Changes in 1c70eb3: Add sonarqube guideline

				README.md
			
          @@ -1,92 +1,5 @@

           # WIKI

          +## Sonarqube

          +- [Hướng dẫn tích hợp scan code](./sonarqube)

          -

          -## Getting started

          -

          -To make it easy for you to get started with GitLab, here's a list of recommended next steps.

          -

          -Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!

          -

          -## Add your files

          -

          -- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files

          -- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:

          -

          -```

          -cd existing_repo

          -git remote add origin https://gitlab-new.bap.jp/RDC/wiki.git

          -git branch -M main

          -git push -uf origin main

          -```

          -

          -## Integrate with your tools

          -

          -- [ ] [Set up project integrations](https://gitlab-new.bap.jp/RDC/wiki/-/settings/integrations)

          -

          -## Collaborate with your team

          -

          -- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)

          -- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)

          -- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)

          -- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)

          -- [ ] [Automatically merge when pipeline succeeds](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)

          -

          -## Test and Deploy

          -

          -Use the built-in continuous integration in GitLab.

          -

          -- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)

          -- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)

          -- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)

          -- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)

          -- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)

          -

          -***

          -

          -# Editing this README

          -

          -When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thank you to [makeareadme.com](https://www.makeareadme.com/) for this template.

          -

          -## Suggestions for a good README

          -Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.

          -

          -## Name

          -Choose a self-explaining name for your project.

          -

          -## Description

          -Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.

          -

          -## Badges

          -On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.

          -

          -## Visuals

          -Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.

          -

          -## Installation

          -Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.

          -

          -## Usage

          -Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.

          -

          -## Support

          -Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.

          -

          -## Roadmap

          -If you have ideas for releases in the future, it is a good idea to list them in the README.

          -

          -## Contributing

          -State if you are open to contributions and what your requirements are for accepting them.

          -

          -For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.

          -

          -You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.

          -

          -## Authors and acknowledgment

          -Show your appreciation to those who have contributed to the project.

          -

          -## License

          -For open source projects, say how it is licensed.

          -

          -## Project status

          -If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.

				sonarqube/readme.md
			
          @@ -0,0 +1,384 @@

          +

          +

          +[TOC]

          +

          +## 1. Provide a token

          +

          +https://sonar.bappartners.com/account/security

          +

          +- If you have the right to run the analysis code and publish it to the SonarQube server

          +please create a token here https://sonar.bappartners.com/account/security.

          +

          +- If you do not have permission to run the analysis, please contact the administrator (thachpv) to obtain a token.

          +

          +## 2. Run analysis on your project

          +

          +### Analysis parameters

          +

          +![setting_hierachy.png](./setting_hierachy.png)

          +

          +- Some analysis parameters

          +

          +| Parameters      | Description |

          +| ----------- | ----------- |

          +| `sonar.token` | Token used by the scanner to authenticate to the SonarCloud server. <br />Replaces `sonar.login` and `sonar.password` properties which are deprecated.       |

          +| `sonar.host.url`   | https://sonar.bappartners.com/ . The URL of the SonarCloud server |

          +| `sonar.projectKey`   | The project's unique key. Example format: `s0027.ChallengeCR_tên_repo`|

          +| `sonar.projectName`   | Name of the project that will be displayed on the web interface. Example format: `s0027.ChallengeCR_tên_repo`|

          +| `sonar.sources`   | Analysis baseline for main source code (non-test code) in the project.|

          +| `sonar.tests`   | Analysis baseline for test code in the project.|

          +| `sonar.sourceEncoding`   | Encoding of the source files. For example, `UTF-8`, `MacRoman`, `Shift_JIS`. The list of available encodings depends on your JVM.|

          +| `sonar.exclusions`   |  A setting used to specify file paths that you want to exclude from the SonarQube analysis process |

          +

          + Please visit the [official documentation of Analysis parameters](https://docs.sonarsource.com/sonarcloud/advanced-setup/analysis-parameters/) for more details.

          +

          +

          +- Setting configuration in a file

          +  - Maven Java project: `pom.xml`

          +  - Gradle Java project: `build.gradle`

          +  - Ant Java project: `build.xml`

          +  - Other CI-based analysis: `sonar-project.properties`

          +  - Automatic analysis: `.sonarcloud.properties`

          +  

          +- Setting configuration on the command line

          +  - For CI-based analysis (not automatic analysis), parameters can also be set on the command line using the `-D` option indicator when launching an analysis

          +

          +### Execute the Scanner for Maven

          +  Running a SonarQube analysis with Maven is straighforward. You just need to run the following command in your project's folder.

