dependency 'org.reflections:reflections:0.10.2'
dependency 'org.simpleframework:simple:5.1.6'
dependency 'org.sonarsource.git.blame:git-files-blame:1.0.1.169'
- dependency 'org.sonarsource.orchestrator:sonar-orchestrator:3.40.0.183'
+ dependency 'org.sonarsource.orchestrator:sonar-orchestrator:3.41.0.295'
dependency 'org.sonarsource.update-center:sonar-update-center-common:1.29.0.1000'
dependency("org.springframework:spring-context:${springVersion}") {
exclude 'commons-logging:commons-logging'
outputFile.append(JsonOutput.toJson([category: "Analysis", suite: "Standalone", operation: "total", duration: taskDuration]) + '\n')
}
}
-
- apt-get install --yes openjdk-11-jre
- dotnet tool install --global dotnet-sonarscanner
- export PATH="$PATH:/root/.dotnet/tools"
- - dotnet sonarscanner begin /k:"my-project" /d:"sonar.login=\${SONAR_TOKEN}" /d:"sonar.host.url=\${SONAR_HOST_URL}"
+ - dotnet sonarscanner begin /k:"my-project" /d:"sonar.token=\${SONAR_TOKEN}" /d:"sonar.host.url=\${SONAR_HOST_URL}"
- dotnet build
- - dotnet sonarscanner end /d:"sonar.login=\${SONAR_TOKEN}"
+ - dotnet sonarscanner end /d:"sonar.token=\${SONAR_TOKEN}"
caches:
sonar: ~/.sonar
- apt-get install --yes openjdk-11-jre
- dotnet tool install --global dotnet-sonarscanner
- export PATH="$PATH:/root/.dotnet/tools"
- - dotnet sonarscanner begin /k:"${projectKey}" /d:"sonar.login=\${SONAR_TOKEN}" /d:"sonar.host.url=\${SONAR_HOST_URL}"
+ - dotnet sonarscanner begin /k:"${projectKey}" /d:"sonar.token=\${SONAR_TOKEN}" /d:"sonar.host.url=\${SONAR_HOST_URL}"
- dotnet build
- - dotnet sonarscanner end /d:"sonar.login=\${SONAR_TOKEN}"
+ - dotnet sonarscanner end /d:"sonar.token=\${SONAR_TOKEN}"
caches:
sonar: ~/.sonar
GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
shell: powershell
run: |
- .\\.sonar\\scanner\\dotnet-sonarscanner begin /k:"my-project" /d:sonar.login="\${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="\${{ secrets.SONAR_HOST_URL }}"
+ .\\.sonar\\scanner\\dotnet-sonarscanner begin /k:"my-project" /d:sonar.token="\${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="\${{ secrets.SONAR_HOST_URL }}"
dotnet build
- .\\.sonar\\scanner\\dotnet-sonarscanner end /d:sonar.login="\${{ secrets.SONAR_TOKEN }}""
+ .\\.sonar\\scanner\\dotnet-sonarscanner end /d:sonar.token="\${{ secrets.SONAR_TOKEN }}""
`;
exports[`should follow and complete all steps: CFamily Linux: .github/workflows/build.yml 1`] = `
GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
shell: powershell
run: |
- .\\.sonar\\scanner\\dotnet-sonarscanner begin /k:"${projectKey}" /d:sonar.login="\${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="\${{ secrets.SONAR_HOST_URL }}"
+ .\\.sonar\\scanner\\dotnet-sonarscanner begin /k:"${projectKey}" /d:sonar.token="\${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="\${{ secrets.SONAR_HOST_URL }}"
dotnet build
- .\\.sonar\\scanner\\dotnet-sonarscanner end /d:sonar.login="\${{ secrets.SONAR_TOKEN }}"`;
+ .\\.sonar\\scanner\\dotnet-sonarscanner end /d:sonar.token="\${{ secrets.SONAR_TOKEN }}"`;
}
export default function DotNet(props: DotNetProps) {
- "apt-get install --yes openjdk-11-jre"
- "dotnet tool install --global dotnet-sonarscanner"
- "export PATH=\\"$PATH:$HOME/.dotnet/tools\\""
- - "dotnet sonarscanner begin /k:\\"my-project\\" /d:sonar.login=\\"$SONAR_TOKEN\\" /d:\\"sonar.host.url=$SONAR_HOST_URL\\" "
+ - "dotnet sonarscanner begin /k:\\"my-project\\" /d:sonar.token=\\"$SONAR_TOKEN\\" /d:\\"sonar.host.url=$SONAR_HOST_URL\\" "
- "dotnet build"
- - "dotnet sonarscanner end /d:sonar.login=\\"$SONAR_TOKEN\\""
+ - "dotnet sonarscanner end /d:sonar.token=\\"$SONAR_TOKEN\\""
allow_failure: true
rules:
- if: $CI_COMMIT_BRANCH == 'main'
