WG: question about Apache Jenkins and Sonar
Von: Christofer Dutz Gesendet: Donnerstag, 12. Dezember 2019 08:49:48 An: atoiLiu Betreff: AW: question about Apache Jenkins and Sonar Hi all, In Jenkins you can log in and create a "credential" where you can put the generated token and assign a name to it. Then you reference this name in the withCredentials block. Chris Von: atoiLiu Gesendet: Donnerstag, 12. Dezember 2019 07:28:26 An: dev@iotdb.apache.org Betreff: Re: question about Apache Jenkins and Sonar Hi, Perhaps this token is not a required parameter or instead of using a personal account, how about using an account specifically created for ci? > 在 2019年12月12日,下午2:02,Xiangdong Huang 写道: > > Hi, > > The analysis repo on SounarCloud has been created [1]. > > I read the guide [2] and the example of PLC4x [3] and Sling projects. > I noticed that all of them mentioned "sonar_token", e.g., " > withCredentials([string(credentialsId: 'chris-sonarcloud-token', variable: ' > SONAR_TOKEN')]". > > I have created a token called xiangdong-iotdb-sonarcloud-token, but my > question is, don't I need to put the value of the token into the > configuration file? If I publish the token value, is that suitable? > (According to my understanding, the token should be protected as a privacy). > > (I am trying how to config can work. But if someone can give a guide, it > will be very helpful :-D ). > > [1] https://sonarcloud.io/dashboard?id=apache_incubator-iotdb > [2] https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis > [3] https://github.com/apache/plc4x/blob/develop/Jenkinsfile#L124 > > Best, > --- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > Xiangdong Huang 于2019年12月1日周日 下午1:57写道: > >> Hi, >> >> thanks Chris and Willem. >> I have created a jira ticket for applying creating a project on >> sonarcloud.io [1]. >> Before the application is complete, I disable the sonar analysis from >> jenkins temporary. >> >> [1] https://issues.apache.org/jira/browse/INFRA-19507 >> --- >> Xiangdong Huang >> School of Software, Tsinghua University >> >> 黄向东 >> 清华大学 软件学院 >> >> >> Willem Jiang 于2019年12月1日周日 上午9:39写道: >> >>> You need to some setup[1] to enable the Sonar Cloud Service for Apache >>> project. >>> >>> [1]https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis >>> >>> Willem Jiang >>> >>> Twitter: willemjiang >>> Weibo: 姜宁willem >>> >>> Willem Jiang >>> >>> Twitter: willemjiang >>> Weibo: 姜宁willem >>> >>> On Sat, Nov 30, 2019 at 10:31 PM Christofer Dutz >>> wrote: >>>> >>>> Hi Xiangdong, >>>> >>>> The ASF SonarCube instance is no longer being run. >>>> The build has to be changed to SounarCloud. >>>> >>>> Have a look at the PLC4X build (Jenkinsfile). >>>> We did the change there some time ago. >>>> >>>> Chris >>>> >>>> Am 29.11.19, 17:24 schrieb "Xiangdong Huang" : >>>> >>>>Hi, >>>> >>>>I find Apache Jenkins build failed because "SonarQube installation >>> defined >>>>in this job (ASF Sonar Analysis) does not match any configured >>>>installation. Number of installations that can be configured: 0." >>>> >>>>I checked recent commits, and find the most possible code >>> modification is >>>>that `vulnerability-checks` is moved to `apache-release` profile. >>>> >>>>So, is this task who triggers Jenkins to submit a job to SonarQube? >>>> >>>>If so, you'd better revoke your modification on the pom file, >>> @jialin Qiao. >>>> >>>>Best, >>>>-- >>>>Xiangdong Huang >>>>School of Software, Tsinghua University >>>> >>>> 黄向东 >>>>清华大学 软件学院 >>>> >>>> >>> >>
Re: question about Apache Jenkins and Sonar
Hi, Perhaps this token is not a required parameter or instead of using a personal account, how about using an account specifically created for ci? > 在 2019年12月12日,下午2:02,Xiangdong Huang 写道: > > Hi, > > The analysis repo on SounarCloud has been created [1]. > > I read the guide [2] and the example of PLC4x [3] and Sling projects. > I noticed that all of them mentioned "sonar_token", e.g., " > withCredentials([string(credentialsId: 'chris-sonarcloud-token', variable: ' > SONAR_TOKEN')]". > > I have created a token called xiangdong-iotdb-sonarcloud-token, but my > question is, don't I need to put the value of the token into the > configuration file? If I publish the token value, is that suitable? > (According to my understanding, the token should be protected as a privacy). > > (I am trying how to config can work. But if someone can give a guide, it > will be very helpful :-D ). > > [1] https://sonarcloud.io/dashboard?id=apache_incubator-iotdb > [2] https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis > [3] https://github.com/apache/plc4x/blob/develop/Jenkinsfile#L124 > > Best, > --- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > Xiangdong Huang 于2019年12月1日周日 下午1:57写道: > >> Hi, >> >> thanks Chris and Willem. >> I have created a jira ticket for applying creating a project on >> sonarcloud.io [1]. >> Before the application is complete, I disable the sonar analysis from >> jenkins temporary. >> >> [1] https://issues.apache.org/jira/browse/INFRA-19507 >> --- >> Xiangdong Huang >> School of Software, Tsinghua University >> >> 黄向东 >> 清华大学 软件学院 >> >> >> Willem Jiang 于2019年12月1日周日 上午9:39写道: >> >>> You need to some setup[1] to enable the Sonar Cloud Service for Apache >>> project. >>> >>> [1]https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis >>> >>> Willem Jiang >>> >>> Twitter: willemjiang >>> Weibo: 姜宁willem >>> >>> Willem Jiang >>> >>> Twitter: willemjiang >>> Weibo: 姜宁willem >>> >>> On Sat, Nov 30, 2019 at 10:31 PM Christofer Dutz >>> wrote: Hi Xiangdong, The ASF SonarCube instance is no longer being run. The build has to be changed to SounarCloud. Have a look at the PLC4X build (Jenkinsfile). We did the change there some time ago. Chris Am 29.11.19, 17:24 schrieb "Xiangdong Huang" : Hi, I find Apache Jenkins build failed because "SonarQube installation >>> defined in this job (ASF Sonar Analysis) does not match any configured installation. Number of installations that can be configured: 0." I checked recent commits, and find the most possible code >>> modification is that `vulnerability-checks` is moved to `apache-release` profile. So, is this task who triggers Jenkins to submit a job to SonarQube? If so, you'd better revoke your modification on the pom file, >>> @jialin Qiao. Best, -- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 >>> >>
Re: question about Apache Jenkins and Sonar
Hi, The analysis repo on SounarCloud has been created [1]. I read the guide [2] and the example of PLC4x [3] and Sling projects. I noticed that all of them mentioned "sonar_token", e.g., " withCredentials([string(credentialsId: 'chris-sonarcloud-token', variable: ' SONAR_TOKEN')]". I have created a token called xiangdong-iotdb-sonarcloud-token, but my question is, don't I need to put the value of the token into the configuration file? If I publish the token value, is that suitable? (According to my understanding, the token should be protected as a privacy). (I am trying how to config can work. But if someone can give a guide, it will be very helpful :-D ). [1] https://sonarcloud.io/dashboard?id=apache_incubator-iotdb [2] https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis [3] https://github.com/apache/plc4x/blob/develop/Jenkinsfile#L124 Best, --- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 Xiangdong Huang 于2019年12月1日周日 下午1:57写道: > Hi, > > thanks Chris and Willem. > I have created a jira ticket for applying creating a project on > sonarcloud.io [1]. > Before the application is complete, I disable the sonar analysis from > jenkins temporary. > > [1] https://issues.apache.org/jira/browse/INFRA-19507 > --- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > Willem Jiang 于2019年12月1日周日 上午9:39写道: > >> You need to some setup[1] to enable the Sonar Cloud Service for Apache >> project. >> >> [1]https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis >> >> Willem Jiang >> >> Twitter: willemjiang >> Weibo: 姜宁willem >> >> Willem Jiang >> >> Twitter: willemjiang >> Weibo: 姜宁willem >> >> On Sat, Nov 30, 2019 at 10:31 PM Christofer Dutz >> wrote: >> > >> > Hi Xiangdong, >> > >> > The ASF SonarCube instance is no longer being run. >> > The build has to be changed to SounarCloud. >> > >> > Have a look at the PLC4X build (Jenkinsfile). >> > We did the change there some time ago. >> > >> > Chris >> > >> > Am 29.11.19, 17:24 schrieb "Xiangdong Huang" : >> > >> > Hi, >> > >> > I find Apache Jenkins build failed because "SonarQube installation >> defined >> > in this job (ASF Sonar Analysis) does not match any configured >> > installation. Number of installations that can be configured: 0." >> > >> > I checked recent commits, and find the most possible code >> modification is >> > that `vulnerability-checks` is moved to `apache-release` profile. >> > >> > So, is this task who triggers Jenkins to submit a job to SonarQube? >> > >> > If so, you'd better revoke your modification on the pom file, >> @jialin Qiao. >> > >> > Best, >> > -- >> > Xiangdong Huang >> > School of Software, Tsinghua University >> > >> > 黄向东 >> > 清华大学 软件学院 >> > >> > >> >
