Adobe-Consulting-Services / acs-aem-commons

http://adobe-consulting-services.github.io/acs-aem-commons/
Apache License 2.0
457 stars 605 forks source link

Align ACS Commons with Adobe Cloud Manager Quality Gates #2027

Closed davidjgonzalez closed 5 years ago

davidjgonzalez commented 5 years ago

Required Information

Expected Behavior

ACS Commons has a number of issues reported when run through Adobe Cloud Manager Quality Gates. We should attempt to resolve as many as possible (prioritizing the higher priority issues)

See report here: https://github.com/Adobe-Consulting-Services/acs-aem-commons/files/3534873/build_project_issues-2019-08-23.xlsx

badvision commented 5 years ago

Fortunately only 52 of 888 are critical, FWIW

badvision commented 5 years ago

build_project_issues-2019-08-23.xlsx I cleaned up the CSV as an excel file so it can be read by human beings too. :)

kwin commented 5 years ago

Is there any chance to integrate those rules in our CI build? I guess at least a few issues would be detected by SonarQube (https://sonarcloud.io/)...

davidjgonzalez commented 5 years ago

@kwin sonarcloud.io is free for OSS right?

The Cloud Manager sonarQube rules are available here: https://docs.adobe.com/content/help/en/experience-manager-cloud-manager/using/how-to-use/assets/CodeQuality-Rules-new.xlsx

(Note its not ALL the checks, but some is better than none)

justinedelson commented 5 years ago

FWIW, at one point a while ago I looked at what could be done with codeclimate and there's two problems: (1) codeclimate did not allow for the ruleset to be customized for SonarQube and (2) some of the rules in the Cloud Manager set (specifically the findbugs/spotbugs ones) operate on bytecode, not source, and the nature of codeclimate is that it only uses source.

So doing this would require a full sonar installation or SonarCloud, although I do not know to what extent custom plugins can be added to SonarCloud (especially at the free tier).

kwin commented 5 years ago

Yes, AFAIK sonarcloud.io is free for OSS. Should we enable this for the Adobe-Consulting-Services organization (don't know if I have enough Karma though). Maybe @davidjgonzalez you could enable that by going to https://sonarcloud.io/projects/create and choose the organization from GitHub. There is some possibility to tweak the configuration (https://sonarcloud.io/documentation/project-administration/narrowing-the-focus/). But we can just try it out after having enabled it. WDYT?

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

mitchross commented 4 years ago

Please reopen.