#23115 closed task (fixed)
Update SonarQube to latest LTS
| Reported by: | gaben | Owned by: | Don-vip |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | unspecified | Version: | |
| Keywords: | sonar sonarqube | Cc: | Don-vip, stoecker |
Description
The title says it all. The currently deployed version (9.2.4 build 50792) is almost two years old (release announcement) probably there are more rules for Java and other languages as well.
For running, it requires Java 17.
Also, I see many deprecated and outdated rule copies in the current deployment.
Attachments (1)
Change History (23)
comment:2 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Thanks for the reminder, indeed I didn't upgrade it for a long time. I'll take a look tomorrow.
comment:3 by , 2 years ago
2 month ping. We have until February 2024 to update to 9.9 (at which point IDE SonarLint integrations will have a baseline of 9.9, if I understand the docs correctly).
comment:4 by , 2 years ago
I downloaded and extracted the files and copied the config. I'll test starting the new version tomorrow. If I forget this weekend remind me on Monday.
follow-up: 7 comment:6 by , 2 years ago
Wait, which version will we have? In case it's LTS, then the link is this.
comment:7 by , 2 years ago
Replying to gaben:
Wait, which version will we have? In case it's LTS, then the link is this.
You know that the only difference between these two is the sonarqube version which is anyway wrong in both cases? And I'll for sure not hardcode it, but rather use a "*" so it will work for future updates.
comment:9 by , 2 years ago
Thank you, looks good. Could you please also check the quality profiles? https://josm.openstreetmap.de/sonar/profiles
Sonar is saying some of them outdated, but still default. I see in the Java section there is a customized JOSM rule, it's probably modification of an old rule which doesn't have some of the new inspections: https://josm.openstreetmap.de/sonar/profiles/compare?language=java&name=JOSM&withKey=AV20PiyL8dRWxlrdvbzV
comment:10 by , 2 years ago
Ok. Dropped all deprecated stuff, dropped lots of outdated configs, added all missing default rules to JOSM and JMapViewer.
Next would probably be to have a look again and deactivate any rules which make no real sense.
comment:11 by , 2 years ago
Nice side note: For JSP the sonar default is empty and the server install is also empty (but outdated :-) Now I can't delete this one as it is default and I can't make the sonar one default as it's empty. So I have to keep the outdated one.
follow-up: 13 comment:12 by , 2 years ago
Thank you! I noticed a missing XML rule reference in two project config:
by , 2 years ago
| Attachment: | missing_xml_reference.png added |
|---|
comment:13 by , 2 years ago
Replying to gaben:
Thank you! I noticed a missing XML rule reference in two project config:
Should be fixed, but it seems it will only be applied after the next run.
comment:15 by , 2 years ago
P.S. @Taylor: I made you sonar-admin ;-)
Thanks. I don't know what I'll do as an admin, but I'll figure something out. There has got to be a way to mark the TODO lint comments in the todo plugin as false positives...
I don't know if it took though -- in https://josm.openstreetmap.de/sonar/account, I'm only seeing sonar-users in the Groups section.
comment:16 by , 2 years ago
Hmpf. Some settings tend to get lost. That's disturbing. Ugly software. E.G. one of the outdated XML rules above is gone. The other one wont vanish, but my changed setting vanishes. Tss.
comment:17 by , 2 years ago
Some settings tend to get lost.
This is never fun when it happens.
Next would probably be to have a look again and deactivate any rules which make no real sense.
In other news, we've gone from 1.3k issues to 4k issues.
I don't know if I would deactivate any rules just yet. I'll fix new issues as I touch files and mark false positives (example: https://josm.openstreetmap.de/sonar/project/issues?resolved=false&severities=BLOCKER&id=josm&open=AYnbAsFvj8Ry6a_C0YWk ).
comment:18 by , 2 years ago
The last sonar job failed: https://josm.openstreetmap.de/jenkins/job/Sonar-JOSM/5797/console
ERROR: You're not authorized to run analysis. Please contact the project administrator.
I don't know if the previous token got revoked, expired, or something else happened.
comment:19 by , 2 years ago
Umpf. I changed something and now JOSM Sonar fails. And again I have no idea what the real reason is. "You're not authorized to run analysis. Please contact the project administrator" isn't so very helpful.
comment:20 by , 2 years ago
Found it. Dropping default access as suggested killed the JOSM server access ;-)
comment:21 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Closing for now. Optimization of config will be an ongoing task.
SonarQube 10 was released back in April. I don't think we want to upgrade to that. With that said, if we do want to upgrade to SonarQube 10, we still need to make an intermediate upgrade to SonarQube 9.9.
For the deprecated rules, see https://josm.openstreetmap.de/sonar/profiles .
Scanning through https://docs.sonarsource.com/sonarqube/latest/setup-and-upgrade/release-upgrade-notes/, it looks like the following changes are in place:
master->mainfor new projects. This is configurable.SONARQUBE_JDBC_*)