Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updgrade to release 1.12 from upstream (#6)
* Bump mockito-core from 4.0.0 to 4.1.0 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.0.0...v4.1.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump logging-interceptor from 4.9.2 to 4.9.3 Bumps [logging-interceptor](https://github.com/square/okhttp) from 4.9.2 to 4.9.3. - [Release notes](https://github.com/square/okhttp/releases) - [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md) - [Commits](square/okhttp@parent-4.9.2...parent-4.9.3) --- updated-dependencies: - dependency-name: com.squareup.okhttp3:logging-interceptor dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump bcpkix-jdk15on from 1.69 to 1.70 Bumps [bcpkix-jdk15on](https://github.com/bcgit/bc-java) from 1.69 to 1.70. - [Release notes](https://github.com/bcgit/bc-java/releases) - [Changelog](https://github.com/bcgit/bc-java/blob/master/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) --- updated-dependencies: - dependency-name: org.bouncycastle:bcpkix-jdk15on dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump actions/setup-java from 2.3.1 to 2.4.0 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.3.1 to 2.4.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v2.3.1...v2.4.0) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump junit-bom from 5.8.1 to 5.8.2 Bumps [junit-bom](https://github.com/junit-team/junit5) from 5.8.1 to 5.8.2. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit5@r5.8.1...r5.8.2) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Add missing base url while using bitbucket client * Bump mockito-core from 4.1.0 to 4.2.0 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.1.0...v4.2.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Initiate release 1.10.0 * [Gradle Release Plugin] - new version commit: '1.10.1'. * Return to SNAPSHOT version post release * Update version numbers in README * Upgrade to the latest version of Gradle Updates Gradle to 7.3. Includes a modification to the Docker builder image to use a Gradle image rather than a JDK and the Gradle wrapper, as this allows caching of the Gradle image and possibly any interim steps rather than having to use the wrapper to download the full Gradle distribution on every build. * Bump actions/setup-java from 2.4.0 to 2.5.0 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v2.4.0...v2.5.0) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump jackson-datatype-jsr310 from 2.13.0 to 2.13.1 Bumps jackson-datatype-jsr310 from 2.13.0 to 2.13.1. --- updated-dependencies: - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump assertj-core from 3.21.0 to 3.22.0 Bumps [assertj-core](https://github.com/assertj/assertj-core) from 3.21.0 to 3.22.0. - [Release notes](https://github.com/assertj/assertj-core/releases) - [Commits](assertj/assertj@assertj-core-3.21.0...assertj-core-3.22.0) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump mockito-core from 4.2.0 to 4.3.0 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.2.0...v4.3.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump actions/setup-java from 2.5.0 to 3 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.5.0 to 3. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v2.5.0...v3) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump jackson-datatype-jsr310 from 2.13.1 to 2.13.2 Bumps jackson-datatype-jsr310 from 2.13.1 to 2.13.2. --- updated-dependencies: - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump mockito-core from 4.3.0 to 4.4.0 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.3.0...v4.4.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump actions/cache from 2 to 3 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. - [Release notes](https://github.com/actions/cache/releases) - [Commits](actions/cache@v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * mc1arke#91: Add ability to donate to the project maintainer * mc1arke#523: Add auto-detection for all CIs in Sonarqube commercial editions The plugin previously only provided support for auto-detecting and configuring the scanner properties for a Pull Request in Azure Devops and a Merge Request or Branch in Gitlab CI. The Sonarqube documentation also stated that Bitbucket Pipelines, Github Actions, CodeMagic, Jenkins Branch API, and Cirrus CI could also be used to auto-discover Pull Request or Branch information although the plugin did not provide these. This change adds support for detecting these additional CIs based on the various environment variables they provide, and to auto-configure Pull Request or Branch parameters in the scanner when a suitable build job is detected. Includes the general clean-up of the creation of Branch and Pull Request configuration to force fail-fast behaviour where target branches are not provided or can't be matched against known branches, to ensure the correct reference branch is selected for Pull Request analysis, and to force an error to be displayed if a user mixes Pull Rrequest and Branch parameters in their launch properties. * Refactor Bitbucket operations to prevent leaking scope The Bitbucket clients require different properties to be used from the relevant configuration DTOs depending on whether Bitbucket cloud or server are being used, with the management of the property retrieval being delegated to the relevant client implementation. However, this