SonarQube issues plugin

[martindstone]

Background

This is a simple plugin to show SonarQube issues in Cortex

This PR

This PR adds the SonarQube issues plugin

Checklists

Security

• Security impact of change has been considered
• Code follows company security practices and guidelines

[jreock]

This is slightly bugged, we should be pulling newBaseUrl as an optional value before attempting the fetch. I am running SonarQube locally and exposing a URL with ngrok, and I noticed that when I use a custom URL (check out my config in the justinreock-sandbox tenant), the service never actually gets hit. That's because if the endpoint isn't sonarcloud.io and since you are using await, the exception will trigger on the event loop before newBaseUrl has a chance to populate. I tested by adding some console logging:

newBaseUrl = data.info["x-cortex-definition"]["sonarqube-url"]; console.log("Switching to updated URL" + newBaseUrl); } catch (e) {} setBaseUrl(newBaseUrl); console.error("Trying new base URL" + newBaseUrl);

And you can see in the console that the variable is undefined:

Despite the plugin configured as:

[martindstone]

the key in your entity is named wrong; it should be sonarqube-url not sonarqube-api-url so in this case your service should not get hit and the plugin should try to use https://sonarcloud.io.

That said, we should not be trying to set baseUrl to undefined ever... I'll fix that, let me know if there is another bug here

[martindstone]

i am thinking to do like this

  useEffect(() => {
    if (!context?.apiBaseUrl) {
      return;
    }
    const fetchPluginConfig = async (): Promise<void> => {
      console.log("Fetching plugin config");
      let newBaseUrl = "https://sonarcloud.io";
      try {
        const response = await fetch(
          `${context.apiBaseUrl}/catalog/sonarqube-plugin-config/openapi`
        );
        const data = await response.json();
        const baseUrlFromEntity = data.info["x-cortex-definition"]["sonarqube-url"];
        console.log("baseUrlFromEntity is ", baseUrlFromEntity);
        if (baseUrlFromEntity) {
          newBaseUrl = baseUrlFromEntity;
        }
      } catch (e) {
        console.log("Failed to fetch plugin config", e);
      }
      console.log("Setting base url to ", newBaseUrl);
      setBaseUrl(newBaseUrl);
    };
    void fetchPluginConfig();
  }, [context?.apiBaseUrl]);

so that if the plugin-config can't be fetched, I get

if the plugin-config exists but doesn't have the key (your situation) I get

and if the plugin-config exists and has the key, I get

[jreock]

Nice! Testing this now.

[jreock]

Aha, and the reason I was missing a key is because the docs say to use sonarqube-api-url, but the code is looking for sonarqube-url:

Will comment in the readme!

[jreock]

Docs ask for the sonarqube-api-url key, but the code is checking for sonarqube-key:

[jreock]

One more tweak and then I'm good to sign off! At the beginning, the README specifies:

If the cortex.yaml has a SonarQube Project defined in its x-cortex-static-analysis configuration, it will query for issues pertaining to that project. For example:

And the example shows:

openapi: 3.0.1 info: title: Funrepo description: it is a fun repo x-cortex-git: github: alias: cortex repository: martindstone-org/funrepo x-cortex-tag: funrepo x-cortex-type: service x-cortex-static-analysis: sonarqube: **project: martindstone-org_funrepo**

I think we need to call out specifically that the value in x-cortex-static-analysis.sonarqube.project needs to specifically match the project key in SonarQube and not the project name. That tripped me up once I got the authentication working, I started using the project name and it just wasn't retrieving issues, switched to project key and it works like a charm!!

[jreock]

LGTM, thanks for the quick turnaround on all the changes @martindstone !!