- "apt-get install --yes openjdk-11-jre"
- "dotnet tool install --global dotnet-sonarscanner"
- "export PATH=\\"$PATH:$HOME/.dotnet/tools\\""
- - "dotnet sonarscanner begin /k:\\"${projectKey}\\" /d:sonar.login=\\"$SONAR_TOKEN\\" /d:\\"sonar.host.url=$SONAR_HOST_URL\\" "
+ - "dotnet sonarscanner begin /k:\\"${projectKey}\\" /d:sonar.token=\\"$SONAR_TOKEN\\" /d:\\"sonar.host.url=$SONAR_HOST_URL\\" "
- "dotnet build"
- - "dotnet sonarscanner end /d:sonar.login=\\"$SONAR_TOKEN\\""`,
+ - "dotnet sonarscanner end /d:sonar.token=\\"$SONAR_TOKEN\\""`,
},
[BuildTools.Other]: {
image: `
"
`;
-exports[`can choose build tools and copy provided settings: dotnet core: execute command 1 1`] = `"dotnet sonarscanner begin /k:"my-project" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="generatedtoken2""`;
+exports[`can choose build tools and copy provided settings: dotnet core: execute command 1 1`] = `"dotnet sonarscanner begin /k:"my-project" /d:sonar.host.url="http://localhost:9000" /d:sonar.token="generatedtoken2""`;
exports[`can choose build tools and copy provided settings: dotnet core: execute command 2 1`] = `"dotnet build"`;
-exports[`can choose build tools and copy provided settings: dotnet core: execute command 3 1`] = `"dotnet sonarscanner end /d:sonar.login="generatedtoken2""`;
+exports[`can choose build tools and copy provided settings: dotnet core: execute command 3 1`] = `"dotnet sonarscanner end /d:sonar.token="generatedtoken2""`;
exports[`can choose build tools and copy provided settings: dotnet core: install scanner globally 1`] = `"dotnet tool install --global dotnet-sonarscanner"`;
-exports[`can choose build tools and copy provided settings: dotnet framework: execute command 1 1`] = `"SonarScanner.MSBuild.exe begin /k:"my-project" /d:sonar.host.url="http://localhost:9000" /d:sonar.login="generatedtoken2""`;
+exports[`can choose build tools and copy provided settings: dotnet framework: execute command 1 1`] = `"SonarScanner.MSBuild.exe begin /k:"my-project" /d:sonar.host.url="http://localhost:9000" /d:sonar.token="generatedtoken2""`;
exports[`can choose build tools and copy provided settings: dotnet framework: execute command 2 1`] = `"MsBuild.exe /t:Rebuild"`;
-exports[`can choose build tools and copy provided settings: dotnet framework: execute command 3 1`] = `"SonarScanner.MSBuild.exe end /d:sonar.login="generatedtoken2""`;
+exports[`can choose build tools and copy provided settings: dotnet framework: execute command 3 1`] = `"SonarScanner.MSBuild.exe end /d:sonar.token="generatedtoken2""`;
exports[`can choose build tools and copy provided settings: gradle: execute scanner 1`] = `
"./gradlew sonar \\
-Dsonar.projectKey=my-project \\
-Dsonar.projectName='MyProject' \\
-Dsonar.host.url=http://localhost:9000 \\
- -Dsonar.login=generatedtoken2"
+ -Dsonar.token=generatedtoken2"
`;
exports[`can choose build tools and copy provided settings: gradle: sonarqube plugin 1`] = `
-Dsonar.projectKey=my-project \\
-Dsonar.projectName='MyProject' \\
-Dsonar.host.url=http://localhost:9000 \\
- -Dsonar.login=generatedtoken2"
+ -Dsonar.token=generatedtoken2"
`;
exports[`can choose build tools and copy provided settings: other linux: execute scanner 1`] = `
const { baseUrl, component, token } = props;
const commands = [
- `dotnet sonarscanner begin /k:"${component.key}" /d:sonar.host.url="${baseUrl}" /d:sonar.login="${token}"`,
+ `dotnet sonarscanner begin /k:"${component.key}" /d:sonar.host.url="${baseUrl}" /d:sonar.token="${token}"`,
'dotnet build',
- `dotnet sonarscanner end /d:sonar.login="${token}"`,
+ `dotnet sonarscanner end /d:sonar.token="${token}"`,
];
return (
const { baseUrl, component, token } = props;
const commands = [
