Thursday, June 8, 2017

How to filter or exclude files in SonarQube from scanning?

When you have third party Java script libraries in your web app, SonarQube may scan them and report defects. You can exclude it from Scanning in two ways as given below:

1. Add below entry in pom.xml
        <sonar.exclusions>app/node_modules/**, src/main/webapp/**, app/dist/**</sonar.exclusions>

2. You can also apply exclusions in SonarQube server as well, steps below
  1. Go to sonarQube, select the project you need.
  2. Go to administration,
  3. Click on general settings,
  4. Click on analysis scope
  5. click on files, add files in textbox of Source file exclusions.

    Sunday, June 4, 2017

    Top 10 Challenges in DevOps - Challenges in implementing DevOps - DevOps Challenges

    DevOps...It is no more a buzzword..You hear this word pretty much every day during your coffee break at work.

    Transitioning to DevOps requires a change in culture and mindset. One of the key benefits of DevOps is to remove silos (the communication barriers between teams) between development and ops teams.  Adopting DevOps to an organization always comes with a lot of challenges. Transitioning to DevOps requires a change in culture & mindset and much more. Let's look at the top 10 challenges and identify ways to overcome them.
    1. Cultural change, change in the mindset - Cultural change is the first hurdle any company needs to overcome quickly for adopting devops fully. People should be bit open and welcome this new process change for embracing devops.
    2. Not driven top-down, it should be bottom-up - Adoption should come up from ground up, can’t be a top down initiative. Devops starts with a couple of developers and ops folks working together on automation.
    3. New tools.. new skills - Learning and Adapting to new set of tools are the key for practicing devops. Teams also should be open for hiring resources with CI/CD and devops skills if they don’t have one.
    4. Not picking the right project to get started - It is better to find an existing application or small product (that has full SDLC life cycle) to remodel it into devops in incremental baby steps, earning small but solid wins along the way. This gives confidence to the teams.
    5. Not moving away from legacy systems and infrastructure - By migrating monoliths into microservices architecture with automation and continuous delivery can bring faster development.
    6. Business expecting quick results after DevOps adoption - Devops change does not happen overnight, it must be smooth and gradual. Business should have some patience to see results.
    7. Not automating fully - Pipeline with leaks - Automation should be 100 percent. Pipelines also should integrate with code quality tools such as SonarQube. By doing few things still manually would enable for human error and can slow things down.
    8. Not integrating QA automation in CI/CD pipelines - CI/CD pipeline is not fully complete without integrating QA automation execution. Both has to work together, not in silos.
    9. Dev and Ops team having completely separate tools set - Both dev and ops need to work together and identify the right tools set. Need to ensure that is aligned within the goals for the organization.
    10. Quantifying the impact to top management - This is probably the difficult challenge to overcome. Its first important to benchmark your current state. After that perform maturity assessment every two sprints and compare the results to see if there are any improvements. Looking at SonarQube dash board for reducing code quality defects. Also, scheduling a feedback session with actual users of the application to measure the success also helps.

    How to migrate Repos from TFVC to Git - TFVC to Git Migration

    Migrate code from Team Foundation Version control (TFVC) to Git

    You can perform the code migration by using an utility called TFS-Git. This is two-way cross platform tool used for migrating TFVC repositories to git. It can update TFS with changes committed to git as well. It works similar to git-svn tool.

    Two things are important for successful code migration.
    1. actual code base - each and every files is migrated
    2. change sets history - this includes entire history.

    Let us get into the crux of our migration.

    1. Tfs-git. (Download from here)
    2. git client.

    Configuration steps:
    1. Extract git-tf zip into local hard drive, lets say in C:\ drive, after extracting you should see a folder called C:\git-tf
    2. Add c:\git-tf to PATH env variable so that you can execute it from anywhere
    3. Go to command prompt, execute git-tf. You should see some commands. This tells git-tf is successfully installed.

    Migration is actually performed in three phases.
    1. Clone - download project files from TFVC repository by cloning into local machine.
    2. Prep - Set up and qualify downloaded projects for uploading git remote repository.
    3. Push - Execute push command for uploading into git remote repo

    1. Create a remote Git repo(target) in VSTS or where ever you are hosting Git repos.
    2. Go to command prompt, execute the below command for cloning the TFVC repo locally .
    git-tf clone http://<TFS Server Name>:Port/tfs/<CollectionName> "$/TeamProjectName" C:\MyProject –-deep
    --deep means it will include history for the repository.
    3. Now entire project repo is downloaded in your local machine C:\MyProject.
    We can upload into Git repo created in step 1 above. we need to add remote git repo.
    git remote add origin <git_url>
    where git_url could be -->
    4. git push origin master
    or git push head:branchname ---> you can execute this command if you like to migrate to a different branch and didn't want to migrate to master branch.
    This should push code from your local machine into remote Git repo.

    How to verify?
    It is recommended to verify two things to make sure we have successfully migrated.

    1. Comparing the number of commits between TFVC and Git
    Go to command prompt, execute the below command.
    git log --oneline
    This gives list of total commits in that project in one line. Count this total commits and go to TFVC, count the total number of change sets by going into that project , Code --> explorer --> History.
    Both numbers should match.

    2. Compare the total number of files in TFVC and Git(optional step)
    Go to TFVC, select the project. Download as a zip. Once downloaded, right click on the folder to see total number of files and folder. This should match with what we pushed into Git.
    • Depending on size and volume of source TFVC repository, cloning may take considerable amount of time.
    • Avoid doing migration when connected on VPN. It may slow down cloning depending on internet bandwidth.
    That's it! Happy Migration :)