Thanks Colin, I appreciate your time and expertise in replying.
I’m banking the first approach as a backup option, and thanks for the advice on how to link it up.
I’m looking more at the second approach, using this custom YAML plugin’s Forbidden Key Check which seems to offer enough grunt to look for the non-compliant files that I’m hunting when combined with “Only apply specific rules to specific files”.
However, I am at a stop point again with that approach, as it shows the added Quality Profile (with the custom Rule) against my tested project (from → Project Settings → Quality Profiles → Choose which profile is associated with this project on a language-by-language basis. Shows Java, XML, YAML with 405, 24, 20 active rules), but only the java Quality Profile’s Rules are being reported after a gradle build is run. Even though the added XML and YAML Quality Profiles show up as being active in localhost:9000, none of their Rules are reported failing (despite goofing some code in the XML and YAML files to trigger it), while some of the java Rules report failing and I can make more trigger by goofing more java code.
Is there some magic to running added XML and YAML (or other) Quality Profiles alongside a Java Quality Profile on a Project? As I say, the UI shows them existing but none of their Rules fail. (A local suggestion was “Sonar-scanner for multiple languages in one SQ project using Applications” but I’m unsure if it’s the same situation testing passive XML and YAML alongside Java, versus Java alongside .NET etc.
Ideally, even then, we don’t want to have to pick through hundreds of projects and set these Quality Profiles per project, we’d rather have some enterprise default that includes YAML testing for all Java projects by default.
(Note I’m running Community Edition locally while testing this, but the outcome will be put into an Enterprise version running on the client’s system once I work out how to configure it.)
Thanks again for any help.
(PS: looking into this answer at present: Unable to configure multiple custom Quality Profiles to our Project in SonarQube - #3 by gdhingra)
(PPS: Ok, when I look at the Project → Information → Lines of Code I see “Java 557” and nothing else. So it’s not seeing the XML/YAML lines of code. I think there might be an inclusions filter in the Gradle settings imported from a proprietary Gradle plugin or something like that perhaps. Digging deeper.)
(PPPS: dug a lot, I was able to filter in and out assorted java files with the sonarqube properties in build.gradle, but nothing made the YAML tests come to life or show the inclusion of YAML files in the “lines covered” result.)
Regards
Rob