Merge pull request #2718 from guwirth/sq10-use-scanner-6

SQ-10: use sonar-scanner 6.x

.github/workflows/codeql-analysis.yml

@@ -46,15 +46,15 @@ jobs:
 
     # setup Java
     - name: Set up JDK Java ${{ matrix.java }} | ${{ matrix.distribution }} | ${{ matrix.os }}
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         java-version: ${{ matrix.java }}
         distribution: ${{ matrix.distribution }}
         cache: maven
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -65,7 +65,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -79,4 +79,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/cxx-ci.yml

@@ -308,8 +308,8 @@ jobs:
         os: [ubuntu-latest]
         java: [ '17' ]
         distribution: [ 'temurin' ]
-        sonarqube: [ '10.6.0.92116' ]
-        sonarscanner: [ '5.0.1.3006' ]
+        sonarqube: [ '9.9.6.92038', '10.6.0.92116' ]
+        sonarscanner: [ '6.1.0.4477' ]
 
     runs-on: ${{ matrix.os }}
     needs: [build-linux, verify-rules]
@@ -449,8 +449,8 @@ jobs:
         os: [windows-latest]
         java: [ '17' ]
         distribution: [ 'temurin' ]
-        sonarqube: [ '10.6.0.92116' ]
-        sonarscanner: [ '5.0.1.3006' ]
+        sonarqube: [ '9.9.6.92038', '10.6.0.92116' ]
+        sonarscanner: [ '6.1.0.4477' ]
 
     runs-on: ${{ matrix.os }}
     # needs build-linux because of JAR artifacts

integration-tests/features/boosttest.feature

@@ -33,10 +33,7 @@ Feature: Providing test execution measures
     When I run sonar-scanner with "-X -Dsonar.cxx.xslt.1.inputs=btest_test_simple-test_suite.xml -Dsonar.cxx.xunit.reportPaths=btest_test_simple-test_suite.after_xslt"
     Then the analysis finishes successfully
     And the analysis in server has completed
-    And the analysis log contains no error/warning messages except those matching:
-      """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
-      """
+    And the analysis log contains no error/warning messages
     And the following metrics have following values:
       | metric               | value |
       | tests                | 1     |
@@ -55,10 +52,7 @@ Feature: Providing test execution measures
     When I run sonar-scanner with "-X -Dsonar.cxx.xslt.1.inputs=btest_test_nested-test_suite.xml -Dsonar.cxx.xunit.reportPaths=btest_test_nested-test_suite.after_xslt"
     Then the analysis finishes successfully
     And the analysis in server has completed
-    And the analysis log contains no error/warning messages except those matching:
-      """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
-      """
+    And the analysis log contains no error/warning messages
     And the following metrics have following values:
       | metric               | value |
       | tests                | 4     |
@@ -78,8 +72,8 @@ Feature: Providing test execution measures
     And the analysis in server has completed
     And the analysis log contains no error/warning messages except those matching:
       """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
       .*WARN.*cannot find the sources for '.*'
+      .*WARN.*Preprocessor:.*
       """
     And the following metrics have following values:
       | metric               | value |

integration-tests/features/clangtidy.feature

@@ -9,10 +9,7 @@ Feature: Importing Clang-Tidy reports
     Then the analysis finishes successfully
     And the analysis in server has completed
     And the server log (if locatable) contains no error/warning messages
-    And the analysis log contains no error/warning messages except those matching:
-      """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
-      """
+    And the analysis log contains no error/warning messages
     And the number of violations fed is <violations>
     Examples:
       | reportpaths | violations |

integration-tests/features/common.py

@@ -125,26 +125,23 @@ def analyse_log(logpath, toignore=None):
     return badlines, errors, warnings
 
 def get_url_from_log(lines):
-    url = ''
     for line in lines:
-        if 'INFO: More about the report processing at' in line:
-            url = line.split('INFO: More about the report processing at')[1].strip()
-
-        if 'INFO  - More about the report processing at' in line:
-            url = line.split('INFO  - More about the report processing at')[1].strip()
+        if 'More about the report processing at' in line:
+            return line.split('at ')[1].strip()
 
