Source code: https://github.com/SonarSource/sonarqube/
Bug database: https://jira.sonarsource.com/browse/ -- then go to for example Issues and then Major
Contribution notes: https://github.com/SonarSource/sonar-developer-toolset#code-style
Mailing list: https://groups.google.com/forum/#!forum/sonarqube
Build project:
./build.sh
Run Sonar:
./start.sh
Listens on port 9000.
# verify listening port in Linux
netstat -ntl
# verify listening port in OSX
netstat -na -p tcp | grep -i listen
Connect to MySQL database:
-
Install MySQL, minimum version 5.6.
CREATE DATABASE sonar;GRANT ALL ON sonar.* TO 'sonarqube'@'%' IDENTIFIED BY '...'; -
Edit
sonar-application/src/main/assembly/conf/sonar.propertiesand rebuild. Shortcut: copy to./sonar-application/target/sonarqube-5.6-SNAPSHOT/conf/sonar.propertiesValues to set:
sonar.jdbc.username,sonar.jdbc.password,sonar.jdbc.url -
Restart. Sonar will create all the necessary tables, it might be slow.
Run inside a Maven project:
mvn sonar:sonar
Automatically finds the server running on localhost:9000.
The output tells the link where the analysis reports will be available, for example:
[INFO] ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/org.sonarsource.sonarqube:sonarqube
When you visit the URL, in the top-right corner there's an indicate to show the status of the analysis. For example, while building the report, it shows In Progress. While building the report for a project is in progress, submitting new projects will be shown as Pending.
These status indicators don't seem to update, need an explicity page refresh.
Why is it that mvn clean compile fails?
The links in README.md are in reference format, and as such not visible on GitHub. Why isn't that fixed?
What is /api/server/index? It's referenced in SONAR-7001, but actually undocumented in /web_api.
If Quality Gate fails due to bad rule, is there a way to ignore the rule but indicate warnings?
It's not obvious how to configure the database connection.
It's hard to find how to do it.
Editing sonar-application/src/main/assembly/conf/sonar.properties is certainly not a great option,
as the file is under version control.
It's not obvious how to add projects.
While a user is logged in, and the database is taken down, http://localhost:9000/api/server/index shows a long stack trace of Ruby calls, and includes the attempted SQL query:
SELECT * FROM `users` WHERE (`users`.`id` = 1) LIMIT 1
Quick tip: these are different web users (naturally), convenient for testing anon and non-anon requests side by side:
http://localhost:9000/api/server/index
http://127.0.0.1:9000/api/server/index
When interrupting the server launched with ./start.sh with Control-C,
it doesn't look like it's shutting down gracefully...
=> As a matter of fact it doesn't. Should use ./stop.sh to shut down, but this is not well-documented.
=> Find the official documentation that you were supposed to follow. Probably this is the one: http://docs.sonarqube.org/display/SONAR/Documentation
Due to probably a dirty shutdown, startup is long, and console shows messages like:
2016.05.15 14:51:38 INFO ce[o.s.c.a.WebServerWatcherImpl] Still waiting for WebServer...
The website responds though, redirecting all requests to http://localhost:9000/maintenance, which for a few minutes show a page with the navbad and an empty hero-like box. After a while the box gets filled in correctly with a message about site maintenance.
The overlap and discrepancy is a bit curious in the status values
in org.sonarsource.sonarqube.upgrade.ServerStatusResponse.Status
and org.sonar.server.platform.ws.StatusAction.Status.
In fact the installation got very sick and would not start again. After a visit to http://localhost:9000/setup, it recovered, by "supposedly" upgrading the database, which didn't make any sense, as the tables were freshly installed.
Quality profiles got lost from mysql. Had to restart with in-memory database to backup one-by-one, then restart with mysql to re-import. But... on restart with mysql, I didn't need to re-import, the quality profiles were simply back! (???)
Deactivating (no delete) of self (user) doesn't work, but delete button is still visible on http://127.0.0.1:9000/users.
