Closed JohnHalleyGotway closed 3 months ago
Followed these instructions to better integrate SonarQube with GitHub: https://docs.sonarsource.com/sonarqube/10.2/devops-platform-integration/github-integration/
To create a new GitHub app for the DTCenter organization (https://github.com/apps/dtcenter-sonarqube-integration) to support SonarQube integration.
Installed that app in the DTCenter org settings (https://github.com/organizations/dtcenter/settings/apps) for 6 repositories: METplus, MET, METviewer, METplotpy, METcalcpy, METdataio
Followed these instructions to setup GitHub user authentication for our SonarQube server: https://docs.sonarsource.com/sonarqube/10.2/instance-administration/authentication/github/
To create a new GitHub app for the DTCenter organization (https://github.com/apps/dtcenter-sonarqube-user-auth) to support GitHub user authentication at our SonarQube server.
Members of the DTCenter GitHub organization are now able to authenticate at needham.rap.ucar.edu using their GitHub credentials.
Reopening issue during the beta5 development cycle to switch to pushing to a single SonarQube project rather than separate ones for GitHub actions and the nightly build.
Describe the New Feature
This issue is to add a new SonarQube workflow to GitHub actions to automate the static code analysis for all pull requests. In addition, add a manual trigger workflow dispatch option where the reference branch can be manually specified.
Recommend adding this workflow to both the
develop
branch and the currentmain_v*
so that the workflow dispatch option can be made available.Recommend pushing results to a new SonarQube project named
METplus GHA
at needham.rap.ucar.edu.Recommend having the workflow report bad status if the number of SonarQube findings are increased relative to the SonarQube reference.
See issue dtcenter/MET#2379 and its two linked PR's as an example, but the implementation for a python-only repo should be more straight-forward.
Acceptance Testing
List input data types and sources. Describe tests required for new functionality.
Time Estimate
Estimate the amount of work required here. Issues should represent approximately 1 to 3 days of work.
Sub-Issues
Consider breaking the new feature down into sub-issues.
Relevant Deadlines
List relevant project deadlines here or state NONE.
Funding Source
Needed for the Air Force - 2771024
Define the Metadata
Assignee
Labels
Projects and Milestone
Define Related Issue(s)
Consider the impact to the other METplus components.
The following SonarQube issues are closely related:
New Feature Checklist
See the METplus Workflow for details.
feature_<Issue Number>_<Description>
feature <Issue Number> <Description>