-    return url
+    return ''
 
 def analyse_log_lines(lines, toignore=None):
     badlines = []
     errors = warnings = 0
     toingore_re = None if toignore is None else re.compile(toignore)
     for line in lines:
+        line = line.strip()
         if is_sonar_error(line, toingore_re):
-            badlines.append(line)
+            badlines.append(line + '\n')
             errors += 1
         elif is_sonar_warning(line, toingore_re):
-            badlines.append(line)
+            badlines.append(line + '\n')
             warnings += 1
 
     return badlines, errors, warnings
@@ -156,5 +153,5 @@ def is_sonar_warning(line, toignore_re):
     return (SONAR_WARN_RE.match(line) and not SONAR_WARN_TO_IGNORE_RE.match(line) and (toignore_re is None or not toignore_re.match(line)))
 
 def build_regexp(multiline_str):
-    lines = [line for line in multiline_str.split('\n') if line != '']
+    lines = [line.strip() for line in multiline_str.split('\n') if line != '']
     return re.compile('|'.join(lines))

integration-tests/features/coverage.feature

@@ -12,8 +12,8 @@ Feature: Importing coverage data
     And the analysis in server has completed
     And the analysis log contains no error/warning messages except those matching:
       """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
       .*WARN.*cannot find the sources for '#include <iostream>'
+      .*WARN.*Preprocessor:.*
       """
     And the following metrics have following values:
       | metric                  | value |
@@ -27,10 +27,7 @@ Feature: Importing coverage data
     When I run sonar-scanner with "-X"
     Then the analysis finishes successfully
     And the analysis in server has completed
-    And the analysis log contains no error/warning messages except those matching:
-      """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
-      """
+    And the analysis log contains no error/warning messages
     And the following metrics have following values:
       | metric                  | value |
       | coverage                | 94.4  |
@@ -51,9 +48,9 @@ Feature: Importing coverage data
     And the analysis in server has completed
     And the analysis log contains no error/warning messages except those matching:
       """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
       .*WARN.*cannot find the sources for '#include <iostream>'
-      .*WARN.*Cannot find a report for '.*'
+      .*WARN.*Property 'sonar.cxx.cobertura.reportPaths': cannot find any files.*
+      .*WARN.*Preprocessor:.*
       """
     And the following metrics have following values:
       | metric                  | value |

integration-tests/features/cppcheck.feature

@@ -16,7 +16,7 @@ Feature: Importing Cppcheck reports
     And the server log (if locatable) contains no error/warning messages
     But the analysis log contains a line matching
       """
-      WARN: The 'Cppcheck V2' report is empty.*skipping
+      WARN  The 'Cppcheck V2' report is empty.*skipping
       """
     And the number of violations fed is 0
 
@@ -35,7 +35,7 @@ Feature: Importing Cppcheck reports
     And the server log (if locatable) contains no error/warning messages
     But the analysis log contains a line matching
       """
-      WARN: Cannot find the file.*skipping
+      WARN  Cannot find the file 'component1\.cc'.*skipping
       """
     And the number of violations fed is 0
 
@@ -70,7 +70,7 @@ Feature: Importing Cppcheck reports
     And the server log (if locatable) contains no error/warning messages
     But the analysis log contains a line matching
       """
-      WARN: The 'Cppcheck V2' report is invalid.*skipping
+      WARN  The 'Cppcheck V2' report is invalid.*skipping
       """
     And the number of violations fed is <violations>
     Examples:
@@ -91,10 +91,7 @@ Feature: Importing Cppcheck reports
     Then the analysis finishes successfully
     And the analysis in server has completed
     And the server log (if locatable) contains no error/warning messages
-    And the analysis log contains no error/warning messages except those matching:
-      """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
-      """
+    And the analysis log contains no error/warning messages
     And the number of violations fed is <violations>
     Examples:
       | reportpaths      | violations |
@@ -116,7 +113,7 @@ Feature: Importing Cppcheck reports
     And the server log (if locatable) contains no error/warning messages
     And the analysis log contains no error/warning messages except those matching:
       """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
+      .*WARN.*Preprocessor:.*
       """
     And the number of violations fed is <violations>
     Examples:

integration-tests/features/environment.py

@@ -29,7 +29,7 @@
 from shutil import move
 from tempfile import mkstemp
 from common import analyse_log, get_sonar_log_file, cleanup_logs, print_logs
-from webapi import web_api_get
+from webapi import web_api_get, web_api_set
 
 
 BASEDIR = os.path.dirname(os.path.realpath(__file__))
@@ -50,15 +50,15 @@ def before_all(context):
     global SONAR_STARTED
 
     print('\n\n' + 80 * '-', flush=True)
-    print('starting SonarQube ...', flush=True)
+    print('setup SonarQube ...', flush=True)
     print(80 * '-', flush=True)
 
     print('\nSonarQube already running? ', flush=True)
     if is_webui_up():
         print('\n\tusing already running SonarQube\n\n', flush=True)
         return
 
