[
https://issues.apache.org/jira/browse/CASSANDRA-18390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maxim Muzafarov updated CASSANDRA-18390:
----------------------------------------
Epic Link: CASSANDRA-18090
> Run Sonar analyzer over the Cassandra project
> ---------------------------------------------
>
> Key: CASSANDRA-18390
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18390
> Project: Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Maxim Muzafarov
> Assignee: Maxim Muzafarov
> Priority: Normal
> Time Spent: 10m
> Remaining Estimate: 0h
>
> As we already have Cassandra's project configured for the sonarcloud.io
> INFRA-24196, I wonder if we will be able to release branches, trunk, and pull
> requests to get analyzed by the SonarAnalyzer tool.
> Sonar is a code quality and security tool that is free to open-source
> projects and recommended by the INFRA team:
> https://cwiki.apache.org/confluence/display/INFRA/SonarCloud+for+ASF+projects
> It can have the following benefits without introducing any drawbacks (except
> for a few lines of source code)
> - visualise the LFH problems to work on;
> - see the trends in the source code;
> - add an extra layer of static code analysis;
> Changes below I have tested it locally with my SonarQube deployed on
> http://localhost:9000 and run the `act` for the GA part of the PR. It seems
> to work and parse classes correctly, but there are a few steps that need to
> be done by Cassandra's Committer or PMC (I do not have sufficient privileges):
> - Get the {{sonar.projectKey}} from the INFRA team;
> - make sure that the {{SONARCLOUD_TOKEN}} is available for GA and enabled for
> the project;
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
