Konubinix' opinionated web of thoughts

Sonar Try to Have a Nice Activity Line

Fleeting

In case you want to have a nice activity in sonar in a project, like clk.

sonar play analysis in the past

For instance guess that you want to run the scans of all the tags. In case you follow the same definition of projectVersion as I do, you might want to reach everycommit just before a tag and scan it. It will be the last analysis of the given version. You will also want to scan the commit of the tag, making it the first analysis of the version. I recommend using to ensure an appropriate analysis history.

Unfortunately, because the projectDate only accepts dates and not hours, I cannot scan the commit prior to the tag and the commit under the tag, because they generally are the same day. The most valuable one, to me, is the last commit of each version, hence I drop the scan of the tag itself.

You might also want to perform an empty analysis at the beginning of the history as a reference point, but that would likely just result in showing a pike (with all the technical debt) at the beginning of the history.

You first have to reset your project and start a brand new one. Then export the appropriate environment variables.

export SONAR_HOST_URL=https://sonarcloud.io ; export SONAR_TOKEN=<youtoken>

TMP="$(mktemp -d)"
trap "rm -rf '${TMP}'" 0

cp sonar-project.properties /tmp

pushd "${TMP}" > /dev/null
{
    cp /tmp/sonar-project.properties ./
    # in clk, just before the first commit, got with git log --format=%cs|sort | head -1
    sonar-scanner -Dsonar.projectDate=2018-04-04
}
popd > /dev/null

scanit ( ) {
    local commitish="$1"
    git checkout .
    git checkout "${commitish}"
    git clean -fd
    cp /tmp/sonar-project.properties ./
    sonar-scanner -Dsonar.projectVersion="$(git tag --sort=creatordate --merged|grep '^v'|tail -1)" -Dsonar.projectDate="$(git log -1 --format=%cs)"
}

git tag | sort -V | while read tag
do
    scanit "${tag}~"
    # scanit "${tag}"
done

scanit main

delete some wrong analysis

Trials and errors may lead to create scans that you don’t want to keep.

For instance, in clk, I did a few attempts at tagging the version v0.38.2, due to the deploy setup needing some cleanup.

Fortunately, we can play with the data using the api documented in

https://sonarcloud.io/web_api/.

Let’s find the broken analysis.

http --session sonar https://sonarcloud.io/api/project_analyses/search?project=clk-project_clk | jq -r '.analyses[]|select(.projectVersion == "v0.38.2").key'

"AZbJU92cgVWxl7eY5kr3"
"AZbJIjCzk1ZnIU9qV-16"

I can delete them with.

http --session sonar POST "https://sonarcloud.io/api/project_analyses/delete?analysis=AZbJIjCzk1ZnIU9qV-16"

temporarily change the baseline

Because sonar new code definition is not adapted to the pragmatic git workflow, when submitting a bug fix, the quality gate may be broken and I may need to hack it a bit.

Find the basis I want to use.

http --session sonar https://sonarcloud.io/api/project_analyses/search?project=clk-project_clk | jq -r '.analyses[]|select(.projectVersion == "v0.38.2").key'

AZbJU92cgVWxl7eY5kr3

http --session sonar POST 'https://sonarcloud.io/api/project_analyses/set_baseline?analysis=AZbJU92cgVWxl7eY5kr3&project=clk-project_clk'

{}

Revert this using

http --session sonar POST 'https://sonarcloud.io/api/project_analyses/unset_baseline?project=clk-project_clk'