Closed JoaoCipriano closed 1 year ago
It's a great contribution @JoaoCipriano !! SonarCloud is reference for static code analysis!!
@JoaoCipriano thanks for the idea! I'll have a look at the refs you sent, so I'll write a comment here when I've completed the steps you wrote above.
@JoaoCipriano I've done the steps above, created environment "development" and placed "SONAR_TOKEN" as an environment secret for that environment.
The project on sonarcloud is https://sonarcloud.io/project/overview?id=valentinacupac_banking-kata-java
Spo that means, from id=valentinacupac_banking-kata-java: organization: valentinacupac project: banking-kata-java
Let me know if there's anything else that I need to do, or was this enough up to now.
@valentinacupac I think that's enough, let's test it; I created PR #107 with the integration.
@JoaoCipriano ok merge done, so you can do testing let me know also if I need to test anything.
@valentinacupac, looks like the integration worked, but the quality gate didn't compute; the documentation suggests configuring New Code Definition to enable it, in my tests I configured the "previous version" option, following the documentation https://docs.sonarcloud.io/improving/quality-gates/ and https://docs.sonarcloud .io/improving/new-code-definition/. After that, we can generate another commit or create a PR to test.
@JoaoCipriano I now added a New Code Definition with "previous version" option.
@JoaoCipriano I made a commit, so you can continue testing.
We did it! Thank you, @valentinacupac; the issue can be closed.
@JoaoCipriano it all works here (in banking kata), but I also tried to add SonarQube with the above procedure to my new repository (Java sandbox) https://github.com/valentinacupac/sandbox-java/actions/runs/5475679566/jobs/9972119950 - though it fails there, not sure if I missed something in the procedure... let me know if you have any ideas for that one?
@valentinacupac I tested some solutions and it will be necessary the following steps:
development
at SonarCloud workflow; this step will keep the SONAR_TOKEN secret available.SonarQube server [http://localhost:9000] can not be reached
error.I forked the project and opened a PR with the above steps less the first one because just the owner can config; https://github.com/JoaoCipriano/sandbox-java/pull/1 accordingly, I can change the target to the main project and the project references.
Follow the reference on SonarCloud https://sonarcloud.io/summary/new_code?id=JoaoCipriano_sandbox-java&pullRequest=1.
Hi Valentina! About issue #38, we can use SonarCloud with its free plan for open-source projects. Whether in agreement, I need your help with the following steps to create an account and set up the project:
Follow the instructions from ref-1 until minute 10:23, in minute 9:17 copy the token to use in the next steps;
Create an environment called
development
to the repository following the instructions from ref-2;Add a secret to the environment called
SONAR_TOKEN
with the token generated following the instructions from ref-2;After these steps, you can share the project key and the organization key which will be public information, with them I will update the information configured at my branch JoaoCipriano/banking-kata-java at implement-sonarqube-for-static-code-analysis (github.com) and I will send a PR for issue #38.
For any questions I’m available.
Example with my account: banking-kata - João Lucas Cipriano (sonarcloud.io);
Example overview generated by SonarCloud: https://github.com/JoaoCipriano/banking-kata-java/runs/11766358705;
Refs:
ref-1: Video with steps to create an account in the SonarCloud and initial set up, https://youtu.be/J3672D_kPck;
ref-2: Documentation from GitHub to Environments and Variables, Using environments for deployment - GitHub Docs;