-
Story
-
Resolution: Won't Do
-
Normal
-
None
-
None
-
None
-
ONAP
Currently, Sonar scans run daily on the tip of the Git repos.
When triggering Sonar using "run-sonar" in any Gerrit, the Sonar job will run on the tip of the branch. Even if someone comments "run-sonar" on a non-merged Gerrit change, the job is designed to run on the tip of the branch, not on non-merged changes.
Talking to the security team in ONAP in ONS, they mentioned that Sonar supports now the capability of running on non-merged changes. The teams would like to see some Sonar scans before they can merge their patches and they wonder if we can enable this feature.
In the past, I know that running Sonar jobs on non-merged changes can mess up the reports and make them less reliable. Apparently, there is a way of allowing this.
More info on the blog ONAP pointed me to:
https://blog.sonarsource.com/three-options-for-pre-commit-analysis
More on our Sonar job:
https://github.com/lfit/releng-global-jjb/blob/master/jjb/lf-maven-jobs.yaml#L837