Hello all, I just installed Sonarqube Community in my environment and everything is working perfectly. But I am checking if there is any way to customize the onboarding instructions to connect new repositories to the SQ instance, for 2 reasons.
First, the SQ instance is in a private address, accessible only from our private network. This leads to the github workflow file needing to run in a self hosted runner. I would like to change the workflow suggested by the onboarding screen to reflect this.
Secondly, we don’t like each developer using his personal SQ account to setup the tokens. This can (and will) lead to expirations in several different dates, which will disrupt the CI/CD workflows. We prefer to use a single token for all private repositories and use a github organization secret. If we could customize the text of the onboarding screen, we could reflect these and avoid needlessly creating tokens which we do not need.
I am using Sonarqube community version 9.9LTS, deployed using zip.
I’ve moved your topic to the Product Manager for a Day category since this functionality doesn’t exist.
There are a couple options here:
revoke developers’ rights to create new projects and create them all centrally. It may sound like I’m being flip with that suggestion, but I’m not. I understand it may not be feasible from a volume perspective, but it would definitely control how projects were created
tell developers (sorry, not by customizing the onboarding; that’s not currently available) to simply not use the tokens created at project onboarding. I believe you should be able to centrally configure your org-wide analysis token, and have it kick in if a token isn’t provided locally in the project configuration.
And I’m going to flag this thread for Product Manager attention, since I think they’ll probably be interested.