search

valentinacupac / banking-kata-java

Banking Kata (Java)
MIT License
336 stars 90 forks source link

SonarCloud Integration - Static Code Analysis #93

Closed JoaoCipriano closed 1 year ago

JoaoCipriano commented 1 year ago

Hi Valentina! About issue #38, we can use SonarCloud with its free plan for open-source projects. Whether in agreement, I need your help with the following steps to create an account and set up the project:

After these steps, you can share the project key and the organization key which will be public information, with them I will update the information configured at my branch JoaoCipriano/banking-kata-java at implement-sonarqube-for-static-code-analysis (github.com) and I will send a PR for issue #38.

For any questions I’m available.

Example with my account: banking-kata - João Lucas Cipriano (sonarcloud.io);

Example overview generated by SonarCloud: https://github.com/JoaoCipriano/banking-kata-java/runs/11766358705;

Refs:

fabiopereira96 commented 1 year ago

It's a great contribution @JoaoCipriano !! SonarCloud is reference for static code analysis!!

valentinacupac commented 1 year ago

@JoaoCipriano thanks for the idea! I'll have a look at the refs you sent, so I'll write a comment here when I've completed the steps you wrote above.

valentinacupac commented 1 year ago

@JoaoCipriano I've done the steps above, created environment "development" and placed "SONAR_TOKEN" as an environment secret for that environment.

The project on sonarcloud is https://sonarcloud.io/project/overview?id=valentinacupac_banking-kata-java

Spo that means, from id=valentinacupac_banking-kata-java: organization: valentinacupac project: banking-kata-java

Let me know if there's anything else that I need to do, or was this enough up to now.

JoaoCipriano commented 1 year ago

@valentinacupac I think that's enough, let's test it; I created PR #107 with the integration.

valentinacupac commented 1 year ago

@JoaoCipriano ok merge done, so you can do testing let me know also if I need to test anything.

JoaoCipriano commented 1 year ago

@valentinacupac, looks like the integration worked, but the quality gate didn't compute; the documentation suggests configuring New Code Definition to enable it, in my tests I configured the "previous version" option, following the documentation https://docs.sonarcloud.io/improving/quality-gates/ and https://docs.sonarcloud .io/improving/new-code-definition/. After that, we can generate another commit or create a PR to test.

valentinacupac commented 1 year ago

@JoaoCipriano I now added a New Code Definition with "previous version" option.

valentinacupac commented 1 year ago

@JoaoCipriano I made a commit, so you can continue testing.

JoaoCipriano commented 1 year ago

We did it! Thank you, @valentinacupac; the issue can be closed.

valentinacupac commented 1 year ago

@JoaoCipriano it all works here (in banking kata), but I also tried to add SonarQube with the above procedure to my new repository (Java sandbox) https://github.com/valentinacupac/sandbox-java/actions/runs/5475679566/jobs/9972119950 - though it fails there, not sure if I missed something in the procedure... let me know if you have any ideas for that one?

JoaoCipriano commented 1 year ago

@valentinacupac I tested some solutions and it will be necessary the following steps:

I forked the project and opened a PR with the above steps less the first one because just the owner can config; https://github.com/JoaoCipriano/sandbox-java/pull/1 accordingly, I can change the target to the main project and the project references.

Follow the reference on SonarCloud https://sonarcloud.io/summary/new_code?id=JoaoCipriano_sandbox-java&pullRequest=1.