Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

In order to be "security by design" ready, the ONAP code must be analyzed before the merge. Here are the steps to enable the Jenkins job called "maven-sonar-verify" which allow us to run proactive SonarCloud scans:

Requirements

  • global-jjb to v0.71.0

Steps

  • clone the ci-management repo
  • enter the jjb folder of the project you want to active the proactive scans (e.g. ci-management/jjb/cps/)
  • edit or create the yaml file with the JJB templates (e.g. cps.yaml)
  • add a new project section with the following configuration (update the fields based on the project name you are editing, this example is for CPS project)

    - project:
        name: cps-sonar-verify
        java-version: openjdk11
        mvn-version: "mvn36"
        maven-version: "mvn36"
        jobs:
          - gerrit-maven-sonar-verify
        sonarcloud: true
        sonarcloud-project-organization: '{sonarcloud_project_organization}'
        sonarcloud-api-token: '{sonarcloud_api_token}'
        sonarcloud-project-key: '{sonarcloud_project_organization}_{project-name}'
        sonar-mvn-goal: '{sonar_mvn_goal}'
        build-node: centos7-docker-8c-8g
        project: 'cps'
        project-name: 'cps'
        branch: 'master'
        mvn-settings: 'cps-settings'
        mvn-goals: 'clean install'
        mvn-opts: '-Xmx1024m -XX:MaxPermSize=256m'
  • OPTIONAL: if you are ready to get more restrictive proactive scans that will block a merge if code quality issues are found, then set the field sonarcloud-qualitygate-wait to 'true'
  • save your work with git and push a change to Gerrit with git-review
  • now your project will get a new "{PROJECT_NAME}-sonar-verify" Jenkins job that will execute SonarCloud scans every time there is a new code patchset



  • No labels