Updates to the latest Sonarqube minor version, including changes
to the Github decorator to handle changes in the JTW library method
signatures inherited from Sonarqube core, and test only changes to
the Class Loader code built into Sonarqube.
The Github decorator was not checking the project key listed against a summary
comment so was minimising all summary comments when performing multiple
decorations against a mono-repository. To overcome this, the contents of the
summary comments are being retrieved and only the ones with a project key
matching the current project are being minimised during decoration.
Some email clients block the loading of SVG images,
resulting in the summary reports not displaying
cleanly. PNG equivalents of those images has been
generated and the report generation switched to use
them. The old SVG images have been retained to
ensure that existing reports continue to render
where possible.
Any version from before the last LTS version have been removed since we
typically only fix for the next release and backport to the LTS release
rather than fixing any issues in all available releases.
The constants in `CeTaskCharacteristicsDto` have been moved into a new
class `CeTaskCharacteristics`, so the references in the plugin have
been updated.
When the release plugin was upgraded, the configuration was not altered
to set a pre-release task needing executed, so no plugin JAR was being
created as part of the release step. The `assemble` task is now being
set to ensure the JAR exists in the relevant output directory for
dependent steps to pick up.
(cherry picked from commit 4aba3e1584f53b3c77a2b5a519cfe9d27fd8e76f)
The scanner currently skips validation of a target branch if a Pull
Request is used to create a new project, so the resulting project fails
to load in front-end due to the Pull Request API treating the data on
that pull request as invalid. This is being overcome by validating that
a target branch exists for all Pull Request submissions and rejecting
the scan submission if the target branch is not found in Sonarqube.
Additionally, there's a delay between a Pull Request being recorded in
the database by the server component as a result of the call from the
scanner, and the Compute Engine recording the Pull Request details
(source, target, title etc.) against the branch. During this time the
Pull Request treats that Pull Request as invalid and throws an error,
meaning the project cannot be loaded through the UI, or the Pull
Requests listed through the API. As the Pull Request response fields
filled from the Pull Request data are not mandatory, those fields are
now only being completed if the Pull Request data is set on the branch
DTO rather than throwing an exception if the data isn't set.
Since the Gradle upgrade and the associated Sonarqube plugin upgrade,
Sonarcloud has been reporting no coverage on the project's main branch.
This is due to the Sonarqube plugin no longer executing the test task
so have no coverage report available. The relevant pipeline steps are
being altered to run the `test` task before the Sonarqube task, and have
switched to the new `sonar` name for the task, as well as removing the
compile task dependency since this is implicit from the test task and
matches the future state of Sonarqube's Gradle plugin.
The project contains LGPL headings in all the source files and is
intended to be licensed as an LGPL project, but contains a GPL license
file in the project root. As contributors have been committing with LGPL
headers this switch is being made without any wider changes across the
project.
The `checkProjectPermission` on Sonarqube's UserSession has been
replaced with `hasEntityPermission`, and the `mainBranchProjectUuid`
has been dropped from ComponentDTO, which has required a fix to set the
right UUID as the project UUID for the branch. Additionally, the
`MoreCollectors` map/identity collectors have been dropped from
Sonarqube core, so their references have been replaced with equivalent
`toMap` collectors from the JRE.
The Sonar logger has been deprecated in favour of SLF4J's Logger and
LoggerFactory, so the references have been replaced throughout the
plugin, and log lines updated to use formats and conditional execution.
Includes fixes to make Pi Test work in the Gradle build.
Wiremock has relocated from `com.github.tomakehurst` to `org.wiremock`
so the Gradle reference has been updated, and the version bumped to the
latest release of this artefact.
Sonarqube 10.1 includes classes compiled with a Java 17 target, so the
plugin fails to compile in the container build that uses Java 11. The
build container is therefore being bumped to Java 17, and the
environment file configured to pin to Sonarqube 10.1 to allow repeated
builds.