          +

          +  ```bash

          +  mvn clean verify sonar:sonar \

          +  -Dsonar.projectKey=test1 \

          +  -Dsonar.host.url=https://sonar.bappartners.com \

          +  -Dsonar.login=sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42

          +  ```

          +

          +  Please visit the [official documentation of the Scanner for Maven](https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/scanners/sonarscanner-for-maven/) for more details.

          +

          +### Execute the Scanner for Gradle

          +

          +1/ Running an analysis with Gradle is straighforward. You just need to declare the `org.sonarqube` plugin in your `build.gradle` file:

          +

          +```

          +plugins {

          +  id "org.sonarqube" version "3.5.0.2730"

          +}

          +```

          +

          +2/ run the following command:

          +

          +```bash

          +./gradlew sonar \

          +  -Dsonar.projectKey=test1 \

          +  -Dsonar.host.url=https://sonar.bappartners.com \

          +  -Dsonar.login=sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42

          +```

          +

          +### Other (for JS, TS, Go, Python, PHP, ...)

          +1/ Download and unzip the Scanner for Linux

          +

          +- https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-cli/

          +

          +2/ Execute the Scanner

          +

          +```bash

          +sonar-scanner \

          +  -Dsonar.projectKey=test1 \

          +  -Dsonar.sources=. \

          +  -Dsonar.host.url=https://sonar.bappartners.com \

          +  -Dsonar.login=sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42

          +```

          +

          +Please visit the [official documentation of the Scanner](https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/scanners/sonarscanner/) for more details.

          +

          +### Scanner .NET Core Global Tool

          +

          +```

          +dotnet tool install --global dotnet-sonarscanner

          +```

          +

          +```

          +dotnet sonarscanner begin /k:"test1" /d:sonar.host.url="https://sonar.bappartners.com"  /d:sonar.login="sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42"

          +dotnet build

          +dotnet sonarscanner end /d:sonar.login="sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42"

          +```

          +

          +### Execute the Scanner for Flutter

          +

          +- Sonar Server need to install SonarQube plugin for Flutter/Dart: https://github.com/insideapp-oss/sonar-flutter

          +

          +- Create `sonar-project.properties` file

          +```

          +# Project identification

          +sonar.projectKey=tcu.knock-fe-user

          +sonar.projectVersion=1.0

          +sonar.host.url=http://localhost:9000

          +sonar.login=sqp_aae237585c0c1995591c82faae02c619eae1dc94

          +

          +# Source code location.

          +# Path is relative to the sonar-project.properties file. Defaults to .

          +# Use commas to specify more than one file/folder.

          +# It is good practice to add pubspec.yaml to the sources as the analyzer

          +# may produce warnings for this file as well.

          +sonar.sources=lib,pubspec.yaml

          +#sonar.tests=test

          +

          +# Encoding of the source code. Default is default system encoding.

          +sonar.sourceEncoding=UTF-8

          +

          +# Analyzer mode

          +# Can be:

          +# - DETECT (attempt to detect automatically) - default

          +# - MANUAL (an existing report needs to be provided)

          +# - FLUTTER (flutter analyze)

          +# - DART (dart analyze)

          +# - DARTANALYZER (dartanalyzer)

          +# sonar.dart.analyzer.mode=

          +

          +# Allows reuse of an existing analyzer report when mode is MANUAL

          +# sonar.dart.analyzer.report.path=

          +

          +# Analyzer report output mode

          +# Can be:

          +# - DETECT (attempt to detect automatically, requires Dart SDK on the PATH) - default

          +# - MACHINE (a new machine readable output that is available for Dart 2.12+)

          +# - LEGACY (attempts to parse human readable output from dart/flutter) - default

          +# sonar.dart.analyzer.report.mode=

          +```

          +

          +-  Run the analysis and publish to the SonarQube server

          +```bash

          +# Download dependencies

          +flutter pub get

          +# Run tests with User feedback (in case some test are failing)

          +#flutter test

          +# Run tests without user feedback regeneration tests.output and coverage/lcov.info

          +#flutter test --machine --coverage > tests.output

          +

          +# Run the analysis and publish to the SonarQube server

          +sonar-scanner

          +```

          +----

          +

          +## Analyze your project with GitLab CI

          +### MAVEN

          +

          +**1/ Add the following to your `pom.xml` file**

          +```

          +<properties>

          +  <sonar.qualitygate.wait>true</sonar.qualitygate.wait>

          +</properties>

          +```

          +

          +

          +**2/ Add environment variables**

          +

          +2.1/ Define the SonarQube Token environment variable.

