SonarQube has to be able to communicate with other tools in an ALM system such as wallboards, CI tools, artifact repositories, etc. Some of the examples that we already have in mind:
- As a developer each time a Dory analysis is finished, I want to notify Burgr of quality gate status
- As an artifact repository manager, I want to attach QG information to an artifact
- As a devops, I want to notify Jenkins 2.0 that the next step of the pipeline can be started
- As a tooling team, I want to push notification of QG status to a wallboard, to HipChat & co.
As a SonarQube administrator, I want to configure the URL of a third-party system that I want to notify once an analysis has been processed by the Compute Engine.
- I expect to be able to configure it globally (will apply to all projects) or per project
- First version won't support authentication
- I expect the URL to be called with the payload once an analysis has been processed
- Even if the analysis has failed or has been canceled - in which case the payload should be adapted
- To check: what happens when there's a server restart?
- For each webhook call, I expect SonarQube to keep track of the status of the request (on each project)
- I expect to see the history (let's say limited to 10 items per project) for each webhook
- It should contain the HTTP status and the body
- It should also keep the payload that was sent and the URL that was called (for debugging purposes)
- Note: for this first implementation, we can skip the UI if we don't have time and implement it later (but we should have the WS to query the history)
URL's and additional properties will be specified in the UI
- As a first step, this can be done through standard property sets to not have to rely on Lambda team
- Later on, we'll be able to add a dedicated entry
- This will be a POST request
- HTTP and HTTPS must be supported
- A SQ-specific JSON payload will be sent via POST, containing:
- project key and name
- analysis id
- quality gate status and details
- and so on (see PostProjectAnalysisTask.java)
- extra data specified by the user in analysis properties with the naming convention sonar.analysis.xxx and added to the data block with variables? (e.g.: sha=$xxx)
- We will wait for a response for n seconds, where n is a value hard-coded internally.
In terms of permissions:
- "Administer System" is required to define global webhooks
- "Adminster Project" is required to define project webhooks and to see the history of the webhook calls