-    print('\nSetting up the test environment', flush=True)
+    print('\nSetting up the test environment ...', flush=True)
 
     sonarhome = os.environ.get('SONARHOME', None)
     if sonarhome is None:
@@ -85,6 +85,17 @@ def before_all(context):
     SONAR_STARTED = True
     check_logs(sonarhome)
 
+    try:
+        print(f"\nCreate 'SONAR_TOKEN' for SonarScanner ...\n", flush=True)
+        url = ('/api/user_tokens/generate')
+        payload = {'login': 'admin', 'name': 'SonarScanner', 'type': 'GLOBAL_ANALYSIS_TOKEN'}
+        response = web_api_set(url, payload)
+        token = response.json()['token']
+        os.environ['SONAR_TOKEN'] = token
+    except:
+        print(f"\tCannot create 'SONAR_TOKEN' for SonarScanner.\n", flush=True)
+        sys.exit(1)
+
     print('\n\n' + 80 * '-', flush=True)
     print('starting tests ...', flush=True)
     print(80 * '-', flush=True)

integration-tests/features/googletest.feature

@@ -36,9 +36,9 @@ Feature: Providing test execution measures
     And the analysis in server has completed
     And the analysis log contains no error/warning messages except those matching:
       """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
       .*WARN.*cannot find the sources for '#include <gtest/gtest\.h>'
       .*WARN.*cannot find the sources for '#include <unistd\.h>'
+      .*WARN.*Preprocessor:.*
       """
     And the following metrics have following values:
       | metric               | value |
@@ -55,7 +55,7 @@ Feature: Providing test execution measures
     Then the analysis breaks
     And the analysis log contains a line matching:
       """
-      ERROR: Invalid xUnit report.*stop analysis
+      ERROR Invalid xUnit report.*stop analysis
       """
 
 
@@ -70,9 +70,9 @@ Feature: Providing test execution measures
     And the analysis in server has completed
     And the analysis log contains no error/warning messages except those matching:
       """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
       .*WARN.*cannot find the sources for '#include <gtest/gtest\.h>'
       .*WARN.*cannot find the sources for '#include <unistd\.h>'
+      .*WARN.*Preprocessor:.*
       """
     And the following metrics have following values:
       | metric               | value |
@@ -95,11 +95,11 @@ Feature: Providing test execution measures
     And the analysis in server has completed
     And the analysis log contains no error/warning messages except those matching:
       """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
       .*WARN.*cannot find the sources for '#include <gtest/gtest\.h>'
       .*WARN.*cannot find the sources for '#include <unistd\.h>'
-      .*WARN.*The report.*seems to be empty, ignoring\.
-      .*WARN.*Cannot find a report for '.*'
+      .*WARN .*The xUnit report.*seems to be empty, ignoring\.
+      .*WARN.*Property 'sonar\.cxx\.xunit\.reportPaths': cannot find any files.*
+      .*WARN.*Preprocessor:.*
       """
     And the following metrics have following values:
       | metric               | value |

integration-tests/features/json-db.feature

@@ -10,7 +10,7 @@ Feature: JSON Compilation Database support
     And the analysis in server has completed
     And the analysis log contains no error/warning messages except those matching:
       """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
+      .*ERROR.*preprocessor:.*
       """
     And the following metrics have following values:
       | metric     | value |          

integration-tests/features/regex.feature

@@ -9,10 +9,7 @@ Feature: Regex
     When I run sonar-scanner with "-X -Dsonar.exclusions=**/*-BOM-*.cc"
     Then the analysis finishes successfully
     And the analysis in server has completed
-    And the analysis log contains no error/warning messages except those matching:
-      """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
-      """
+    And the analysis log contains no error/warning messages
     And the following metrics have following values:
       | metric     | value |
       | ncloc      | 3     |
@@ -26,10 +23,7 @@ Feature: Regex
     When I run sonar-scanner with "-X -Dsonar.inclusions=**/utf8-BOM-*.cc"
     Then the analysis finishes successfully
     And the analysis in server has completed
-    And the analysis log contains no error/warning messages except those matching:
-      """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
-      """
+    And the analysis log contains no error/warning messages
     And the following metrics have following values:
       | metric     | value |
       | ncloc      | 3     |
@@ -43,10 +37,7 @@ Feature: Regex
     When I run sonar-scanner with "-X -Dsonar.inclusions=**/utf16-BOM-*.cc"
     Then the analysis finishes successfully
     And the analysis in server has completed
-    And the analysis log contains no error/warning messages except those matching:
-      """
-      .*WARN.*Unable to get a valid mac address, will use a dummy address
-      """
+    And the analysis log contains no error/warning messages
     And the following metrics have following values:
       | metric     | value |
       | ncloc      | 3     |