          +

          +- In GitLab, go to `Settings > CI/CD > Variables` to add the following variable and make sure it is available for your project:

          +- In the Key field, enter `SONAR_TOKEN`

          +- In the Value field, enter an existing token, or a newly generated one: [Generate a token](https://sonar.bappartners.com/account/security)

          +- Uncheck the Protect Variable checkbox.

          +- Check the Mask Variable checkbox.

          +

          +2.2/Define the SonarQube URL environment variable.

          +

          +Still in `Settings > CI/CD > Variables` add a new variable and make sure it is available for your project:

          +- In the Key field, enter `SONAR_HOST_URL`

          +- In the Value field, enter https://sonar.bappartners.com 

          +- Uncheck the Protect Variable checkbox.

          +- Leave the Mask Variable checkbox unchecked.

          +

          +

          +3/Create or update your `.gitlab-ci.yml` file with the following content.

          +

          +```

          +stages:

          +  - analyze

          +sonarqube-check:

          +  stage: analyze

          +  image: maven:3.6.3-jdk-11

          +  variables:

          +    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache

          +    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task

          +  cache:

          +    key: "${CI_JOB_NAME}"

          +    paths:

          +      - .sonar/cache

          +  script: 

          +    - mvn verify sonar:sonar -Dsonar.projectKey=test1

          +  rules:

          +    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

          +      when: manual

          +    - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "develop"'

          +  allow_failure: true  

          +  tags:

          +    - sonar-scanner

          +```

          +

          +### gradle

          +

          +1/ Add the following to your `build.gradle` file

          +

          +```

          +plugins {

          +  id "org.sonarqube" version "3.5.0.2730"

          +}

          +

          +sonar {

          +  properties {

          +    property "sonar.projectKey", "test1"

          +    property "sonar.qualitygate.wait", true 

          +  }

          +}

          +```

          +

          +Example:

          +```

          +// SonarQube

          +sonar {

          +    properties {

          +        property 'sonar.sourceEncoding', 'UTF-8'

          +        property 'sonar.language', 'java'

          +        property 'sonar.java.binaries', '**/build/classes'

          +        property 'sonar.exclusions', '**/com/honda/rd/**,**/ext/preevisionadapter/**'

          +        property 'sonar.issue.ignore.allfile', 'e1'

          +        property 'sonar.issue.ignore.allfile.e1.fileRegexp', '@Test'

          +        property 'sonar.issue.ignore.allfile', 'e2'

          +        property 'sonar.issue.ignore.allfile.e2.fileRegexp', '@ParameterizedTest'

          +        property 'sonar.junit.reportPaths', 'build/test-results/aggregate'

          +        property 'sonar.coverage.jacoco.xmlReportPaths', 'build/reports/jacoco/aggregate/jacocoTestReport.xml'

          +        property 'sonar.coverage.exclusions', '**/src/test/**'

          +        property 'sonar.cpd.exclusions', '**/src/test/**'

          +    }

          +}

          +project.tasks['sonar'].dependsOn 'junit5TestReport'

          +project.tasks['sonar'].dependsOn 'aggregateJacocoMerge'

          +```

          +

          +2/ Create or update your `.gitlab-ci.yml` file with the following content.

          +```

          +stages:

          +  - analyze

          +sonarqube-check:

          +  stage: analyze

          +  image: gradle:jre11-slim

          +  variables:

          +    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache

          +    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task

          +  cache:

          +    key: "${CI_JOB_NAME}"

          +    paths:

          +      - .sonar/cache

          +  script: gradle sonar

          +  rules:

          +    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

          +      when: manual

          +    - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "develop"'

          +  allow_failure: true  

          +  tags:

          +    - sonar-scanner

          +```

          +

          +### Other (for JS, TS, Go, Python, PHP, ...)

          +

          +1/ Create a `sonar-project.properties` file in your repository and paste the following code

          +

          +```

          +# must be unique in a given SonarQube instance

          +sonar.projectKey=s0168.Monocad_lambda-flask-api

          +# --- optional properties ---

          +

          +# defaults to project key

          +sonar.projectName=s0168.Monocad_lambda-flask-api

          +# defaults to 'not provided'

          +#sonar.projectVersion=1.0

          + 

          +# Path is relative to the sonar-project.properties file. Defaults to .

