-
Notifications
You must be signed in to change notification settings - Fork 48
Adding SonarQube-ecoCode container image #137
Conversation
Editing docker-compose accordingly
hello @obeone , |
Yes, I will :) I was waiting for some interest before dealing with merging latest commits. I work on it quickly |
Kudos, SonarCloud Quality Gate passed! |
(Sorry for all the mails you received, I didn’t realized you got mail on every push…) So, repo is up-to-date. Failed docker build on this repos is normal, I don’t have rights to push on it. On my fork, everything build and push correctly : |
hello @obeone, it's a good idea to improve docker installation system. But there is another PR with the same kind of idea : see #89 My feedbacks of this PR :
|
Hi @dedece35, I answered on PR #89. GitHub Workflow is a CI/CD tool (GitHu giving free compute time), so there is no need to have someone who build container, push it etc... It's automatic, and allow an always up-to-date container, built only once for everyone. |
@obeone, Thanks for explanations, I know what CI/CD is and concepts : in my society we used Jenkins in a custom CI/CD, but we are migrating to gitlab CI. I just don't known how github workflows works. But thank you. In conclusion, your solution is ready to be merged. Thus, I agree to merge this PR, and then make improvements to manage dynamically plugin versions and sonarqube versions. |
Sorry if my message could have seemed condescending, it was not the idea at all! 😬 Here is my limit : I don't do Java. Clearly we can do better, in particular for the plugins version. For SonarQube version, plug-ins in June wasn't compatible with latest version. It's better to fix version (at least major number) to avoid an unexpected update. Since then, I have clearly made progress on Dockerfiles. If a Java developer is motivated to think together a little about doing better, it's with pleasure! |
Hi everybody, I'm not sure of the implementation direction. First question, who is the target of this plugin ? Another risk which isn't analyse, is the question of licence. You are distributing an image from sonarsource with a new licence GPLv3 due to contamination. Previous analyse wasn't check this aspect. However, +1 about multistage Dockerfile. It's a good idea ! Best regards, |
Hi @obeone, @Silicoman, First of all, thank you for interesting answers. @obeone, there is no problem with "condescending" message. I don't understand it like this. But I'm also agree with @Silicoman. What do you think about it @jules-delecour-dav, @glalloue , @olegoaer, @mdubois81 ? regards. David. |
I agree with @Silicoman, and for me the end goal is to automatically generate a plugin and adding it in Sonarqube Marketplace. Docker should be use only for development and testing in our case. Regards, |
Hi everyone, I’m not sure about the target. I think many users can come from elsewhere, but want to begin doing better on there code. My goal, with this Dockerfile, is because I know want I’m doing when I’m looking for a new tool : some words on search engine, and ctrl+click on various link. I like to be able to quick try (I’m sure it’s not only me), and this is the idea here. First run, next ones on colleagues computer etc. Install in the company CI/CD process is the very last process, using there owns docker-compose/k8s manifests, but I think we lost a lot of people before @dedece35 You’re right, JAR alone would be very useful too, and it’s possible to export the JAR files in the same process. About licences, AFAIK it’s ok, ecoCode is under GPLv3 and SonarQube is LGPLv3, which are compatible |
Hi @obeone , |
Hi @obeone @dedece35 @MP-Aubay @Silicoman |
It use a multistage Dockerfile, so a maven container is used to build jar files, and they are just copied in SonarQube image, without building tools.
I updated documentation to add the docker command on main README (to allow quick test), and in INSTALL documentation, I divided it in three parts : quick start (test version), production version (dockerfile, with this image + postgresql) and a development version, with detailed build instructions and docker-compose start (almost all the original instruction).
I pushed a manual build on my package repos but it can be automatised