Skip to content

Commit

Permalink
Update documentation on setting up a SonarCloud project
Browse files Browse the repository at this point in the history
  • Loading branch information
stefaniuk committed Sep 11, 2023
1 parent fac3252 commit 3eb88b0
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

>| | |
>| ------------ | --- |
>| Date | `04/09/2023` |
>| Date | `11/09/2023` |
>| Status | `RFC` |
>| Deciders | `Engineering` |
>| Significance | `Construction techniques` |
Expand Down Expand Up @@ -136,7 +136,7 @@ This guide describes the essence of the fundamental aspects of GitHub authentica
To be executed by a GitHub organisation administrator:

- Identify the GitHub repository name for which the team has requested a GitHub App integration
- Create a shared email address [england.[repository-name][email protected]](england.[repository-name][email protected]) by filling in the `New shared mailbox request` form using the Internal Portal (ServiceNow)
- Create a shared email address [england.[repository-name][email protected]](england.[repository-name][email protected]) by completing the `New shared mailbox request` form on the Internal Portal (ServiceNow). For programmes with multiple repositories, consider an alternative naming such as [england.[programme-name][email protected]](england.[programme-name][email protected])
- Delegate access to this mailbox for the GitHub organisation owners, administrators and the engineering team
- Create a GitHub bot account named `[repository-name]-app` using the email address mentioned above. The bot account should not be added to the organisation; therefore, **no GitHub seat will be taken**. It serves as an identity, but authentication and authorisation are handled via the GitHub App. This avoids granting the bot admin permissions to the repository, enabling commits to be signed by that bot account. Access is controlled solely through the GitHub App.
- Use the `nhs.net` email address as the default and only email
Expand Down
25 changes: 24 additions & 1 deletion docs/user-guides/Perform_static_analysis.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,30 @@ Static code analysis is an essential part of modern software development. It pro

## Configuration checklist

- Contact the GitHub Admins via email to have your [SonarCloud](https://sonarcloud.io) project created within the organisation space
- Contact the GitHub Admins via email to have your [SonarCloud](https://sonarcloud.io) access set up. They will
- Create a Sonar project within the organisation space:
- Navigate to `+ > Analyze new project > create a project manually`
- Choose the appropriate organisation
- Set "Display name"
- Set "Project key" (it should be populated automatically)
- Set project visibility to "Public"
- After clicking the 'Next' button, set "The new code for this project will be based on" to "Previous version"
- Click "Create project"
- Add two new groups under `Administration > Groups`:
- `[Programme Name] Admins`
- `[Programme Name]`
- Assign members to the above groups accordingly
- Set group permissions under `Administration > Permissions`:
- For the `[Programme Name] Admins` group, assign:
- "Quality Gates"
- "Quality Profiles"
- Manage project permissions, navigate to `Administration > Projects Management` and select the project you created
- Click on `Edit Permissions`
- Search for `[Programme Name] Admins` group and assign the following:
- "Administer Issues"
- "Administer Security Hotspots"
- "Administer"
- Ensure that other groups do not have unnecessary permissions to administer this project
- Create a bot account for your service. For more details, please see this [note](../../docs/adr/ADR-003_Acceptable_use_of_GitHub_PAT_and_Apps_for_authN_and_authZ.md#recommendation-for-github-admins). This account should be given access to your project and must own the `SONAR_TOKEN` for security reasons. Use this account to complete the rest of the activities in the Sonar service
- Navigate to project `Administration > Analysis Method > Manually` and select `Other (for JS, TS, Go, Python, PHP, ...)`
- In the [sonar-scanner.properties](../../scripts/config/sonar-scanner.properties) file in your repository, set the following properties according to the information provided above
Expand Down

0 comments on commit 3eb88b0

Please sign in to comment.