Thank you for this amazing products. My environment below:
- Operating system: CentOS 7.9.2009
- SonarLint plugin version: 3.20.2
- Programming language you’re coding in: Python
- Is connected mode used: Connected to SonarQube 9.9
I have an issue with keeping connected mode between vscode restart. I manage to set the token and SonarQube URL with sonarlint UI, the connection work well, but it get lost when i restart vscode.
I serve vscode as web app (using code-server) and i manage vscode settings at each code-server start.
My current workaround is to set « token » in vscode settings, a sonarlint popup detect it and propose to migrate the token in a secure vscode storage. This work, but i keep having the popup each time i restart my code-server (vscode). Is it possible to automate the migration of token from settings to secure storage, avoiding to systematically ask users to migrate it ?
Thank you in advance
Hi @takikadiri, and welcome to the Sonar community forum!
Storing the token in clear within VS Code settings is a deprecated feature; this is why we display the notification proposing to migrate them. If I understand correctly, with code-server, there is no way to persist VS Code storage across IDE restarts, is that correct?
Currently, we don’t provide a feature to automate the deployment of SonarLint with connected mode, and it is an area that we’re exploring; would you mind sharing a bit about the context in which you use code-server (what kind of application you develop, how many developers, why using VS Code in the browser)?
Thanks in advance,
We’ve developed a platform that serve multi-user web based tools, including code-server. It is used as a cloud development environment for data science & AI developments. The main reasons for developing such platfom, is performance (CPU, RAM, GPU), security and developer efficiency (faster onboarding, managed configs, …).
Regarding the secure storage of code-server, i don’t manage to keep the token peristed, and even if it is persisted in the current worker of the platform, the user may end up in another worker at the next restart of code-server.
The gitlab worklow extension solve this use case (ephemeral dev env instances) by absorbing gitlab token from environment variable.
Hope this help clarify the context
thanks for the context @takikadiri ! Although for now, I can only confirm SonarLint does not offer such a possibility, there is a feature idea in our roadmap that if implemented should be useful to you.
This is purely under consideration for now, so I don’t have an ETA to share, but you can subscribe to the card to receive updates in case that moves on.