Update Sonar setup for private projects

ArBridgeman · ArBridgeman · commit a2fc675d2250 · 2025-06-17T09:53:10.000+02:00
diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md
@@ -2,26 +2,44 @@
 
 ## Summary
 This version of the PTB adds nox task `sonar:check`, see #451. This allows us to
-use SonarQube Cloud to analyze, visualize, & track linting, security, & coverage. In
-order to properly set it up, you'll need to do the following instruction for each **public** project.
-At this time, PTB currently does not support setting up SonarQube for a **private** project.
+use SonarQube Cloud to analyze, visualize, & track linting, security, & coverage. To
+set it up, you'll need to execute the following instructions.
 
+### For a public project
 1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
     ```python
-        source: Path = Path("exasol/toolbox")
-    ```
-2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner).
-3. Activate the SonarQubeCloud App
+        source: Path = Path("exasol/<project-source-folder>")
+   ```
+2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the [SonarQubeCloud App](https://github.com/apps/sonarqubecloud)
 4. Create a project on SonarCloud
 5. Add the following information to the project's file `pyproject.toml`
     ```toml
+
         [tool.sonar]
         projectKey = "com.exasol:<project-key>"
         hostUrl = "https://sonarcloud.io"
         organization = "exasol"
-    ```
+   ```
 6. Post-merge, update the branch protections to include SonarQube analysis
 
+### For a private project
+1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    ```python
+        source: Path = Path("exasol/<project-source-folder>")
+   ```
+2. Add the 'PRIVATE_SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the [exasonarqubeprchecks App](https://github.com/apps/exasonarqubeprchecks)
+4. Create a project on https://sonar.exasol.com
+5. Add the following information to the project's file `pyproject.toml`
+    ```toml
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonar.exasol.com"
+        organization = "exasol"
+   ```
+6. Post-merge, update the branch protections to include SonarQube analysis from exasonarqubeprchecks
+
 ## ✨ Features
 * #451: Added nox task to execute pysonar & added Sonar to the CI
 
diff --git a/doc/user_guide/getting_started.rst b/doc/user_guide/getting_started.rst
@@ -202,16 +202,16 @@ We also need to configure settings for github-pages environment:
 8. Set up for Sonar
 +++++++++++++++++++
 PTB supports using SonarQube Cloud to analyze, visualize, & track linting, security, &
-coverage. In order to properly set it up, you'll need to do the following instructions
-for each **public** project. At this time, PTB currently does not support setting up
-SonarQube for a **private** project.
+coverage. In order to set it up, you'll need to do the following instructions.
 
+For a **public** project
+^^^^^^^^^^^^^^^^^^^^^^^^
 1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
     .. code-block:: python
 
-        source: Path = Path("exasol/toolbox")
-2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner).
-3. Activate the SonarQubeCloud App
+        source: Path = Path("exasol/<project-source-folder>")
+2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the `SonarQubeCloud App <https://github.com/apps/sonarqubecloud>`_
 4. Create a project on SonarCloud
 5. Add the following information to the project's file `pyproject.toml`
     .. code-block:: toml
@@ -222,7 +222,21 @@ SonarQube for a **private** project.
         organization = "exasol"
 6. Post-merge, update the branch protections to include SonarQube analysis
 
-
+For a **private** project
+^^^^^^^^^^^^^^^^^^^^^^^^^
+1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    .. code-block:: python
+        source: Path = Path("exasol/<project-source-folder>")
+2. Add the 'PRIVATE_SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the `exasonarqubeprchecks App <https://github.com/apps/exasonarqubeprchecks>`_
+4. Create a project on https://sonar.exasol.com
+5. Add the following information to the project's file `pyproject.toml`
+    .. code-block:: toml
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonar.exasol.com"
+        organization = "exasol"
+6. Post-merge, update the branch protections to include SonarQube analysis from exasonarqubeprchecks
 
 9. Go 🥜
 +++++++++++++
