sure! As I mentioned in the initial post, Bitbucket Cloud is our primary platform, which means all our closed-source code resides there. Our GitHub projects belong to the GitHub organization “mizool”. Below, I will assume we would create a corresponding SonarCloud organization with the same name.
(Note that currently, only one mizool project is analysed by SonarCloud, but we will definitely add more once we have successfully set up the GitHub SonarCloud app.)
So why use GitHub at all, and why not move over completely? When we started open sourcing some of our code, we decided we should do that where the majority of open source developers are active. But moving our closed-source code to GitHub as well would not only mean losing Bitbucket Pipelines and the tight integration with Atlassian Jira and Atlassian Confluence, it would also cause a large amount of migration work and increase running costs.
Here are a few aspects that are currently shared and some thoughts what to do about it.
- Our quality profile incub8 way is used both for our Bitbucket Cloud projects and the GitHub projects, and we would like to keep it that way.
- Having to maintain this manually in two organizations or by exporting from one and importing to the other is too cumbersome as the profile contains 473 rules. The comparison feature (very useful, by the way!) says there are 84 rules only in incub8 way, 5 rules are only in Sonar way, and 3 rules have a different configuration.
- Possible solution: building on top of my previous suggestion to allow making quality profiles public, SonarCloud could allow an organization (mizool) to reference a public quality profile of another organization (incub8).
- Our quality gate incub8 way is currently used only for our Bitbucket Cloud projects. The GitHub projects use a separate gate, mizool way. We aim to unify them.
- As setting up a quality gate is not much work, we could live with a manual process.
- Employees logged in to SonarCloud with their Bitbucket Cloud users can interact with the GitHub projects (comment/close issues, change configuration).
- Setting up the mizool organization using a GitHub user is okay.
- However, it would be a pain if people needed to be logged in to SonarCloud via a GitHub user to interact with the projects in the mizool SonarCloud organization.
- Background: A huge advantage of logging in via BitBucket Cloud is single sign on: Bitbucket Cloud user ➞ Atlassian ID ➞ G Suite.
- Possible solutions:
- I think it would be acceptable if we had to manually add the Bitbucket Cloud users as members of the mizool SonarCloud organization.
- That said, it would be great if people who have several SonarCloud accounts could link them, and organizations trusting one would automatically trust the other.
- Only our Bitbucket Cloud projects are private, the GitHub projects are public. Having two separate organizations would mean that incub8 is on the paid plan and mizool is on the free plan. That’s fine.
I would have to think a bit about how setting up and maintaining permissions and notifications would work in a two-organization world.
Hope this gives you some insight! Tell me if I can clarify things or help in another way.