Add ecoCode plugin to SonarQube Marketplace

[jycr]

it would be very useful to add those plugins on the SonarQube Marketplace.

The procedure is relatively straightforward. See: https://github.com/SonarSource/sonar-update-center-properties

If you are OK with this idea, and if you wish, I can do the work for you.

[dedece35]

Hello @jycr, it's a very good idea.
But, a few months ago, one sonarSource contact said us that it would not be possible so easy.
He wanted us to prove him that our plugin is quite relevant to integrate SonarQube Marketplace.
But if you want to test your idea, no problem.
Then, if you success to do it, we will talk about it internally.

(plop @glalloue, @jules-delecour-dav, @julien-hertout-neomades , @olegoaer , @mdubois81, @utarwyn )

[ganncamp]

Out of curiosity, who was that?

Because I don't remember saying that and I'm the one who typically vets new plugins

[jycr]

PR on SonarSource update-center-properties has been created: SonarSource/sonar-update-center-properties#389

[jycr]

@dedece35 : Do you have the administration privileges of the ecoCode project on Sonarcloud?
I think you have to define certain missing parameters to pass the "Quality Gate"

[dedece35]

@jycr
thank you for MR on SonarSource repo.
Yes I have administration rigths on sonarCloud. I've just configured the lack for quality gate computation. thank you for reminding :p (I saw this problem a while ago)
I've just push commits on our 3 projects (ecocode, ecocode-mobile, ecocode-linter) and quality gates are now computed. ecocode project has on security issue ... I will correct it.

Another point : there are also two other plugins for mobile part int repository https://github.com/green-code-initiative/ecoCode-mobile (one for andoird, one for IOS).
Could you complete your PR to add these two mobile plugins, please ?

[jycr]

I will create another PR for mobile plugins because the "non-mobile" plugins project has a Security Hotspot to fix (see: #69) for SonarCloud Marketplace validation:
https://sonarcloud.io/project/security_hotspots?id=green-code-initiative_ecoCode&sinceLeakPeriod=true

[jycr]

@dedece35 : where can I find/download:

• ecocode-android-0.0.x.jar (for SonarQube 8.x compatibility)
• ecodecode-sonar-ios-plugin-0.0.x.jar (for SonarQube 8.x compatibility)
• ecodecode-sonar-ios-plugin-0.1.x.jar (for SonarQube 9.x compatibility)

?

[dedece35]

Hi @jycr,
for mobile plugins, you can find releases here : https://github.com/green-code-initiative/ecoCode-mobile/releases
there isn't release for ios yet.

there will be the first 1.0.0 release for 2 mobile plugins (android and ios) soon (ecoCode-mobile).
the same for standard part (ecoCode).

there is no 0.2.0 because is the current version in development.

[jycr]

@dedece35 : thanks for this information.
So, I can only create PR for Android plugin.

Is ecocode-android-0.1.0.jar compatible with latest version of SonarQube (from 8.9.+ to 9.9 included) ?

[dedece35]

@jycr yes as mentionned here : https://github.com/green-code-initiative/ecocode-mobile

[jycr]

As mentioned here : https://github.com/green-code-initiative/ecocode-mobile , v0.1.0 not compatible from 8.9 to 9.3

[jycr]

PR on SonarCloud marketplace for ecoCode-android 0.1.0 (for SonarQube 9.4+): SonarSource/sonar-update-center-properties#390

[jules-delecour-dav]

Out of curiosity, who was that?

Because I don't remember saying that and I'm the one who typically vets new plugins

To clarify, we wanted to impletement index on the Sonarqube Dashboard in order to add "Green bugs" next to "Bugs and vulnerability. What we understood was our plugin needed to be embedded in the "core" code of Sonarqube to access to this dashboard. Last year we met Sonarsource team and they recommended us to prouve that "Green rules" were relevant with tests and measurements (we started this work few month ago and you can see on some rules oh PHP, the result).

Not sure that was directly linked to Sonarqube Marketplace. It could be very interesting to integrate the plugin to your Marketplace if it checks all your requierements

[ganncamp]

Thanks for that detail. It makes more sense now.
While you can add extra pages under a 'More' menu (it shows up once there are pages that go under it) you can't modify what shows up on the homepage.

[jycr]

PR for mobile plugins has been merge with SonarSource/sonar-update-center-properties#389

@dedece35 : do you know when iOS plugin will be released?

[dedece35]

@jycr
android and iOS plugins will be released soon to 1.0.0 version .... once PR green-code-initiative/ecoCode-android#4 will be merged (we are working on it).

[jycr]

@dedece35 : As soon as a release for a plugin will be available with the correct pluginKey, I will submit again a request to SonarSource Marketplace for the corresponding plugin(s).

Also, SonarSource needs to be able to test the plugin on their side. Is there a procedure that I could send them so that they can test all the features offered?

[ganncamp]

I assume this is just rules? So I just need a project appropriate for each language (or one to rule them all?) so I can take a look at some representative issues. To be clear, I don't need to see every rule in action. I just need to get an idea of how it works / looks

[olegoaer]

I assume this is just rules? So I just need a project appropriate for each language (or one to rule them all?) so I can take a look at some representative issues. To be clear, I don't need to see every rule in action. I just need to get an idea of how it works / looks

Hello. For ecoCode Mobile, the complete list of rules to implement in the plugin is here: https://github.com/cnumr/best-practices-mobile

[ganncamp]

I'll see the rules once I load up the plugins in a test instance. I need to run the rules against some sample projects.

[olegoaer]

For sake of simplicity, you can access our public/demo running instance here : https://sonarqube.ecocode.io/

Click on More Options. Then :

• login: summer-school
• password: Hf6kt

Browse the Android project name webinar_demo

[ganncamp]

I need to run this myself. Can you point me to those projects to I can clone & analyze them? Also, I'll need to run analysis for each plugin.

[olegoaer]

I need to run this myself. Can you point me to those projects to I can clone & analyze them? Also, I'll need to run analysis for each plugin.

You can analyse these two Android apps:

1. https://git.univ-pau.fr/summer-school/QuelPrixImmo.git
2. https://git.univ-pau.fr/summer-school/uppamaps.git

[dedece35]

@jycr, regarding "conflicts" on rule keys ... no problem, after checking and reflexion I undertsand : the same key for the same rule in different languages.
I'm OK.

[jycr]

Hi @jycr I saw you added some "non compliant" comments on some files Can you explain me why ? and what does that mean ? Are we supposed to change something later where you set the comment ?

@glalloue: Those modifications were made to meet @ganncamp's request:

At least one Noncompliant Code Example doesn’t include a //Noncompliant comment. Without it I, as a user, spend a lot of time going back and forth between the two code samples to figure out what changes & why.

[jycr]

@jycr, regarding "conflicts" on rule keys ... no problem, after checking and reflexion I undertsand : the same key for the same rule in different languages.

It's exactly that! :)
See @ganncamp's advice:

So there’s no need to differentiate rule key prefixes across languages. In fact, it’s better if the keys line up across languages for what’s essentially the same rule.

[glalloue]

thanks @jycr all clear !

[dedece35]

Hi @jycr,
release 1.1.0 done : https://github.com/green-code-initiative/ecoCode/releases/tag/1.1.0

you can play with it :p

[jycr]

The ecoCode plugins for Java, PHP and Python have been published on the SonarSource Marketplace.

I suggest closing this ticket.

For other plugins, I think it's best to create a specific ticket for each one.