[
https://issues.apache.org/jira/browse/CASSANDRA-18390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17711053#comment-17711053
]
Maxim Muzafarov commented on CASSANDRA-18390:
---------------------------------------------
I have updated the PR according to my research with the same aim in relation to
the Apache Ignite project. Here are the results and how it may look like for
Cassandra:
https://sonarcloud.io/summary/overall?id=apache_ignite
In summary, to achieve a complete solution for source code analysis, we need to
prepare the developer's side and the server's side of the solution.
For the server side, we need to:
- Prepare automation jobs to upload branch check results to sonarcloud.io and
the same for pull request analysis, I suggest we can use Github Actions here;
- Prepare the right token to upload sonar analysis results (contact the INFRA
team);
- As some checks can take a considerable amount of time, we need to configure a
"quality profile" for the Cassandra project on sonarcloid.io (project
administrators can do this, see INFRA-24196);
- Test coverage should be excluded from the initial version of the server-side
changes, as running tests could take a large amount of time, so it would be
better to fetch coverage results from Jenkins or CircleCI for efficiency;
For the developer side, we need to:
- Update the documentation and "how to" guides with steps to install the
SonarLint plugin (available for InetllijIDEA, Eclipse);
- Communicate to the community for tokens to use for this plugin and how these
tokens might be received;
> Run Sonar analyzer over the Cassandra project
> ---------------------------------------------
>
> Key: CASSANDRA-18390
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18390
> Project: Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Maxim Muzafarov
> Assignee: Maxim Muzafarov
> Priority: Normal
> Time Spent: 10m
> Remaining Estimate: 0h
>
> As we already have Cassandra's project configured for the sonarcloud.io
> INFRA-24196, I wonder if we will be able to release branches, trunk, and pull
> requests to get analyzed by the SonarAnalyzer tool.
> Sonar is a code quality and security tool that is free to open-source
> projects and recommended by the INFRA team:
> https://cwiki.apache.org/confluence/display/INFRA/SonarCloud+for+ASF+projects
> It can have the following benefits without introducing any drawbacks (except
> for a few lines of source code)
> - visualise the LFH problems to work on;
> - see the trends in the source code;
> - add an extra layer of static code analysis;
> Changes below I have tested it locally with my SonarQube deployed on
> http://localhost:9000 and run the `act` for the GA part of the PR. It seems
> to work and parse classes correctly, but there are a few steps that need to
> be done by Cassandra's Committer or PMC (I do not have sufficient privileges):
> - Get the {{sonar.projectKey}} from the INFRA team;
> - make sure that the {{SONARCLOUD_TOKEN}} is available for GA and enabled for
> the project;
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