- `SonarScanner.MSBuild.exe begin /k:"${component.key}" /d:sonar.host.url="${baseUrl}" /d:sonar.login="${token}"`,
+ `SonarScanner.MSBuild.exe begin /k:"${component.key}" /d:sonar.host.url="${baseUrl}" /d:sonar.token="${token}"`,
'MsBuild.exe /t:Rebuild',
- `SonarScanner.MSBuild.exe end /d:sonar.login="${token}"`,
+ `SonarScanner.MSBuild.exe end /d:sonar.token="${token}"`,
];
return (
'-D' + q('sonar.sources=.'),
cfamily ? '-D' + q('sonar.cfamily.build-wrapper-output=bw-output') : undefined,
'-D' + q(`sonar.host.url=${baseUrl}`),
- isLocal ? '-D' + q(`sonar.login=${token}`) : undefined,
+ isLocal ? '-D' + q(`sonar.token=${token}`) : undefined,
];
return (
`-Dsonar.projectKey=${component.key}`,
`-Dsonar.projectName='${component.name}'`,
`-Dsonar.host.url=${baseUrl}`,
- `-Dsonar.login=${token}`,
+ `-Dsonar.token=${token}`,
];
return (
`-Dsonar.projectKey=${component.key}`,
`-Dsonar.projectName='${component.name}'`,
`-Dsonar.host.url=${baseUrl}`,
- `-Dsonar.login=${token}`,
+ `-Dsonar.token=${token}`,
];
return (
CoreProperties.LOGIN, CoreProperties.PASSWORD));
}
// not authenticated - see https://jira.sonarsource.com/browse/SONAR-4048
- throw MessageException.of(format("Not authorized. Analyzing this project requires authentication. "
- + "Please provide a user token in %s or other credentials in %s and %s.", CoreProperties.LOGIN, CoreProperties.LOGIN, CoreProperties.PASSWORD));
+ throw MessageException.of(format("Not authorized. Analyzing this project requires authentication. Please provide a user token in %s" +
+ " or other credentials in %s and %s.", ScannerWsClientProvider.TOKEN_PROPERTY, CoreProperties.LOGIN, CoreProperties.PASSWORD));
}
if (code == HTTP_FORBIDDEN) {
throw MessageException.of("You're not authorized to analyze this project or the project doesn't exist on SonarQube" +
public class ScannerWsClientProvider {
static final int CONNECT_TIMEOUT_MS = 5_000;
static final String READ_TIMEOUT_SEC_PROPERTY = "sonar.ws.timeout";
+ public static final String TOKEN_PROPERTY = "sonar.token";
+ private static final String TOKEN_ENV_VARIABLE = "SONAR_TOKEN";
static final int DEFAULT_READ_TIMEOUT_SEC = 60;
@Bean("DefaultScannerWsClient")
HttpConnector.Builder connectorBuilder = HttpConnector.newBuilder();
String timeoutSec = defaultIfBlank(scannerProps.property(READ_TIMEOUT_SEC_PROPERTY), valueOf(DEFAULT_READ_TIMEOUT_SEC));
- String token = defaultIfBlank(system.envVariable("SONAR_TOKEN"), null);
+ String envVarToken = defaultIfBlank(system.envVariable(TOKEN_ENV_VARIABLE), null);
+ String token = defaultIfBlank(scannerProps.property(TOKEN_PROPERTY), envVarToken);
String login = defaultIfBlank(scannerProps.property(CoreProperties.LOGIN), token);
connectorBuilder
.readTimeoutMilliseconds(parseInt(timeoutSec) * 1_000)
import org.sonar.api.notifications.AnalysisWarnings;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
+import org.sonar.scanner.bootstrap.ScannerWsClientProvider;
public class DeprecatedPropertiesWarningGenerator {
private static final Logger LOG = Loggers.get(DeprecatedPropertiesWarningGenerator.class);
@VisibleForTesting
- public static final String PASSWORD_WARN_MESSAGE = "Property '" + CoreProperties.PASSWORD + "' is deprecated. It will not be supported " +
- "in the future. Please instead use the 'sonar.login' parameter with a token.";
+ static final String CREDENTIALS_WARN_MESSAGE = String.format("The properties '%s' and '%s' are deprecated. They will not be supported " +
+ "in the future. Please instead use the '%s' parameter.", CoreProperties.LOGIN, CoreProperties.PASSWORD, ScannerWsClientProvider.TOKEN_PROPERTY);
private final Configuration configuration;
private final AnalysisWarnings analysisWarnings;