requires each client to reference DTO classes from Sonarqube core, where the clients should really only interact with their own models. As the work on retrieving the relevant details has already been performed in the `DefaultBitbucketClientFactory`, the logic for performing the retrieval has been removed from each client implementations, and the calculated values are passed into the constructor for each client instead. This does make each client instance constrained to a single repository, but given the way the clients are used within the decorators and validators, this isn't an issue. The client API has therefore been altered to remove the references to project and repository in any method signatures since the client now retrieves this internally from the client configuration. The clients have also been altered now to depend directly on the status from the Quality Gate, with a new enum being used by the client to indicate the report status, and the decorator performing the mapping between the Quality Gate and report status. Finally, to allow for the `DefaultBitbucketClientFactory` to have a single constructor rather than a test-specific constructor, the facility for creating an Http Client has been moved into an `HttpClientBuilderFactory` and this new class configured for injection in both the Compute Engine and server components. * Refactor Github operations to prevent leaking scope The GithubClient interface exposes a method that takes various Sonarqube core classes and plugin constructed data as arguments and returns a `DecorationResult`, all of which are items that the upstream decorator should be aware of, but not the client responsible for communicating with Github. Similarly, the `GraphqlGithubClient` had locally constructed a `MarkdownFormatterFactory`, `DefaultGraphqlProvider`, and `Clock` as well as requiring a Sonarqube `Server` instance for instantiation, with the local construction requiring a second constructor to be included purely for testing, and the `Server` instance requiring the client have knowledge of Sonarqube's structure rather than being passed a client configuration that had no external dependencies in it. This change alters the GithubClient implementation to use dependency injection for all re-usable objects, and introduces a Github specific object for submitting a check run, rather than relying on the `AnlaysisDetails` object used in the plugin. The use of the settings DTOs has been removed from the client, with the details being used in the client factory and the relevant details being persisted in the client from the constructor invocation. To support this, the `MarkdownFormatterFactory` has been setup to be exposed for constructor injection in Compute Engine components, and the `DefaultGraphqlProvider` exposed in both Compute Engine and Server scopes. The requirement of passing a `projectPath` inside the GithubClient has also been removed, with the repository name and owner login being extracted during the authentication phase and stored in the token for the client to use them where needed. * Remove cyclic dependency in Formatters The Formatters for generating the analysis report are created by a FormatterFactory, but then need a formatter factory passed into them during execution. This allows a potential scenario where a Formatter could be passed a FormatterFactory for a different output type so generate invalid content type, as well as causing a non-optimal API. This change alters the FormatterFactory to be the component that is aware of how to create Formatters for child components, rather than the formatters doing this, therefore removing the need for a FormatterFactory to be made available in formatters. * mc1arke#421: Don't trim whitespace during Markdown rendering The text renderer for the `MarkdownFormatterFactory` had been performing a `trim` on any inputs, which caused the single whitespace entries being added as spacers after some inline images to be removed. As the structure of the document should be presumed to match what the generating component requires, it's unnecessary for the renderer to attempt to alter this structure whilst rendering to a relevant document format. Instead, any constraints on formatting should be left to the system rendering the generated output. * Move report generation out of AnalysisDetails The access to metrics from a Pull Request analysis is exposed through an `AnalysisDetails` instance, which also provides the ability to extract a formatted report. As a number of the metrics used in the summary report need to be retrieved through various additional DAOs, and as the resolution of URLs for links and images requiring access to core Sonarqube configuration, `AnalysisDetails` holds references to a high number of classes from Sonarqube's core. Some of those core Sonarqube classes are also referenced directly in some decorators which don't make use of the summary report but need equivalent metrics to those shown in the summary which means some searching logic is duplicated across the plugin. This change pulls the report generation into a `ReportGenerator` class, with the report being an interim set of collected metrics that each decorator can extract required information, or generate a formatted report from. * Allow mono-repo decoration for Bitbucket The key for the Code Insights report uses a static value which results in any report submitted by Sonarqube