There are two ways (that I know of) to add these credentials to the Travis
configuration without including them as plain text. I take it that you've
already generated a token from the sonar cloud interface. For both
approaches, you'll need to add this to the .travis.yml file:
addons:
sonarcloud:
organization: (I think this would be "apache")
One option is to create an encrypted version of the token. Documentation is
here:
https://docs.travis-ci.com/user/environment-variables/#defining-encrypted-variables-in-travisyml
For this, there is a ruby gem called `travis`. Once installed ($ gem
install travis), you can run
$ travis encrypt <the-sonar-token>
The output of that command is the secure token, which would go here:
addons:
sonarcloud:
token:
secure: <token-goes-here>
The second approach involves adjusting the settings in the Travis-CI web
interface: https://travis-ci.org/apache/incubator-tamaya/settings
Under the "Environment Variables" section, you'd need to add an entry with
the Name set to SONAR_TOKEN and the Value set to the value of the token
from Sonarcloud. Make sure that "Display value in build log" is set to
"false".
I tend to like the second option because it means you can rotate tokens
without having to adjust the code. Also, as a side note, the `travis
encrypt` command makes use of the repository's name to generate the secure
token, so after Tamaya graduates and the repository changes from
`incubator-tamaya` to just `tamaya`, that secure token (if that's the path
you choose) would need to be regenerated.
Best,
Aaron
On Sun, Apr 21, 2019 at 8:19 PM Anatole Tresch <atsti...@gmail.com> wrote:
> sounds great!
>
> P. Ottlinger <pottlin...@apache.org> schrieb am So., 21. Apr. 2019, 23:13:
>
> > Hi guys,
> >
> > I'm working on a Sonarcloud-integration of Tamaya
> > via TAMAYA-277.
> >
> > Any new code smells result in red builds.
> >
> > At the moment only manual uploads are possible as I'm waiting for a hint
> > from INFRA on how to configure credentials properly (don't want to put
> > them in .travis.yml and am unsure if they are correct in ASF-Jenkins).
> >
> > Sorry for all the mailspam ;) -
> > happy easter,
> >
> > Phil
> >
> >
>
