Since the Gradle upgrade and the associated Sonarqube plugin upgrade,
Sonarcloud has been reporting no coverage on the project's main branch.
This is due to the Sonarqube plugin no longer executing the test task
so have no coverage report available. The relevant pipeline steps are
being altered to run the `test` task before the Sonarqube task, and have
switched to the new `sonar` name for the task, as well as removing the
compile task dependency since this is implicit from the test task and
matches the future state of Sonarqube's Gradle plugin.
Sonarqube 10 has removed legacy support for modules as well as removing
deprecated properties historically used for specifying branch targets.
Additionally, the interface for managing Sonarqube features has had a
method renamed, which makes the new version of Sonarqube binary
incompatible with the plugin. The references to Sonarqube's removed code
have been removed from the plugin, and the implementations of the
interface and Java agent that dynamically updates Sonarqube code that
also implements the interface have been updated to use the new method
name.
As the Sonarqube server binaries are now compiled against Java 17, the
build process has been bumped to JDK 17, but continues to produce Java
11 artefacts to allow scanner components to be compatible with the
ongoing Java 11 support in the scanner.
The AdoptOpenJDK has been discontinued since July 2021 (https://adoptopenjdk.net). Switching the distribution to Azul Zulu. When using Zulu you get all the latest updated (TCK Tested) builds for all versions of OpenJDK.
**Note:** Other distributions such as Temurin do not support archived fixed releases prior to Sept. 2021 and many non LTS (long term support) releases if you plan to try out newer features in the language.
Sonarqube 9.0 introduced a call from each project's DevOps configuration page to a validation endpoint for confirming that a project's ALM configuration works correctly, as well as endpoints for adding and updating Bitbucket Cloud endpoints.
As the Bitbucket Cloud endpoints conflict with the equivalent endpoints provided by the plugin, the relevant endpoints and supporting code have been removed from the plugin. An implementation for the new validation endpoint has been introduced, plus validators for everything other than Azure DevOps which requires a wider refactor so has a default 'valid' response', as well as implementation for each validator, plus a refactor to move each ALM's client into a common location shared between the decorators and validators.
The Sonarqube libraries now contains Java 11 bytecode, so the Java 8 restrictions and build settings in this project have been removed, and various method calls have been modified to make use of the Java 11 APIs, such as direct use of Charsets whilst encoding, and checking for empty optionals.
The release process has been updated to look for a commit to the gradle.properties file that removes the '-SNAPSHOT' suffix from the version number rather than being triggered off the push of a tag.
Github does not expose secrets during the execution of actions on pull requests from forked projects, so the Sonar task would always fail on external pull requests. Additionally, anyone forking the project would have had the Sonarqube step fail unless they'd specifically setup Sonarqube secrets on their fork. To overcome this, the `sonar` step is now executed based on the condition of the `SONAR_TOKEN` secret being present in the current execution environment.
Includes a fix for incorrect syntax and variable references in the Pull Request Sonar analysis block.
This change migrates from using Travis CI for performing check builds, to using Github actions for both check and release builds.
To allow this, three jobs have been introduced:
* Snapshot - performs the Gradle builds and publishes the snapshot JAR as an artifact against the check execution;
* Release - executes the release plugin in Gradle whenever a new tag is detected in Git, and creates a new draft release entry on the release page with the release artifact attached;
* Sonarqube - executes Sonarqube against any commit, submitting analysis details to Sonarcloud with the relevant branch, tag, or Pull Request details to allow Sonarcloud to decorate any findings. Note that this requires the `SONAR_TOKEN`, `SONAR_ORG_KEY`, and `SONAR_PROJECT_KEY` secrets to have been set against the repository in Github.
