gerrit.onap.org/r/c/ci-management/+/125534
    - project:
        name: cps-sonar-verify
        java-version: openjdk11
        mvn-version: "mvn36"
        maven-version: "mvn36"
        jobs:
          - gerrit-maven-sonar-verify
        sonarcloud: true
        sonarcloud-project-organization: '{sonarcloud_project_organization}'
        sonarcloud-api-token: '{sonarcloud_api_token}'
        sonarcloud-project-key: '{sonarcloud_project_organization}_{project-name}'
        sonar-mvn-goal: '{sonar_mvn_goal}'
        build-node: centos7-docker-8c-8g
        project: 'cps'
        project-name: 'cps'
        branch: 'master'
        mvn-settings: 'cps-settings'
        mvn-goals: 'clean install'
        mvn-opts: '-Xmx1024m -XX:MaxPermSize=256m'


  • OPTIONAL: if you are ready to get more restrictive proactive scans that will block a merge if code quality issues are found, then set the field sonarcloud-qualitygate-wait to 'true'
  • save your work with git and push a change to Gerrit with git-review
  • now your project will get a new "{PROJECT_NAME}-sonar-verify" Jenkins job that will execute SonarCloud scans every time there is a new code patchset

...