#23115 closed task (fixed)
Update SonarQube to latest LTS
| Reported by: | gaben | Owned by: | Don-vip |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | unspecified | Version: | |
| Keywords: | sonar sonarqube | Cc: | Don-vip, stoecker |
Description
The title says it all. The currently deployed version (9.2.4 build 50792) is almost two years old (release announcement) probably there are more rules for Java and other languages as well.
For running, it requires Java 17.
Also, I see many deprecated and outdated rule copies in the current deployment.
Attachments (1)
Change History (23)
comment:2 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Thanks for the reminder, indeed I didn't upgrade it for a long time. I'll take a look tomorrow.
comment:3 by , 22 months ago
2 month ping. We have until February 2024 to update to 9.9 (at which point IDE SonarLint integrations will have a baseline of 9.9, if I understand the docs correctly).
comment:4 by , 22 months ago
I downloaded and extracted the files and copied the config. I'll test starting the new version tomorrow. If I forget this weekend remind me on Monday.
follow-up: 7 comment:6 by , 22 months ago
Wait, which version will we have? In case it's LTS, then the link is this.
comment:7 by , 22 months ago
Replying to gaben:
Wait, which version will we have? In case it's LTS, then the link is this.
You know that the only difference between these two is the sonarqube version which is anyway wrong in both cases? And I'll for sure not hardcode it, but rather use a "*" so it will work for future updates.
comment:9 by , 22 months ago
Thank you, looks good. Could you please also check the quality profiles? https://josm.openstreetmap.de/sonar/profiles
Sonar is saying some of them outdated, but still default. I see in the Java section there is a customized JOSM rule, it's probably modification of an old rule which doesn't have some of the new inspections: https://josm.openstreetmap.de/sonar/profiles/compare?language=java&name=JOSM&withKey=AV20PiyL8dRWxlrdvbzV
comment:10 by , 22 months ago
Ok. Dropped all deprecated stuff, dropped lots of outdated configs, added all missing default rules to JOSM and JMapViewer.
Next would probably be to have a look again and deactivate any rules which make no real sense.
comment:11 by , 22 months ago
Nice side note: For JSP the sonar default is empty and the server install is also empty (but outdated :-) Now I can't delete this one as it is default and I can't make the sonar one default as it's empty. So I have to keep the outdated one.
follow-up: 13 comment:12 by , 22 months ago
Thank you! I noticed a missing XML rule reference in two project config:
by , 22 months ago
| Attachment: | missing_xml_reference.png added |
|---|
comment:13 by , 22 months ago
Replying to gaben:
Thank you! I noticed a missing XML rule reference in two project config:
Should be fixed, but it seems it will only be applied after the next run.
comment:15 by , 22 months ago
P.S. @Taylor: I made you sonar-admin ;-)
Thanks. I don't know what I'll do as an admin, but I'll figure something out. There has got to be a way to mark the TODO lint comments in the todo plugin as false positives...
I don't know if it took though -- in https://josm.openstreetmap.de/sonar/account, I'm only seeing sonar-users in the Groups section.
comment:16 by , 22 months ago
Hmpf. Some settings tend to get lost. That's disturbing. Ugly software. E.G. one of the outdated XML rules above is gone. The other one wont vanish, but my changed setting vanishes. Tss.
comment:17 by , 22 months ago
Some settings tend to get lost.
This is never fun when it happens.
Next would probably be to have a look again and deactivate any rules which make no real sense.
In other news, we've gone from 1.3k issues to 4k issues.
I don't know if I would deactivate any rules just yet. I'll fix new issues as I touch files and mark false positives (example: https://josm.openstreetmap.de/sonar/project/issues?resolved=false&severities=BLOCKER&id=josm&open=AYnbAsFvj8Ry6a_C0YWk ).
comment:18 by , 22 months ago
The last sonar job failed: https://josm.openstreetmap.de/jenkins/job/Sonar-JOSM/5797/console
ERROR: You're not authorized to run analysis. Please contact the project administrator.
I don't know if the previous token got revoked, expired, or something else happened.
comment:19 by , 22 months ago
Umpf. I changed something and now JOSM Sonar fails. And again I have no idea what the real reason is. "You're not authorized to run analysis. Please contact the project administrator" isn't so very helpful.
comment:20 by , 22 months ago
Found it. Dropping default access as suggested killed the JOSM server access ;-)
comment:21 by , 22 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Closing for now. Optimization of config will be an ongoing task.
SonarQube 10 was released back in April. I don't think we want to upgrade to that. With that said, if we do want to upgrade to SonarQube 10, we still need to make an intermediate upgrade to SonarQube 9.9.
For the deprecated rules, see https://josm.openstreetmap.de/sonar/profiles .
Scanning through https://docs.sonarsource.com/sonarqube/latest/setup-and-upgrade/release-upgrade-notes/, it looks like the following changes are in place:
master->mainfor new projects. This is configurable.SONARQUBE_JDBC_*)