          +# sonar.projectBaseDir=.

          +# sonar.sources=./src,./resources,./web

          +sonar.sources=./app

          + 

          +# Encoding of the source code. Default is default system encoding

          +sonar.sourceEncoding=UTF-8

          +

          +#sonar.test.inclusions=**/*Test.js

          +

          +#sonar.exclusions=,**/coverage/**

          +

          +# Fail CI pipeline if Sonar fails.

          +sonar.qualitygate.wait=true

          +```

          +

          +2/ Create or update your `.gitlab-ci.yml` file with the following content.

          +```

          +stages:

          +  - analyze

          +sonarqube-check:

          +  stage: analyze

          +  image: 

          +    name: sonarsource/sonar-scanner-cli:4.8

          +    entrypoint: [""]

          +  variables:

          +    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache

          +    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task

          +  cache:

          +    key: "${CI_JOB_NAME}"

          +    paths:

          +      - .sonar/cache

          +  script: 

          +    - sonar-scanner

          +  rules:

          +    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

          +      when: manual

          +    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "develop"

          +  allow_failure: true  

          +  tags:

          +    - sonar-scanner

          +```

          +

          +### NET

          +

          +**1/ Add environment variables**

          +

          +1.1/ Define the SonarQube Token environment variable.

          +

          +- In GitLab, go to `Settings > CI/CD > Variables` to add the following variable and make sure it is available for your project:

          +- In the Key field, enter `SONAR_TOKEN`

          +- In the Value field, enter an existing token, or a newly generated one: [Generate a token](https://sonar.bappartners.com/account/security)

          +- Uncheck the Protect Variable checkbox.

          +- Check the Mask Variable checkbox.

          +

          +1.2/Define the SonarQube URL environment variable.

          +

          +Still in `Settings > CI/CD > Variables` add a new variable and make sure it is available for your project:

          +- In the Key field, enter `SONAR_HOST_URL`

          +- In the Value field, enter https://sonar.bappartners.com 

          +- Uncheck the Protect Variable checkbox.

          +- Leave the Mask Variable checkbox unchecked.

          +

          +2/ Create or update your `.gitlab-ci.yml` file with the following content.

          +```

          +sonarqube-check:

          +  image: mcr.microsoft.com/dotnet/core/sdk:latest

          +  variables:

          +    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache

          +    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task

          +  cache:

          +    key: "${CI_JOB_NAME}"

          +    paths:

          +      - .sonar/cache

          +  script: 

          +      - "apt-get update"

          +      - "apt-get install --yes openjdk-11-jre"

          +      - "dotnet tool install --global dotnet-sonarscanner"

          +      - "export PATH=\"$PATH:$HOME/.dotnet/tools\""

          +      - "dotnet sonarscanner begin /k:\"s0202.meta.b2b.unity_fe\" /d:sonar.login=\"$SONAR_TOKEN\" /d:\"sonar.host.url=$SONAR_HOST_URL\" "

          +      - "dotnet build"

          +      - "dotnet sonarscanner end /d:sonar.login=\"$SONAR_TOKEN\""

          +  allow_failure: true

          +  only:

          +    - merge_requests

          +    - staging

          +    - develop

          +```

				sonarqube/setting_hierachy.png
			
          Binary files /dev/null and b/sonarqube/setting_hierachy.png differ

...	...	@@ -1,92 +1,5 @@
1	1	# WIKI
2	2
	3	+## Sonarqube
	4	+- [Hướng dẫn tích hợp scan code](./sonarqube)
3	5
4		-
5		-## Getting started
6		-
7		-To make it easy for you to get started with GitLab, here's a list of recommended next steps.
8		-
9		-Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
10		-
11		-## Add your files
12		-
13		-- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
14		-- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
15		-
16		-```
17		-cd existing_repo
18		-git remote add origin https://gitlab-new.bap.jp/RDC/wiki.git
19		-git branch -M main
20		-git push -uf origin main
21		-```
22		-
23		-## Integrate with your tools
24		-
25		-- [ ] [Set up project integrations](https://gitlab-new.bap.jp/RDC/wiki/-/settings/integrations)
26		-
27		-## Collaborate with your team
28		-
29		-- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
30		-- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
31		-- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
32		-- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
33		-- [ ] [Automatically merge when pipeline succeeds](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
34		-
35		-## Test and Deploy
36		-
37		-Use the built-in continuous integration in GitLab.
38		-
39		-- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
40		-- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
41		-- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
42		-- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
43		-- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
44		-
45		-***
46		-
47		-# Editing this README
48		-
49		-When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thank you to [makeareadme.com](https://www.makeareadme.com/) for this template.
50		-
51		-## Suggestions for a good README
52		-Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
53		-
54		-## Name
55		-Choose a self-explaining name for your project.
56		-
57		-## Description
58		-Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
59		-
60		-## Badges
61		-On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
62		-
63		-## Visuals
64		-Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
65		-
66		-## Installation
67		-Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
68		-
69		-## Usage
70		-Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
71		-
72		-## Support
73		-Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
74		-
75		-## Roadmap
76		-If you have ideas for releases in the future, it is a good idea to list them in the README.
77		-
78		-## Contributing
79		-State if you are open to contributions and what your requirements are for accepting them.
80		-
81		-For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
82		-
83		-You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
84		-
85		-## Authors and acknowledgment
86		-Show your appreciation to those who have contributed to the project.
87		-
88		-## License
89		-For open source projects, say how it is licensed.
90		-
91		-## Project status
92		-If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.