The gui allows deleting the last admin group. https://jira.sonarsource.com/browse/SONAR-6912 After doing that, I was not able to manually recover the lost admin group. Recreated the group, and manipulated related tables, but evidently not everything. The deletion of a group triggered a cascade of other deletes. But not the user of the group. To recover, I restarted from scratch, and re-analyzed all the sample projects. And took a dump of the database.
https://github.com/SonarSource/sonarqube/blob/master/README.md => the doc links are not visible on GitHub, need a solution...
https://github.com/SonarSource/sonar-developer-toolset/blob/master/git/spush => Bash scripting improvements
https://github.com/SonarSource/sonar-java/blob/master/CONTRIBUTING.md => a bit messy markdown, pointless integration tests link => the README is very messy
https://jira.sonarsource.com/browse/SONAR-7151 Disable "Delete" action for default project dashboard -- can reproduce; but need to know more Ruby; see _dashboard_operations.html.erb
https://jira.sonarsource.com/browse/SONAR-7172
Improve display of period selection
-- looks easy, but cannot reproduce; perhaps need multiple releases, or multiple analyses;
see Periods
https://jira.sonarsource.com/browse/SONAR-7195 Support developer contributions in web service api/measures/component_tree -- easy to understand, but challenging
https://jira.sonarsource.com/browse/SONAR-7354
Display total analysis time in scanners
-- mvn verify sonar:sonar displays total time as sum of both goals,
but Simon would like to see the times of verify and sonar:sonar separately (too).
https://jira.sonarsource.com/browse/SONAR-6977 Hide unauthorized actions from form of issue bulk changes -- looks like several UI issues, not too hard, but probably needs Ruby chops...
https://jira.sonarsource.com/browse/SONAR-6973 Display some users/group on the security pages -- sounds like adding some pagination shortcuts; probably easy, with Ruby chops...
https://jira.sonarsource.com/browse/SONAR-6970 Web service to get the quality gate of a project -- sounds like a nice task, but should need some coordination; later
https://jira.sonarsource.com/browse/SONAR-6966 Allow to configure name of Elasticsearch cluster and nodes -- sounds fairly easy, and visible task, but a little Elasticsearch chops would be needed...
https://jira.sonarsource.com/browse/SONAR-7420 Allow renaming of module key after analysis https://jira.sonarsource.com/browse/SONAR-3321 Make the issue tracking mechanism support renaming of file -- sounds hard, but probably doable, with research
https://jira.sonarsource.com/browse/SONAR-6949 Update the hash algorithm of password -- cool, visible, a bit hard but doable
https://jira.sonarsource.com/browse/SONAR-6930 Speed-up loading of issues facets when issue details are not needed -- cool, visible, looks straightforward, with a bit of ES chops
=> https://jira.sonarsource.com/browse/SONAR-6912 Prevent locking out admin when deleting/updating a user group -- looks interesting, straightforward, not easy but doable
Initial roles for admin group:
INSERT INTO `group_roles` VALUES
(6,NULL,NULL,'provisioning'),
(4,NULL,NULL,'scan'),
(1,1,NULL,'admin'),
(8,1,NULL,'gateadmin'),
(2,1,NULL,'profileadmin'),
(7,1,NULL,'provisioning'),
(3,1,NULL,'shareDashboard');
=> https://jira.sonarsource.com/browse/SONAR-6638 Allow to bulk change more than 500 issues at once -- hard, but doable, visible
=> https://jira.sonarsource.com/browse/SONAR-6828 As a SQ Admin I want to know which user deleted a project. -- easy, non-stupid, a bit too easy
https://jira.sonarsource.com/browse/SONAR-5461 Support tables in markdown format -- looks doable and independent from Sonar
https://jira.sonarsource.com/browse/SONAR-4170 Make it possible to search for 'Removed' rules and to sort the rules by 'Removal date' -- looks doable