Closed dantevvp closed 2 years ago
Note: this PR is currently pulling the codeclimate-ss-analyzer-wrapper
package from an unmerged branch. Once merged, it will be changed to the correct package name.
@dantevvp When running make analyze-fixtures
I see some messages that concern me a bit:
INFO: Java 1.8.0_111-internal Oracle Corporation (64-bit)
INFO: Linux 5.10.25-linuxkit amd64
INFO: Index files
INFO: 1 file indexed
INFO: Configured Java source version (sonar.java.source): 15
INFO: JavaClasspath initialization
INFO: JavaClasspath initialization (done) | time=13ms
INFO: JavaTestClasspath initialization
INFO: JavaTestClasspath initialization (done) | time=0ms
INFO: Java Main Files AST scan
INFO: 1 source files to be analyzed
INFO: 1/1 source files have been analyzed
INFO: Dependencies/libraries were not provided for analysis of SOURCE files. The 'sonar.java.libraries' property is empty. Verify your configuration, as you might end up with less precise results.
INFO: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
....
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.803s
INFO: Final Memory: 19M/197M
INFO: ------------------------------------------------------------------------
This two;
INFO: Dependencies/libraries were not provided for analysis of SOURCE files. The 'sonar.java.libraries' property is empty. Verify your configuration, as you might end up with less precise results.
&&
INFO: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
Might worth confirm what are they about ...
@dantevvp also, the CI is working again ✅
This two;
INFO: Dependencies/libraries were not provided for analysis of SOURCE files. The 'sonar.java.libraries' property is empty. Verify your configuration, as you might end up with less precise results.
&&
INFO: Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
Might worth confirm what are they about ...
I looked into this and the sonar.java.libraries warning goes away when providing this config in the codeclimate.yml
file:
sonar-java:
enabled: true
channel: beta
config:
sonar.java.source: "15"
sonar.java.libraries: /usr/src/app/build/libs
sonar.java.test.libraries: /usr/src/app/build/test
sonar.java.binaries: .
minimum_severity: minor
tests_patterns:
- src/test/**
It tells sonar java where the project's libraries, test libraries and binaries are. I'm not sure though if this is the correct config or why it needs to have access to those libraries. Either way I'm sure that this is user-specific. Users should specify their own project's libraries, binaries and test libraries.
Regarding the unresolved imports/types warning, I wasn't able to get sonarlint to run in debug mode, so I can't say exactly what are the unresolved imports or types, but it is also something specific to each project you run the linter on, so it's not something related to our own image
@dantevvp I believe we can just ignore snyk for now...
This PR updates the SonarJava plugin to version 6.15 that supports Java 15.