...	...	@@ -0,0 +1,384 @@
	1	+
	2	+
	3	+[TOC]
	4	+
	5	+## 1. Provide a token
	6	+
	7	+https://sonar.bappartners.com/account/security
	8	+
	9	+- If you have the right to run the analysis code and publish it to the SonarQube server
	10	+please create a token here https://sonar.bappartners.com/account/security.
	11	+
	12	+- If you do not have permission to run the analysis, please contact the administrator (thachpv) to obtain a token.
	13	+
	14	+## 2. Run analysis on your project
	15	+
	16	+### Analysis parameters
	17	+
	18	+![setting_hierachy.png](./setting_hierachy.png)
	19	+
	20	+- Some analysis parameters
	21	+
	22	+\| Parameters \| Description \|
	23	+\| ----------- \| ----------- \|
	24	+\| `sonar.token` \| Token used by the scanner to authenticate to the SonarCloud server. <br />Replaces `sonar.login` and `sonar.password` properties which are deprecated. \|
	25	+\| `sonar.host.url` \| https://sonar.bappartners.com/ . The URL of the SonarCloud server \|
	26	+\| `sonar.projectKey` \| The project's unique key. Example format: `s0027.ChallengeCR_tên_repo`\|
	27	+\| `sonar.projectName` \| Name of the project that will be displayed on the web interface. Example format: `s0027.ChallengeCR_tên_repo`\|
	28	+\| `sonar.sources` \| Analysis baseline for main source code (non-test code) in the project.\|
	29	+\| `sonar.tests` \| Analysis baseline for test code in the project.\|
	30	+\| `sonar.sourceEncoding` \| Encoding of the source files. For example, `UTF-8`, `MacRoman`, `Shift_JIS`. The list of available encodings depends on your JVM.\|
	31	+\| `sonar.exclusions` \| A setting used to specify file paths that you want to exclude from the SonarQube analysis process \|
	32	+
	33	+ Please visit the [official documentation of Analysis parameters](https://docs.sonarsource.com/sonarcloud/advanced-setup/analysis-parameters/) for more details.
	34	+
	35	+
	36	+- Setting configuration in a file
	37	+ - Maven Java project: `pom.xml`
	38	+ - Gradle Java project: `build.gradle`
	39	+ - Ant Java project: `build.xml`
	40	+ - Other CI-based analysis: `sonar-project.properties`
	41	+ - Automatic analysis: `.sonarcloud.properties`
	42	+
	43	+- Setting configuration on the command line
	44	+ - For CI-based analysis (not automatic analysis), parameters can also be set on the command line using the `-D` option indicator when launching an analysis
	45	+
	46	+### Execute the Scanner for Maven
	47	+ Running a SonarQube analysis with Maven is straighforward. You just need to run the following command in your project's folder.
	48	+
	49	+ ```bash
	50	+ mvn clean verify sonar:sonar \
	51	+ -Dsonar.projectKey=test1 \
	52	+ -Dsonar.host.url=https://sonar.bappartners.com \
	53	+ -Dsonar.login=sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42
	54	+ ```
	55	+
	56	+ Please visit the [official documentation of the Scanner for Maven](https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/scanners/sonarscanner-for-maven/) for more details.
	57	+
	58	+### Execute the Scanner for Gradle
	59	+
	60	+1/ Running an analysis with Gradle is straighforward. You just need to declare the `org.sonarqube` plugin in your `build.gradle` file:
	61	+
	62	+```
	63	+plugins {
	64	+ id "org.sonarqube" version "3.5.0.2730"
	65	+}
	66	+```
	67	+
	68	+2/ run the following command:
	69	+
	70	+```bash
	71	+./gradlew sonar \
	72	+ -Dsonar.projectKey=test1 \
	73	+ -Dsonar.host.url=https://sonar.bappartners.com \
	74	+ -Dsonar.login=sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42
	75	+```
	76	+
	77	+### Other (for JS, TS, Go, Python, PHP, ...)
	78	+1/ Download and unzip the Scanner for Linux
	79	+
	80	+- https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-cli/
	81	+
	82	+2/ Execute the Scanner
	83	+
	84	+```bash
	85	+sonar-scanner \
	86	+ -Dsonar.projectKey=test1 \
	87	+ -Dsonar.sources=. \
	88	+ -Dsonar.host.url=https://sonar.bappartners.com \
	89	+ -Dsonar.login=sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42
	90	+```
	91	+
	92	+Please visit the [official documentation of the Scanner](https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/scanners/sonarscanner/) for more details.
	93	+
	94	+### Scanner .NET Core Global Tool
	95	+
	96	+```
	97	+dotnet tool install --global dotnet-sonarscanner
	98	+```
	99	+
	100	+```
	101	+dotnet sonarscanner begin /k:"test1" /d:sonar.host.url="https://sonar.bappartners.com" /d:sonar.login="sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42"
	102	+dotnet build
	103	+dotnet sonarscanner end /d:sonar.login="sqp_a8f356df86c4c1660db14aa849bc1a829aaa3e42"
	104	+```
	105	+
	106	+### Execute the Scanner for Flutter
	107	+
	108	+- Sonar Server need to install SonarQube plugin for Flutter/Dart: https://github.com/insideapp-oss/sonar-flutter
	109	+
	110	+- Create `sonar-project.properties` file