overwriting any existing report, even where reports are submitted from different projects, such as would happen in a mono-report setup. The report key is therefore being changed to use the project key, so that repeated scans from a single project continue to overwrite each other, whilst scans against the same repository from different projects will allow new reports to be submitted without altering existing reports. * Bump actions/upload-artifact from 2 to 3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v2...v3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Fix unit tests on Windows The character encoding is being set in Gradle to ensure that the build doesn't use Operating system specific encodings that will cause differences between builds of the same code on different machines. * Decoration issue fails due invalid project id when branch is in fork * Initiate release 1.11.0 * [Gradle Release Plugin] - new version commit: '1.11.1'. * Return to SNAPSHOT version post release * Update version numbers in README * Bump github/codeql-action from 1 to 2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump javassist from 3.28.0-GA to 3.29.0-GA Bumps [javassist](https://github.com/jboss-javassist/javassist) from 3.28.0-GA to 3.29.0-GA. - [Release notes](https://github.com/jboss-javassist/javassist/releases) - [Commits](https://github.com/jboss-javassist/javassist/commits) --- updated-dependencies: - dependency-name: org.javassist:javassist dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump jackson-datatype-jsr310 from 2.13.2 to 2.13.3 Bumps jackson-datatype-jsr310 from 2.13.2 to 2.13.3. --- updated-dependencies: - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump mockito-core from 4.4.0 to 4.6.0 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.4.0 to 4.6.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.4.0...v4.6.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Improve test stability The wiremock based tests currently fail if another service is running on on port 8080, and other tests fail with newer dependencies due to changes in recursive comparisons. The wiremock tests are being altered to use a random port for runs to prevent port conflict, and the tests comparing HTTP entities are being altered to extract the InputStream for comparing the contents from. * Bump assertj-core from 3.22.0 to 3.23.1 Bumps [assertj-core](https://github.com/assertj/assertj-core) from 3.22.0 to 3.23.1. - [Release notes](https://github.com/assertj/assertj-core/releases) - [Commits](assertj/assertj@assertj-core-3.22.0...assertj-core-3.23.1) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * mc1arke#585 Register ObjectMapper modules so timestamps can be processed * Swap repo slug and project key Repository slug and project key got mixed up for the Bitbucket server config causing Sonar to not find the repo defined in the ui on Bitbucket * Replace null values in Bitbucket analysis report Bitbucket throws an error when a report contains a percentage element with a null value. The code coverage and duplication metrics are now nullable in the report data passed around the plugin, bit the Bitbucket decorator does not check or replace nulls from these fields. This change alters the report publishing to check for nulls in either of the coverage or duplication fields and uses Zero in their place. * Bump mockito-core from 4.6.0 to 4.6.1 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.6.0...v4.6.1) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump logging-interceptor from 4.9.3 to 4.10.0 Bumps [logging-interceptor](https://github.com/square/okhttp) from 4.9.3 to 4.10.0. - [Release notes](https://github.com/square/okhttp/releases) - [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md) - [Commits](square/okhttp@parent-4.9.3...parent-4.10.0) --- updated-dependencies: - dependency-name: com.squareup.okhttp3:logging-interceptor dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Add instructions for official SonarQube Helm Chart * Cleanup README contents Re-formats the README to limit the line lengths to improve editing and readability of the raw format, and fixes some references to paths and configuration that has changed in recent versions of Sonarqube but is no longer accurate in the README. * mc1arke#601 Strip user info from Azure DevOps repository link When creating the link from Sonarqube to an Azure Devops Pull Request, the URL of the owning repository is used as a base for the URL. If the Azure DevOps API returns a URL containing user authentication details then this is included in the resulting link, even though the details may not be valid for a front-end user. The authentication detail is therefore being stripped from the URL before the Pull Request URL is generated. * Initiate release 1.12.0 * [Gradle Release Plugin] - new version commit: '1.12.1'. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Konrad Czaja <[email protected]> Co-authored-by: Michael Clarke <[email protected]> Co-authored-by: GitHub <[email protected]> Co-authored-by: Michael Clarke <[email protected]> Co-authored-by: MrNighty <[email protected]> Co-authored-by: Johno Crawford <[email protected]> Co-authored-by: Miguel Canavidez <[email protected]> Co-authored-by: Jochim Van Dijck <[email protected]> Co-authored-by: RG <[email protected]>
- Loading branch information
11 people
authored
Nov 15, 2022
1 parent
bb8641d
commit 45ea248