Skip to content

Investigate CI integration with sonarcloud.io #11650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
philwebb opened this issue Jan 17, 2018 · 12 comments
Closed

Investigate CI integration with sonarcloud.io #11650

philwebb opened this issue Jan 17, 2018 · 12 comments
Labels
status: declined A suggestion or change that we don't feel we should currently apply

Comments

@philwebb
Copy link
Member

#11624 as shown there could be some value.
@philwebb philwebb mentioned this issue Jan 17, 2018
Closed
@snicoll snicoll added the for: team-attention An issue we'd like other members of the team to review label Jan 17, 2018
@wilkinsona
Copy link
Member

I'm not opposed to adding extra code quality checks to the build as long as they don't slow things down too much and can be run locally prior to pushing a change.

@snicoll
Copy link
Member

snicoll commented Jan 17, 2018

I am ok to integrate it as long as it is an integral part of our development process and we take the time to craft a profile that eliminates what we consider false positive. The direct side effect of that is that we need a quality gate with concrete actions when it doesn't pass.

@philwebb philwebb removed the for: team-attention An issue we'd like other members of the team to review label Jan 17, 2018
This was referenced Jan 18, 2018
Closed
Closed
@igor-suhorukov
Copy link
Contributor

igor-suhorukov commented Jan 20, 2018
edited
Loading

@wilkinsona it is possible to create maven profile to run locally on local SonarQube instance,
also possible run IntelliJ Idea SonarLint plugin with rules and settings from http://sonarcloud.io. SonarLint can analyse only on VCS changed files. We need measure sonar plugin overhead on typical project build.

@wilkinsona
Copy link
Member

Thanks for the info. Running a local instance is what I’ve done in the past and I’ve found it cumbersome and awkward. I’d like a way to analyse code locally but using the rules defined in the server. At a minimum I think that analysis needs to happen in command line builds (as we do today with Checkstyle). Being able to run them in IntelliJ and Eclipse would be a nice bonus.

@igor-suhorukov
Copy link
Contributor

igor-suhorukov commented Jan 20, 2018
edited
Loading

I’d like a way to analyse code locally but using the rules defined in the server

I know only local IDE approach: SonarLint with remote rule server configuration
sonarling-screenshot

@philwebb
Copy link
Member Author

Perhaps running PMD and FindBugs as part of the build would be better. That might potentially find the same issues without requiring the server. This article has some relevant background.

@igor-suhorukov
Copy link
Contributor

@philwebb FindBugs is unsupported and outdated, HuntBugs also dead. Only Sonar complex rules analyser is alive. It is possible to run IntelliJ Idea analyser from scripts, but difficult to enforce rules and generate buid reports from output.

@wilkinsona
Copy link
Member

I wonder how much mileage we’d get out of using jQAssistant? At first look, it’s incredibly flexible and integrates with Maven. It looks like it could do what we might want, but it may require quite a bit of effort if we have to write many of the queries ourselves. I think @olivergierke may have some experience with it and could perhaps offer some advice.

@igor-suhorukov
Copy link
Contributor

@wilkinsona thank you for information! Very interesting framework in terms of code structure querying in SQL like language.

@shakuzen
Copy link
Member

FindBugs is unsupported and outdated, HuntBugs also dead. Only Sonar complex rules analyser is alive.

AFAIK, SpotBugs is alive and the successor to FindBugs.

@igor-suhorukov
Copy link
Contributor

@shakuzen thank you!

@igor-suhorukov igor-suhorukov mentioned this issue Jan 21, 2018
Closed
@philwebb philwebb added this to the 2.x milestone Jun 7, 2019
@philwebb
Copy link
Member Author

We've decided to stick with our current approach of tools we can use directly in the build.

@philwebb philwebb closed this as not planned Won't fix, can't repro, duplicate, stale Aug 19, 2022
@philwebb philwebb added status: declined A suggestion or change that we don't feel we should currently apply and removed type: task A general task labels Aug 19, 2022
@philwebb philwebb removed this from the 2.x milestone Aug 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: declined A suggestion or change that we don't feel we should currently apply
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@snicoll @philwebb @wilkinsona @shakuzen @igor-suhorukov