Updgrade to release 1.12 from upstream #6
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [mockito-core](https://github.com/mockito/mockito) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.0.0...v4.1.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [logging-interceptor](https://github.com/square/okhttp) from 4.9.2 to 4.9.3. - [Release notes](https://github.com/square/okhttp/releases) - [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md) - [Commits](square/okhttp@parent-4.9.2...parent-4.9.3) --- updated-dependencies: - dependency-name: com.squareup.okhttp3:logging-interceptor dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [bcpkix-jdk15on](https://github.com/bcgit/bc-java) from 1.69 to 1.70. - [Release notes](https://github.com/bcgit/bc-java/releases) - [Changelog](https://github.com/bcgit/bc-java/blob/master/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) --- updated-dependencies: - dependency-name: org.bouncycastle:bcpkix-jdk15on dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.3.1 to 2.4.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v2.3.1...v2.4.0) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [junit-bom](https://github.com/junit-team/junit5) from 5.8.1 to 5.8.2. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit5@r5.8.1...r5.8.2) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [mockito-core](https://github.com/mockito/mockito) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.1.0...v4.2.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Updates Gradle to 7.3. Includes a modification to the Docker builder image to use a Gradle image rather than a JDK and the Gradle wrapper, as this allows caching of the Gradle image and possibly any interim steps rather than having to use the wrapper to download the full Gradle distribution on every build.
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v2.4.0...v2.5.0) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps jackson-datatype-jsr310 from 2.13.0 to 2.13.1. --- updated-dependencies: - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [assertj-core](https://github.com/assertj/assertj-core) from 3.21.0 to 3.22.0. - [Release notes](https://github.com/assertj/assertj-core/releases) - [Commits](assertj/assertj@assertj-core-3.21.0...assertj-core-3.22.0) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [mockito-core](https://github.com/mockito/mockito) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.2.0...v4.3.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.5.0 to 3. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v2.5.0...v3) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps jackson-datatype-jsr310 from 2.13.1 to 2.13.2. --- updated-dependencies: - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [mockito-core](https://github.com/mockito/mockito) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.3.0...v4.4.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. - [Release notes](https://github.com/actions/cache/releases) - [Commits](actions/cache@v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…ditions The plugin previously only provided support for auto-detecting and configuring the scanner properties for a Pull Request in Azure Devops and a Merge Request or Branch in Gitlab CI. The Sonarqube documentation also stated that Bitbucket Pipelines, Github Actions, CodeMagic, Jenkins Branch API, and Cirrus CI could also be used to auto-discover Pull Request or Branch information although the plugin did not provide these. This change adds support for detecting these additional CIs based on the various environment variables they provide, and to auto-configure Pull Request or Branch parameters in the scanner when a suitable build job is detected. Includes the general clean-up of the creation of Branch and Pull Request configuration to force fail-fast behaviour where target branches are not provided or can't be matched against known branches, to ensure the correct reference branch is selected for Pull Request analysis, and to force an error to be displayed if a user mixes Pull Rrequest and Branch parameters in their launch properties.
The Bitbucket clients require different properties to be used from the relevant configuration DTOs depending on whether Bitbucket cloud or server are being used, with the management of the property retrieval being delegated to the relevant client implementation. However, this requires each client to reference DTO classes from Sonarqube core, where the clients should really only interact with their own models. As the work on retrieving the relevant details has already been performed in the `DefaultBitbucketClientFactory`, the logic for performing the retrieval has been removed from each client implementations, and the calculated values are passed into the constructor for each client instead. This does make each client instance constrained to a single repository, but given the way the clients are used within the decorators and validators, this isn't an issue. The client API has therefore been altered to remove the references to project and repository in any method signatures since the client now retrieves this internally from the client configuration. The clients have also been altered now to depend directly on the status from the Quality Gate, with a new enum being used by the client to indicate the report status, and the decorator performing the mapping between the Quality Gate and report status. Finally, to allow for the `DefaultBitbucketClientFactory` to have a single constructor rather than a test-specific constructor, the facility for creating an Http Client has been moved into an `HttpClientBuilderFactory` and this new class configured for injection in both the Compute Engine and server components.
The GithubClient interface exposes a method that takes various Sonarqube core classes and plugin constructed data as arguments and returns a `DecorationResult`, all of which are items that the upstream decorator should be aware of, but not the client responsible for communicating with Github. Similarly, the `GraphqlGithubClient` had locally constructed a `MarkdownFormatterFactory`, `DefaultGraphqlProvider`, and `Clock` as well as requiring a Sonarqube `Server` instance for instantiation, with the local construction requiring a second constructor to be included purely for testing, and the `Server` instance requiring the client have knowledge of Sonarqube's structure rather than being passed a client configuration that had no external dependencies in it. This change alters the GithubClient implementation to use dependency injection for all re-usable objects, and introduces a Github specific object for submitting a check run, rather than relying on the `AnlaysisDetails` object used in the plugin. The use of the settings DTOs has been removed from the client, with the details being used in the client factory and the relevant details being persisted in the client from the constructor invocation. To support this, the `MarkdownFormatterFactory` has been setup to be exposed for constructor injection in Compute Engine components, and the `DefaultGraphqlProvider` exposed in both Compute Engine and Server scopes. The requirement of passing a `projectPath` inside the GithubClient has also been removed, with the repository name and owner login being extracted during the authentication phase and stored in the token for the client to use them where needed.