Re: question about Apache Jenkins and Sonar
Hi, thanks Chris and Willem. I have created a jira ticket for applying creating a project on sonarcloud.io [1]. Before the application is complete, I disable the sonar analysis from jenkins temporary. [1] https://issues.apache.org/jira/browse/INFRA-19507 --- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院 Willem Jiang 于2019年12月1日周日 上午9:39写道: > You need to some setup[1] to enable the Sonar Cloud Service for Apache > project. > > [1]https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis > > Willem Jiang > > Twitter: willemjiang > Weibo: 姜宁willem > > Willem Jiang > > Twitter: willemjiang > Weibo: 姜宁willem > > On Sat, Nov 30, 2019 at 10:31 PM Christofer Dutz > wrote: > > > > Hi Xiangdong, > > > > The ASF SonarCube instance is no longer being run. > > The build has to be changed to SounarCloud. > > > > Have a look at the PLC4X build (Jenkinsfile). > > We did the change there some time ago. > > > > Chris > > > > Am 29.11.19, 17:24 schrieb "Xiangdong Huang" : > > > > Hi, > > > > I find Apache Jenkins build failed because "SonarQube installation > defined > > in this job (ASF Sonar Analysis) does not match any configured > > installation. Number of installations that can be configured: 0." > > > > I checked recent commits, and find the most possible code > modification is > > that `vulnerability-checks` is moved to `apache-release` profile. > > > > So, is this task who triggers Jenkins to submit a job to SonarQube? > > > > If so, you'd better revoke your modification on the pom file, > @jialin Qiao. > > > > Best, > > -- > > Xiangdong Huang > > School of Software, Tsinghua University > > > > 黄向东 > > 清华大学 软件学院 > > > > >
Re: question about Apache Jenkins and Sonar
You need to some setup[1] to enable the Sonar Cloud Service for Apache project. [1]https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis Willem Jiang Twitter: willemjiang Weibo: 姜宁willem Willem Jiang Twitter: willemjiang Weibo: 姜宁willem On Sat, Nov 30, 2019 at 10:31 PM Christofer Dutz wrote: > > Hi Xiangdong, > > The ASF SonarCube instance is no longer being run. > The build has to be changed to SounarCloud. > > Have a look at the PLC4X build (Jenkinsfile). > We did the change there some time ago. > > Chris > > Am 29.11.19, 17:24 schrieb "Xiangdong Huang" : > > Hi, > > I find Apache Jenkins build failed because "SonarQube installation defined > in this job (ASF Sonar Analysis) does not match any configured > installation. Number of installations that can be configured: 0." > > I checked recent commits, and find the most possible code modification is > that `vulnerability-checks` is moved to `apache-release` profile. > > So, is this task who triggers Jenkins to submit a job to SonarQube? > > If so, you'd better revoke your modification on the pom file, @jialin > Qiao. > > Best, > -- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > >
Re: question about Apache Jenkins and Sonar
Hi Xiangdong, The ASF SonarCube instance is no longer being run. The build has to be changed to SounarCloud. Have a look at the PLC4X build (Jenkinsfile). We did the change there some time ago. Chris Am 29.11.19, 17:24 schrieb "Xiangdong Huang" : Hi, I find Apache Jenkins build failed because "SonarQube installation defined in this job (ASF Sonar Analysis) does not match any configured installation. Number of installations that can be configured: 0." I checked recent commits, and find the most possible code modification is that `vulnerability-checks` is moved to `apache-release` profile. So, is this task who triggers Jenkins to submit a job to SonarQube? If so, you'd better revoke your modification on the pom file, @jialin Qiao. Best, -- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院
question about Apache Jenkins and Sonar
Hi, I find Apache Jenkins build failed because "SonarQube installation defined in this job (ASF Sonar Analysis) does not match any configured installation. Number of installations that can be configured: 0." I checked recent commits, and find the most possible code modification is that `vulnerability-checks` is moved to `apache-release` profile. So, is this task who triggers Jenkins to submit a job to SonarQube? If so, you'd better revoke your modification on the pom file, @jialin Qiao. Best, -- Xiangdong Huang School of Software, Tsinghua University 黄向东 清华大学 软件学院
