search

green-code-initiative / ecoCode

Reduce the environmental footprint of your software programs with SonarQube
https://ecocode.io
GNU General Public License v3.0
160 stars 78 forks source link

Updating Test Scripts for SonarQube 10.0+: Addressing sonar.login Deprecation #350

Open raymondsoft opened 3 months ago

raymondsoft commented 3 months ago

Describe the bug The tool_send_to_sonar.sh script, used in several test language projects (e.g., test-swift), generates a warning when executed with SonarQube version 10.0 or later. The warning is caused by the use of the deprecated sonar.login command. This issue might affect other test language projects using similar scripts.

To Reproduce Steps to observe the warning:

  1. Navigate to a project test repository, such as test-swift.
  2. Ensure SonarQube version 10.0 or later is installed.
  3. Execute the tool_send_to_sonar.sh script with a valid token.
  4. Observe the warning related to the deprecated sonar.login command in sonarqube.

Expected behavior The script should execute without warnings by using the sonar.token authentication method for SonarQube version 10.0 and above, while maintaining compatibility with earlier versions.

Screenshots

Capture d’écran 2024-08-26 à 11 14 04 Capture d’écran 2024-08-26 à 11 13 44

Software Versions

Additional context I have reviewed the tool_send_to_sonar.sh scripts and gradle.properties files across various test language projects and noted the following:

  1. Java

    • The script offers two configurations, but lacks automatic SonarQube version detection, potentially confusing users.

  2. JavaScript

    • Uses yarn with sonar.token, but lacks support or instructions for older SonarQube versions that require sonar.login.

  3. C#

    • Uses sonar.login with dotnet-sonarscanner, which may not work with SonarQube 10.0+. No version detection is implemented.

  4. Swift

    • The current script uses sonar.login, generating warnings in SonarQube 10.0+. A version-detecting update is proposed.

  5. Python

    • Similar to the Java script, it uses sonar.token but lacks version detection, which could cause issues with older SonarQube versions.

  6. PHP

    • The script combines sonar.login and sonar.token in a single command. This approach needs validation to ensure it's a correct practice.

  7. Kotlin (Android-Kotlin)

    • The gradle.properties file uses sonar.login, which may be incompatible with SonarQube 10.0+. No version detection is present.

  8. Java (Android-Java)

    • Similar to the Kotlin project, it uses sonar.login in gradle.properties, potentially causing warning with SonarQube 10.0+.

Proposed Solution for test-swift

The existing tool_send_to_sonar.sh script for the test-swift project is as follows:

#!/usr/bin/env sh

# "sonar.login" variable : private TOKEN generated in your local SonarQube during installation
# (input parameter of this script)
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar -Dsonar.login=$1

I have proposed an updated version of the tool_send_to_sonar.sh script specifically for the test-swift project. This script detects the SonarQube version and adjusts the authentication method accordingly.

Updated Script:

#!/usr/bin/env sh

# The parameter passed to this script should be a private TOKEN generated in your local SonarQube during installation.
# This token will be used for authentication, depending on the version of SonarQube detected.

# Detect SonarQube version
SONAR_VERSION=$(curl -sS http://localhost:9000/api/server/version)

# Compare the detected version with 10.0
if [ "$(printf '%s\n' "$SONAR_VERSION" "10.0" | sort -V | head -n1)" = "10.0" ] && [ "$SONAR_VERSION" != "10.0" ]; then
  # Use sonar.token for SonarQube 10.0 and above
  mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar -Dsonar.token=$1
else
  # Use sonar.login for SonarQube versions below 10.0
  mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar -Dsonar.login=$1
fi