Applying sonarqube for remote repository - github

I have a project in my github.Sonarqube was running in local machine(windows).Now I want to apply sonarqube on my repository project in my local machine only without using jenkins.
I have applied the sonarqube when that project is in local machine.
Two requirements I want to do
1)Applying sonarqube to remote repository
2)whenever a commit happens update sonarqube on that changes.

Applying sonarqube to remote repository
That means a remote process running Sonar on the GitHub side.
For now, you have GitHub Actions which allow, on push, to run specific programs.
For instance: sonarsource/sonarcloud-github-action will run SonarCloud (you can sign up an account for free) in order to detects bugs, vulnerabilities and code smells in more than 20 programming languages.
No Jenkins required.

Related

Versioncontrol Repository in LAN Working copy in Web

I'm a newbie to version control systems, so please pardon my naiveté.
I want the repository to be on a networked path within our local area network (LAN) so that only local PC's can access it. The files that are edited should be on a server which is accessible via the internet.
Here is a diagram of what I mean:
The Internet server is an ordinary web server, but it offers WebDAV. Is there a version control system with which I can implement this setup?
Sure. What you are trying to achieve is called continuous deployment. You can set up a git server locally and then deploy the build artifacts to the WebDAV server (and/or another server) online.
⚠️ Note
I strongly recommend not running your version control software (VCS) locally, but rather, having a private repo on GitHub, GitLab, AWS CodeCommit, Azure DevOps, or BitBucket that you clone locally for work.
If you're committed (no pun intended) to local VCS, then you can use the set up below.
Continuous Deployment
You can create a local scheduled script to check for critical events (like approved merges on the main branch) of a target local repo. The script will then build the entire project and copy the build artifacts to the WebDAV.
There are almost an infinite number of ways to achieving this, so I will just link to some high level guides:
What is a Deployment pipeline?
Continuous Integration, Delivery, and Deployment
Windows Scheduled Tasks Azure DevOps Extension
scheduling continuous integration pipelines
The script can be as simple as copying files from the repo to the WebDAV; or, as complex as integrating, testing, building, and pushing build artifacts. The specifics (which scripting language[s] and how to schedule) depend on your OS more than anything. Here are instructions for Windows: https://blog.netwrix.com/2018/07/03/how-to-automate-powershell-scripts-with-task-scheduler/
git Server on LAN
Before you can deploy, you need a repo. The following are steps (using Windows 10) to get your local git server going. If you are using a Linux flavour, please adjust the instructions accordingly.
Create a folder where you want to create the Git Server.
Move into that folder, right click and select
 Git Bash Here
 option. This will open a bash command window in the current
folder.
Run the command
 git init anyname.git --bare
 to initialize Git bare repo without the working directory.
That’s it. You have successfully set up your Git server.
Connecting to Local Git Server
On your Git server, Go to control panel → Network And Sharing
Center > Change advanced sharing settings. Select
 
Turn on network discovery option
 and
 
Turn on file and printer sharing
 option.
On your Git server, Go to control panel → Windows Defender
Firewall → Advanced Settings → Inbound Rules. Enable
 
File and Printer Sharing (NB-Name-In) on private,public
profile and
 File and Printer Sharing (SMB-In)
 on private, public profile
 as shown below.
Go to the folder you have created Git Server, right click and select
 properties. Under
 sharing
 tab, click
 Share
 and add
 Everyone. Set the
 permission level
 as
 Read/Write.
Once the permissions are set, you will find a share path.
Go to second Windows PC and open Git terminal and type
 *git clone //GitServerName/PathToGitServerFolder.git *
 command.
You can create new files and folders as if you do on a normal Git
account.
That’s it. You have successfully created your own Git Server
and published on the network.
The simplest way that I can think of, though it take a little getting used to is GIT.
You can do this with local repo C:/some/path/to/repo and the upstream as E:/webdav/location or //link/to/webdav, and just push to upstream to update on the server.

VS Team Services trigger option on build pipeline for external git repository

I have a unauthenticated (in vsts) external git repository that works in an local agent pool (who is auth) that is external too. Our build pipepline is the connection with our certificates that does this solution work.
The problem here is that there is no possibility to trigger automatically when someone push some changes on the master branch on this external unauthenticated (in vsts) git repository.
For this trigger option, there is only this configuration:
But after this, if someone push an commit, nothing happen.
Is there a limitation? Any configuration that I need to get this working? At now, it's always done manually to stat the build pipeline.
For the continuous integration with External Git, VSTS will connect to your external repository and check if there is new changes by the polling interval time you set. So you must configure the authentication in VSTS so that VSTS can access to your Git Repository to query new changes. When you configure the external git repository, it should ask you to provide user and password/token, enter the auth information there.

How to use sonar TFVC plugin?

I want use the TFVC plugin with sonar.
I have copied the file sonar-scm-tfvc-plugin-2.0.jar in Sonar\extensions\plugins.
I use the following config sonar.properties :
sonar.scm.enabled=true
sonar.scm.provider=tfvc
sonar.tfvc.username=my Tfs UserAccount
sonar.tfvc.password.secured=My TFS password
When I run a sonar analysis on the command line c:sonar.net-runner.cmd,
the analysis is successful.
But on the web side, all issues are not assigned....
Is there something wrong ?
SonarQube version 5.x+ will automatically assign issue to the last committer on the line if:
It is a new issue that has been introduced since the last analysis
It was possible to match the SCM user to a SonarQube user
So, if you did an initial analysis of your project, then enabled the SonarQube SCM TFVC plugin, and redid an analysis, none of the issues are new, and so it is expected for all of them to stay unassigned.
Start by verifying that you get the SCM data from TFVC properly imported into SonarQube:

Central compiling on a server

We are a team that works on liferay in eclipse.
We want to code in our clients but when we want to compile or deploy our code, this process done by server(to lower usage of clients and send main process to server).
How this can be possible?
You can use the Rundeck plugin for Jenkins to trigger a deploy based on the SCM commit message.
So your team would code and commit to a repository. Jenkins will then compile and deploy the latest build on the server.
BUT: I think I'd prefer to run my code on my client before committing it.

sonar+github integration

I want to enable sonar with git but is it neccesary that first pull the project from git repository using hudson or something else and then sonar will analyse the code periodically on hudson .am I right means my steps :
1.Pull project from git using hudson.
2.Sonar on hudson will analyse the code and send the updates.?
or directly we can use git+sonar how it works ,can anybody guide me to get it work.
Yes, you need first to pull your project from GitHub, and then launch a Sonar analysis on your local copy (Sonar needs the file to exist on the file system to be able to analyse them).
So you can pull your project manually or obvioulsy using a CI server like Jenkins/Hudson.
The good news, yesterday (2015-07-08) SonarQube has launched a Github Pluging, every time a pull request is submitted, the CI system launches a SonarQube preview analysis.
Reference:
http://www.sonarqube.org/github-pull-request-analysis-helps-fix-the-leak/