________________________________ Von: Christofer Dutz <[email protected]> Gesendet: Donnerstag, 12. Dezember 2019 08:49:48 An: atoiLiu <[email protected]> Betreff: AW: question about Apache Jenkins and Sonar
Hi all, In Jenkins you can log in and create a "credential" where you can put the generated token and assign a name to it. Then you reference this name in the withCredentials block. Chris ________________________________ Von: atoiLiu <[email protected]> Gesendet: Donnerstag, 12. Dezember 2019 07:28:26 An: [email protected] <[email protected]> Betreff: Re: question about Apache Jenkins and Sonar Hi, Perhaps this token is not a required parameter or instead of using a personal account, how about using an account specifically created for ci? > 在 2019年12月12日,下午2:02,Xiangdong Huang <[email protected]> 写道: > > Hi, > > The analysis repo on SounarCloud has been created [1]. > > I read the guide [2] and the example of PLC4x [3] and Sling projects. > I noticed that all of them mentioned "sonar_token", e.g., " > withCredentials([string(credentialsId: 'chris-sonarcloud-token', variable: ' > SONAR_TOKEN')]". > > I have created a token called xiangdong-iotdb-sonarcloud-token, but my > question is, don't I need to put the value of the token into the > configuration file? If I publish the token value, is that suitable? > (According to my understanding, the token should be protected as a privacy). > > (I am trying how to config can work. But if someone can give a guide, it > will be very helpful :-D ). > > [1] https://sonarcloud.io/dashboard?id=apache_incubator-iotdb > [2] https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis > [3] https://github.com/apache/plc4x/blob/develop/Jenkinsfile#L124 > > Best, > ----------------------------------- > Xiangdong Huang > School of Software, Tsinghua University > > 黄向东 > 清华大学 软件学院 > > > Xiangdong Huang <[email protected]> 于2019年12月1日周日 下午1:57写道: > >> Hi, >> >> thanks Chris and Willem. >> I have created a jira ticket for applying creating a project on >> sonarcloud.io [1]. >> Before the application is complete, I disable the sonar analysis from >> jenkins temporary. >> >> [1] https://issues.apache.org/jira/browse/INFRA-19507 >> ----------------------------------- >> Xiangdong Huang >> School of Software, Tsinghua University >> >> 黄向东 >> 清华大学 软件学院 >> >> >> Willem Jiang <[email protected]> 于2019年12月1日周日 上午9:39写道: >> >>> You need to some setup[1] to enable the Sonar Cloud Service for Apache >>> project. >>> >>> [1]https://cwiki.apache.org/confluence/display/INFRA/SonarQube+Analysis >>> >>> Willem Jiang >>> >>> Twitter: willemjiang >>> Weibo: 姜宁willem >>> >>> Willem Jiang >>> >>> Twitter: willemjiang >>> Weibo: 姜宁willem >>> >>> On Sat, Nov 30, 2019 at 10:31 PM Christofer Dutz >>> <[email protected]> wrote: >>>> >>>> Hi Xiangdong, >>>> >>>> The ASF SonarCube instance is no longer being run. >>>> The build has to be changed to SounarCloud. >>>> >>>> Have a look at the PLC4X build (Jenkinsfile). >>>> We did the change there some time ago. >>>> >>>> Chris >>>> >>>> Am 29.11.19, 17:24 schrieb "Xiangdong Huang" <[email protected]>: >>>> >>>> Hi, >>>> >>>> I find Apache Jenkins build failed because "SonarQube installation >>> defined >>>> in this job (ASF Sonar Analysis) does not match any configured >>>> installation. Number of installations that can be configured: 0." >>>> >>>> I checked recent commits, and find the most possible code >>> modification is >>>> that `vulnerability-checks` is moved to `apache-release` profile. >>>> >>>> So, is this task who triggers Jenkins to submit a job to SonarQube? >>>> >>>> If so, you'd better revoke your modification on the pom file, >>> @jialin Qiao. >>>> >>>> Best, >>>> ---------------------------------- >>>> Xiangdong Huang >>>> School of Software, Tsinghua University >>>> >>>> 黄向东 >>>> 清华大学 软件学院 >>>> >>>> >>> >>
