TRG Suggestion - Application Testing - Code Coverage #1149
+133
−0
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| { | ||
| "label": "TRG 10 - Application Testing" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| --- | ||
| title: TRG 10.01 - Code Coverage | ||
| sidebar_position: 1 | ||
| --- | ||
|
|
||
| | Status | Created | Post-History | | ||
| |--------|-------------|-------------------------| | ||
| | Draft | 07-Feb-2025 | Initial version created | | ||
| | Draft | 21-Mar-2025 | Update with example integration for GitHub Workflow | | ||
| | Draft | 24-Mar-2025 | Update with SonarQube Cloud reference implementation and clarifications| | ||
| | Draft | 02-Apr-2025 | Updated workflow integration example | | ||
|
|
||
| ## Why | ||
|
|
||
| Goal: To ensure that all released software components meet sufficient test coverage to guarantee quality, stability, and reliability. | ||
|
|
||
| This guideline applies to all software components and projects that are part of the Eclipse Tractus-X release process. | ||
|
|
||
| ## Description | ||
|
|
||
| ### 1. Minimum Requirements | ||
|
|
||
| 1.1. **Code Coverage Threshold** | ||
|
|
||
| - Quality Gate: The minimum threshold for code coverage (line coverage) should be **80.0%**. | ||
| - The code coverage is calculated using both unit tests and integration tests combined. | ||
|
|
||
| 1.2. **Exceptions** | ||
|
|
||
| Certain code sections may be excluded from counting towards the code coverage percentage. For example this could apply to code sections that: | ||
|
|
||
| - Are themselves test code (no "test of tests"). | ||
| - Are autogenerated code, for example Swagger-generated API clients. | ||
| - Are configuration files with no logic to test. | ||
| - Are experimental or prototype code, for example incomplete implementations hidden behind feature toggles. | ||
| - Are boilerplate code or entity classes that follow a known, predictable pattern. | ||
| - Are code for logging, metrics, or monitoring. | ||
| - Depend on platform-specifics, for example hardware that cannot be simulated in a test. | ||
|
|
||
| All exceptions should be documented and approved by the project's lead/main committers. | ||
|
|
||
| ### 2. Analysis and Reporting | ||
|
|
||
| 2.1. **Tools for Code Coverage Reporting** | ||
|
|
||
| - The recommended code coverage reporting tool is **SonarQube Cloud** as provided by Elipse Tractus-X at this [reference link](https://sonarcloud.io/organizations/eclipse-tractusx/projects). | ||
| - Please note that SonarQube Cloud does not calculate the code coverage itself. To include coverage results you must set up a third-party coverage analysis tool and configure SonarQube Cloud to import the analysis results produced by that tool. | ||
| - SonarQube Cloud supports the import of coverage data in formats native to a variety of tools for a variety of languages. It also provides a possibility to import a generic format from tools that are not directly supported. See the guideline in section [4. Resources and Examples](#sonarqube-implementation-guides) as reference on how to implement this. | ||
| - The tool or tools used for test coverage analysis and to produce the code coverage report should be specified and documented within the respective Eclipse Tractus-X project. | ||
|
|
||
| 2.2. **Regular Review** | ||
|
|
||
| - Code coverage should be measured by all Eclipse Tractus-X software products at least once before each release. | ||
| - Coverage measurement results should be integrated into CI/CD pipelines and automated as part of the release process. | ||
|
|
||
| ### 3. Quality Assurance | ||
|
|
||
| 3.1. **Code Review Requirements** | ||
|
|
||
| - Reviewers must ensure that new or modified code sections are sufficiently covered by test cases. | ||
| - Code changes that lower the overall coverage below the defined Quality Gate threshold may only be accepted in exceptional cases. | ||
|
|
||
| 3.2. **Risk Analysis** | ||
|
|
||
| - If the code coverage value for an Eclipse Tractus-X project falls below 80.0% for an (upcoming) release and this cannot be improved anymore in time before the release, this potential risk should be documented and approved by the project lead/main committers. | ||
|
|
||
| ### 4. Resources and Examples | ||
|
|
||
| <a id="sonarqube-implementation-guides"></a> | ||
|
|
||
| #### 4.1 **SonarQube Cloud Implementation Guides** | ||
|
|
||
| See the following SonarQube Cloud guideline for the importing of test coverage reports with detailed guides for several popular programming languages as [reference](https://docs.sonarsource.com/sonarqube-cloud/enriching/test-coverage/overview/). | ||
|
|
||
| #### 4.2. **GitHub Workflow Integration Code Example** | ||
|
There was a problem hiding this comment. the TRG is about test coverage and measuring that with sonar, as far as I understood, and the GH workflow example for CI integration is about executing and publishing unit and integration tests, that doesn't make sense to me There was a problem hiding this comment. This is still the case because the secrets are only available inside the Tractus-X GitHub Organization. For example: vars.SONAR_ORGANIZATION or secrets.SONAR_TOKEN_BACKEND. |
||
|
|
||
| An example of a GitHub workflow integration using Java and Apache Maven can be found below. | ||
|
|
||
| ```yaml | ||
| name: "Sonar Check" | ||
|
|
||
| on: | ||
| pull_request: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| env: | ||
| JAVA_VERSION: 17 | ||
|
|
||
| jobs: | ||
| Test-and-Sonar: | ||
| permissions: | ||
| contents: read | ||
| checks: write | ||
| pull-requests: write | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-java@v4 | ||
| with: | ||
| java-version: '${{ env.JAVA_VERSION }}' | ||
| distribution: 'temurin' | ||
| cache: 'maven' | ||
|
|
||
| - name: Run unit & integration tests | ||
| run: | | ||
| mvn -B verify | ||
|
|
||
| - name: Clean working directories | ||
| run: | | ||
| rm -rf .scannerwork | ||
| rm -rf .sonar | ||
|
|
||
| - name: Cache SonarCloud packages | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ~/.sonar/cache | ||
| key: ${{ runner.os }}-sonar | ||
| restore-keys: ${{ runner.os }}-sonar | ||
|
|
||
| - name: Verify Sonar Scan | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }} | ||
| SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} | ||
| SONAR_PROJECT_KEY: ${{ vars.SONAR_PROJECT_KEY_BACKEND }} | ||
| run: mvn --batch-mode sonar:sonar -Dsonar.coverage.jacoco.xmlReportPaths=${{ github.workspace }}/target/site/jacoco-aggregate/jacoco.xml -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY_BACKEND }} -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} | ||
| ``` | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I strongly advice against this.
In my experience code coverage thresholds ended up in people putting fake tests that covered lines but actually tested nothing.
Test culture is something that needs to be part of the team as good practice that's put in place every day in every code change, and it's up to committers to ensure this through code reviews.
An indicator that show what's the coverage on the changed lines in a PR could help the committer to drive the review in a certain direction, but it shouldn't do the review in their place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the line on which I commented there's the "threshold" word, that to me means that if the actual value is less, the CI should throw an error and block the contribution.
If that's not what was meant, please rephrase or remove the line altogether
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I strengthen Andreas comment here. As I already mentioned in the office hours. I would, as a first step, make a guideline in the direction:
We can give a hint, that there is some statistics that show, that 80% is a turning point and further improvements do typically not pay off, so a general target of 80% is something to think about within a team, but an absolute requirement is counterproductive. I have seen tests in my past that added no value except increasing the coverage.