	111	+```
	112	+# Project identification
	113	+sonar.projectKey=tcu.knock-fe-user
	114	+sonar.projectVersion=1.0
	115	+sonar.host.url=http://localhost:9000
	116	+sonar.login=sqp_aae237585c0c1995591c82faae02c619eae1dc94
	117	+
	118	+# Source code location.
	119	+# Path is relative to the sonar-project.properties file. Defaults to .
	120	+# Use commas to specify more than one file/folder.
	121	+# It is good practice to add pubspec.yaml to the sources as the analyzer
	122	+# may produce warnings for this file as well.
	123	+sonar.sources=lib,pubspec.yaml
	124	+#sonar.tests=test
	125	+
	126	+# Encoding of the source code. Default is default system encoding.
	127	+sonar.sourceEncoding=UTF-8
	128	+
	129	+# Analyzer mode
	130	+# Can be:
	131	+# - DETECT (attempt to detect automatically) - default
	132	+# - MANUAL (an existing report needs to be provided)
	133	+# - FLUTTER (flutter analyze)
	134	+# - DART (dart analyze)
	135	+# - DARTANALYZER (dartanalyzer)
	136	+# sonar.dart.analyzer.mode=
	137	+
	138	+# Allows reuse of an existing analyzer report when mode is MANUAL
	139	+# sonar.dart.analyzer.report.path=
	140	+
	141	+# Analyzer report output mode
	142	+# Can be:
	143	+# - DETECT (attempt to detect automatically, requires Dart SDK on the PATH) - default
	144	+# - MACHINE (a new machine readable output that is available for Dart 2.12+)
	145	+# - LEGACY (attempts to parse human readable output from dart/flutter) - default
	146	+# sonar.dart.analyzer.report.mode=
	147	+```
	148	+
	149	+- Run the analysis and publish to the SonarQube server
	150	+```bash
	151	+# Download dependencies
	152	+flutter pub get
	153	+# Run tests with User feedback (in case some test are failing)
	154	+#flutter test
	155	+# Run tests without user feedback regeneration tests.output and coverage/lcov.info
	156	+#flutter test --machine --coverage > tests.output
	157	+
	158	+# Run the analysis and publish to the SonarQube server
	159	+sonar-scanner
	160	+```
	161	+----
	162	+
	163	+## Analyze your project with GitLab CI
	164	+### MAVEN
	165	+
	166	+1/ Add the following to your `pom.xml` file
	167	+```
	168	+<properties>
	169	+ <sonar.qualitygate.wait>true</sonar.qualitygate.wait>
	170	+</properties>
	171	+```
	172	+
	173	+
	174	+2/ Add environment variables
	175	+
	176	+2.1/ Define the SonarQube Token environment variable.
	177	+
	178	+- In GitLab, go to `Settings > CI/CD > Variables` to add the following variable and make sure it is available for your project:
	179	+- In the Key field, enter `SONAR_TOKEN`
	180	+- In the Value field, enter an existing token, or a newly generated one: [Generate a token](https://sonar.bappartners.com/account/security)
	181	+- Uncheck the Protect Variable checkbox.
	182	+- Check the Mask Variable checkbox.
	183	+
	184	+2.2/Define the SonarQube URL environment variable.
	185	+
	186	+Still in `Settings > CI/CD > Variables` add a new variable and make sure it is available for your project:
	187	+- In the Key field, enter `SONAR_HOST_URL`
	188	+- In the Value field, enter https://sonar.bappartners.com
	189	+- Uncheck the Protect Variable checkbox.
	190	+- Leave the Mask Variable checkbox unchecked.
	191	+
	192	+
	193	+3/Create or update your `.gitlab-ci.yml` file with the following content.
	194	+
	195	+```
	196	+stages:
	197	+ - analyze
	198	+sonarqube-check:
	199	+ stage: analyze
	200	+ image: maven:3.6.3-jdk-11
	201	+ variables:
	202	+ SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
	203	+ GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
	204	+ cache:
	205	+ key: "${CI_JOB_NAME}"
	206	+ paths:
	207	+ - .sonar/cache
	208	+ script:
	209	+ - mvn verify sonar:sonar -Dsonar.projectKey=test1
	210	+ rules:
	211	+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
	212	+ when: manual
	213	+ - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "develop"'
	214	+ allow_failure: true
	215	+ tags:
	216	+ - sonar-scanner
	217	+```
	218	+
	219	+### gradle
	220	+
	221	+1/ Add the following to your `build.gradle` file
	222	+
	223	+```
	224	+plugins {
	225	+ id "org.sonarqube" version "3.5.0.2730"
	226	+}
	227	+
	228	+sonar {
	229	+ properties {
	230	+ property "sonar.projectKey", "test1"
	231	+ property "sonar.qualitygate.wait", true
	232	+ }
	233	+}
	234	+```
	235	+
	236	+Example:
	237	+```
	238	+// SonarQube
	239	+sonar {
	240	+ properties {
	241	+ property 'sonar.sourceEncoding', 'UTF-8'
	242	+ property 'sonar.language', 'java'
	243	+ property 'sonar.java.binaries', '**/build/classes'
	244	+ property 'sonar.exclusions', '/com/honda/rd/,/ext/preevisionadapter/'
	245	+ property 'sonar.issue.ignore.allfile', 'e1'
	246	+ property 'sonar.issue.ignore.allfile.e1.fileRegexp', '@Test'
	247	+ property 'sonar.issue.ignore.allfile', 'e2'
	248	+ property 'sonar.issue.ignore.allfile.e2.fileRegexp', '@ParameterizedTest'