}
public void execute() {
+ Optional<String> login = configuration.get(CoreProperties.LOGIN);
Optional<String> password = configuration.get(CoreProperties.PASSWORD);
- if (password.isPresent()) {
- LOG.warn(PASSWORD_WARN_MESSAGE);
- analysisWarnings.addUnique(PASSWORD_WARN_MESSAGE);
+ if (login.isPresent() || password.isPresent()) {
+ LOG.warn(CREDENTIALS_WARN_MESSAGE);
+ analysisWarnings.addUnique(CREDENTIALS_WARN_MESSAGE);
}
}
assertThatThrownBy(() -> new DefaultScannerWsClient(wsClient, false,
new GlobalAnalysisMode(new ScannerProperties(Collections.emptyMap())), analysisWarnings).call(request))
.isInstanceOf(MessageException.class)
- .hasMessage("Not authorized. Analyzing this project requires authentication. Please provide a user token in sonar.login or other " +
+ .hasMessage("Not authorized. Analyzing this project requires authentication. Please provide a user token in sonar.token or other " +
"credentials in sonar.login and sonar.password.");
}
public void provide_client_with_custom_settings() {
Map<String, String> props = new HashMap<>();
props.put("sonar.host.url", "https://here/sonarqube");
- props.put("sonar.login", "theLogin");
- props.put("sonar.password", "thePassword");
+ props.put("sonar.token", "testToken");
props.put("sonar.ws.timeout", "42");
ScannerProperties settings = new ScannerProperties(props);
package org.sonar.scanner.scan;
import org.assertj.core.api.Assertions;
+import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.Mockito;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
-import static org.sonar.scanner.scan.DeprecatedPropertiesWarningGenerator.PASSWORD_WARN_MESSAGE;
+import static org.sonar.scanner.scan.DeprecatedPropertiesWarningGenerator.CREDENTIALS_WARN_MESSAGE;
public class DeprecatedPropertiesWarningGeneratorTest {
private final MapSettings settings = new MapSettings();
private final AnalysisWarnings analysisWarnings = Mockito.spy(AnalysisWarnings.class);
- private final DeprecatedPropertiesWarningGenerator underTest = new DeprecatedPropertiesWarningGenerator(settings.asConfig(), analysisWarnings);
+ private final DeprecatedPropertiesWarningGenerator underTest = new DeprecatedPropertiesWarningGenerator(settings.asConfig(),
+ analysisWarnings);
+
+ @Before
+ public void setUp() throws Exception {
+ settings.removeProperty(CoreProperties.LOGIN);
+ settings.removeProperty(CoreProperties.PASSWORD);
+ }
@Test
- public void verify_warning_when_using_password() {
- settings.setProperty(CoreProperties.PASSWORD, "winner winner chicken dinner");
+ public void execute_whenUsingLogin_shouldAddWarning() {
+ settings.setProperty(CoreProperties.LOGIN, "test");
underTest.execute();
- verify(analysisWarnings, times(1)).addUnique(PASSWORD_WARN_MESSAGE);
- Assertions.assertThat(logger.logs(LoggerLevel.WARN)).contains(PASSWORD_WARN_MESSAGE);
+ verify(analysisWarnings, times(1)).addUnique(CREDENTIALS_WARN_MESSAGE);
+ Assertions.assertThat(logger.logs(LoggerLevel.WARN)).contains(CREDENTIALS_WARN_MESSAGE);
}
@Test
- public void verify_no_warning_when_not_using_password() {
- settings.removeProperty(CoreProperties.PASSWORD);
+ public void execute_whenUsingPassword_shouldAddWarning() {
+ settings.setProperty(CoreProperties.PASSWORD, "winner winner chicken dinner");
underTest.execute();
+ verify(analysisWarnings, times(1)).addUnique(CREDENTIALS_WARN_MESSAGE);
+ Assertions.assertThat(logger.logs(LoggerLevel.WARN)).contains(CREDENTIALS_WARN_MESSAGE);
+ }
+
+ @Test
+ public void execute_whenNotUsingLoginOrPassword_shouldNotAddWarning() {
+ underTest.execute();
+
verifyNoInteractions(analysisWarnings);
Assertions.assertThat(logger.logs(LoggerLevel.WARN)).isEmpty();
}
-}
\ No newline at end of file
+}