The Formatters for generating the analysis report are created by a FormatterFactory, but then need a formatter factory passed into them during execution. This allows a potential scenario where a Formatter could be passed a FormatterFactory for a different output type so generate invalid content type, as well as causing a non-optimal API. This change alters the FormatterFactory to be the component that is aware of how to create Formatters for child components, rather than the formatters doing this, therefore removing the need for a FormatterFactory to be made available in formatters.
The text renderer for the `MarkdownFormatterFactory` had been performing a `trim` on any inputs, which caused the single whitespace entries being added as spacers after some inline images to be removed. As the structure of the document should be presumed to match what the generating component requires, it's unnecessary for the renderer to attempt to alter this structure whilst rendering to a relevant document format. Instead, any constraints on formatting should be left to the system rendering the generated output.
The access to metrics from a Pull Request analysis is exposed through an `AnalysisDetails` instance, which also provides the ability to extract a formatted report. As a number of the metrics used in the summary report need to be retrieved through various additional DAOs, and as the resolution of URLs for links and images requiring access to core Sonarqube configuration, `AnalysisDetails` holds references to a high number of classes from Sonarqube's core. Some of those core Sonarqube classes are also referenced directly in some decorators which don't make use of the summary report but need equivalent metrics to those shown in the summary which means some searching logic is duplicated across the plugin. This change pulls the report generation into a `ReportGenerator` class, with the report being an interim set of collected metrics that each decorator can extract required information, or generate a formatted report from.
The key for the Code Insights report uses a static value which results in any report submitted by Sonarqube overwriting any existing report, even where reports are submitted from different projects, such as would happen in a mono-report setup. The report key is therefore being changed to use the project key, so that repeated scans from a single project continue to overwrite each other, whilst scans against the same repository from different projects will allow new reports to be submitted without altering existing reports.
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v2...v3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
The character encoding is being set in Gradle to ensure that the build doesn't use Operating system specific encodings that will cause differences between builds of the same code on different machines.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [javassist](https://github.com/jboss-javassist/javassist) from 3.28.0-GA to 3.29.0-GA. - [Release notes](https://github.com/jboss-javassist/javassist/releases) - [Commits](https://github.com/jboss-javassist/javassist/commits) --- updated-dependencies: - dependency-name: org.javassist:javassist dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps jackson-datatype-jsr310 from 2.13.2 to 2.13.3. --- updated-dependencies: - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [mockito-core](https://github.com/mockito/mockito) from 4.4.0 to 4.6.0. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.4.0...v4.6.0) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
The wiremock based tests currently fail if another service is running on on port 8080, and other tests fail with newer dependencies due to changes in recursive comparisons. The wiremock tests are being altered to use a random port for runs to prevent port conflict, and the tests comparing HTTP entities are being altered to extract the InputStream for comparing the contents from.
Bumps [assertj-core](https://github.com/assertj/assertj-core) from 3.22.0 to 3.23.1. - [Release notes](https://github.com/assertj/assertj-core/releases) - [Commits](assertj/assertj@assertj-core-3.22.0...assertj-core-3.23.1) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Repository slug and project key got mixed up for the Bitbucket server config causing Sonar to not find the repo defined in the ui on Bitbucket
Bitbucket throws an error when a report contains a percentage element with a null value. The code coverage and duplication metrics are now nullable in the report data passed around the plugin, bit the Bitbucket decorator does not check or replace nulls from these fields. This change alters the report publishing to check for nulls in either of the coverage or duplication fields and uses Zero in their place.
Bumps [mockito-core](https://github.com/mockito/mockito) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.6.0...v4.6.1) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [logging-interceptor](https://github.com/square/okhttp) from 4.9.3 to 4.10.0. - [Release notes](https://github.com/square/okhttp/releases) - [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md) - [Commits](square/okhttp@parent-4.9.3...parent-4.10.0) --- updated-dependencies: - dependency-name: com.squareup.okhttp3:logging-interceptor dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Re-formats the README to limit the line lengths to improve editing and readability of the raw format, and fixes some references to paths and configuration that has changed in recent versions of Sonarqube but is no longer accurate in the README.
When creating the link from Sonarqube to an Azure Devops Pull Request, the URL of the owning repository is used as a base for the URL. If the Azure DevOps API returns a URL containing user authentication details then this is included in the resulting link, even though the details may not be valid for a front-end user. The authentication detail is therefore being stripped from the URL before the Pull Request URL is generated.
davidk81
reviewed
Nov 15, 2022
davidk81
approved these changes
Nov 15, 2022
akibabu
approved these changes
Nov 15, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.