	249	+ property 'sonar.junit.reportPaths', 'build/test-results/aggregate'
	250	+ property 'sonar.coverage.jacoco.xmlReportPaths', 'build/reports/jacoco/aggregate/jacocoTestReport.xml'
	251	+ property 'sonar.coverage.exclusions', '/src/test/'
	252	+ property 'sonar.cpd.exclusions', '/src/test/'
	253	+ }
	254	+}
	255	+project.tasks['sonar'].dependsOn 'junit5TestReport'
	256	+project.tasks['sonar'].dependsOn 'aggregateJacocoMerge'
	257	+```
	258	+
	259	+2/ Create or update your `.gitlab-ci.yml` file with the following content.
	260	+```
	261	+stages:
	262	+ - analyze
	263	+sonarqube-check:
	264	+ stage: analyze
	265	+ image: gradle:jre11-slim
	266	+ variables:
	267	+ SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
	268	+ GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
	269	+ cache:
	270	+ key: "${CI_JOB_NAME}"
	271	+ paths:
	272	+ - .sonar/cache
	273	+ script: gradle sonar
	274	+ rules:
	275	+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
	276	+ when: manual
	277	+ - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "develop"'
	278	+ allow_failure: true
	279	+ tags:
	280	+ - sonar-scanner
	281	+```
	282	+
	283	+### Other (for JS, TS, Go, Python, PHP, ...)
	284	+
	285	+1/ Create a `sonar-project.properties` file in your repository and paste the following code
	286	+
	287	+```
	288	+# must be unique in a given SonarQube instance
	289	+sonar.projectKey=s0168.Monocad_lambda-flask-api
	290	+# --- optional properties ---
	291	+
	292	+# defaults to project key
	293	+sonar.projectName=s0168.Monocad_lambda-flask-api
	294	+# defaults to 'not provided'
	295	+#sonar.projectVersion=1.0
	296	+
	297	+# Path is relative to the sonar-project.properties file. Defaults to .
	298	+# sonar.projectBaseDir=.
	299	+# sonar.sources=./src,./resources,./web
	300	+sonar.sources=./app
	301	+
	302	+# Encoding of the source code. Default is default system encoding
	303	+sonar.sourceEncoding=UTF-8
	304	+
	305	+#sonar.test.inclusions=*/Test.js
	306	+
	307	+#sonar.exclusions=,/coverage/
	308	+
	309	+# Fail CI pipeline if Sonar fails.
	310	+sonar.qualitygate.wait=true
	311	+```
	312	+
	313	+2/ Create or update your `.gitlab-ci.yml` file with the following content.
	314	+```
	315	+stages:
	316	+ - analyze
	317	+sonarqube-check:
	318	+ stage: analyze
	319	+ image:
	320	+ name: sonarsource/sonar-scanner-cli:4.8
	321	+ entrypoint: [""]
	322	+ variables:
	323	+ SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
	324	+ GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
	325	+ cache:
	326	+ key: "${CI_JOB_NAME}"
	327	+ paths:
	328	+ - .sonar/cache
	329	+ script:
	330	+ - sonar-scanner
	331	+ rules:
	332	+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
	333	+ when: manual
	334	+ - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "develop"
	335	+ allow_failure: true
	336	+ tags:
	337	+ - sonar-scanner
	338	+```
	339	+
	340	+### NET
	341	+
	342	+1/ Add environment variables
	343	+
	344	+1.1/ Define the SonarQube Token environment variable.
	345	+
	346	+- In GitLab, go to `Settings > CI/CD > Variables` to add the following variable and make sure it is available for your project:
	347	+- In the Key field, enter `SONAR_TOKEN`
	348	+- In the Value field, enter an existing token, or a newly generated one: [Generate a token](https://sonar.bappartners.com/account/security)
	349	+- Uncheck the Protect Variable checkbox.
	350	+- Check the Mask Variable checkbox.
	351	+
	352	+1.2/Define the SonarQube URL environment variable.
	353	+
	354	+Still in `Settings > CI/CD > Variables` add a new variable and make sure it is available for your project:
	355	+- In the Key field, enter `SONAR_HOST_URL`
	356	+- In the Value field, enter https://sonar.bappartners.com
	357	+- Uncheck the Protect Variable checkbox.
	358	+- Leave the Mask Variable checkbox unchecked.
	359	+
	360	+2/ Create or update your `.gitlab-ci.yml` file with the following content.
	361	+```
	362	+sonarqube-check:
	363	+ image: mcr.microsoft.com/dotnet/core/sdk:latest
	364	+ variables:
	365	+ SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
	366	+ GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
	367	+ cache:
	368	+ key: "${CI_JOB_NAME}"
	369	+ paths:
	370	+ - .sonar/cache
	371	+ script:
	372	+ - "apt-get update"
	373	+ - "apt-get install --yes openjdk-11-jre"
	374	+ - "dotnet tool install --global dotnet-sonarscanner"
	375	+ - "export PATH=\"$PATH:$HOME/.dotnet/tools\""
	376	+ - "dotnet sonarscanner begin /k:\"s0202.meta.b2b.unity_fe\" /d:sonar.login=\"$SONAR_TOKEN\" /d:\"sonar.host.url=$SONAR_HOST_URL\" "
	377	+ - "dotnet build"
	378	+ - "dotnet sonarscanner end /d:sonar.login=\"$SONAR_TOKEN\""
	379	+ allow_failure: true
	380	+ only:
	381	+ - merge_requests
	382	+ - staging
	383	+ - develop
	384	+```