[FOLIO-1421] Enable SonarCloud static code analysis scan for UI modules. Created: 17/Aug/18  Updated: 27/Oct/22  Resolved: 31/Oct/18

Status: Closed
Project: FOLIO
Components: Continuous Integration
Affects versions: None
Fix versions: None

Type: Task Priority: P2
Reporter: Anton Emelianov (Inactive) Assignee: mark.stacy
Resolution: Done Votes: 0
Labels: ci, sprint45, sprint47, sprint48, sprint49, sprint50, uitestingteam
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
blocks UXPROD-1052 UI Test coverage reporting Closed
Relates
relates to FOLIO-1407 Publish karma/nightmare coverage repo... Closed
Sprint:
Development Team: Prokopovych

 Comments   
Comment by John Malconian [ 29/Sep/18 ]

Sonarqube code analysis is now implemented in Jenkins pipeline builds for frontend projects. To enable Sonarqube analysis for a given repo, the following parameter should be added to the project's Jenkinsfile:

runSonarqube = true

For example,

buildNPM {
  publishModDescriptor = 'no'
  runLint = 'no'
  runSonarqube = true
  runTest = 'yes'
}  

Unfortunately, a branch or PR build will fail the Sonarqube analysis stage if the master branch of a project has not already been scanned first. Therefore, 'runSonarqube = true' should be added to the Jenkinsfile and committed directly to master first.

Sonarqube has been enabled on all 'folio-org/stripes-*' projects. All branches and PRs are scanned. If the project generates a lcov.info file, this file is used by Sonarqube for coverage analysis. Let's see how things go with the initial stripes-* projects before enabling on ui-* projects.

Comment by John Malconian [ 11/Oct/18 ]

Sonarqube has now been enabled on all platform-core modules.

Comment by John Malconian [ 11/Oct/18 ]

enabled on ui-eholdings as well.

Comment by Jakub Skoczen [ 17/Oct/18 ]

John Malconian can we resolve this?

Comment by Jakub Skoczen [ 24/Oct/18 ]

This has been enable for platform-core modules and a couple other (ui-eholdings) what remains is platform-complete modules.

Comment by Jakub Skoczen [ 24/Oct/18 ]

Reassign to mark.stacy to complete this issues for platform-complete modules and exercise his GitHub access.

Comment by Anton Emelianov (Inactive) [ 29/Oct/18 ]

mark.stacy, the following modules should be added:
ui-audit
ui-calendar
ui-data-import
ui-erm
ui-erm-usage
ui-finance
ui-licenses
ui-orders
ui-plugin-find-license
ui-plugin-find-vendor
ui-receiving
ui-scan

Comment by Jeffrey Cherewaty [ 29/Oct/18 ]

Anton Emelianov I think ui-scan is deprecated.

Comment by John Malconian [ 29/Oct/18 ]

ui-scan is indeed deprecated and is no longer maintained. ui-plugin-find-instance has actually been completed. ui-license is just the old name for ui-licenses.

Comment by mark.stacy [ 29/Oct/18 ]

SonarCloud Enabled:

ui-audit
ui-calendar
ui-data-import * No master Branch Protection Rule!
ui-erm
ui-erm-usage * No master Branch Protection Rule!
ui-finance
ui-licenses
ui-orders

Ok, very tedious! Looking into Github API for an automated scripted solution.

John Malconian Do you want me to set up a "Branch Protection Rule" if the repo does not currently have one set up? or was this done on purpose? See the above list for repos without rule set.

Comment by John Malconian [ 30/Oct/18 ]

Thanks, Mark. I went ahead and enabled branch protection for master on those two repos. When a new repo is created I typically wait for a period of time for the project to ramp up before enabling the branch protection.

Comment by mark.stacy [ 30/Oct/18 ]

John Malconian Thanks! I have created a python script that uses the Github API. Created a gist https://gist.github.com/mbstacy/6c769be0b5c7aac0b52e6037592da397

It works the same way as git push:

 $ gitPushAdminEnforcement <remote> <branch> 

The user must have the appropriate privileges to complete the push to remote.

Comment by mark.stacy [ 30/Oct/18 ]

Completion of UI-* modules

ui-plugin-find-license * No master Branch Protection Rule!
ui-plugin-find-vendor * No master Branch Protection Rule!
ui-receiving * No master Branch Protection Rule!
ui-vendors

Comment by John Malconian [ 31/Oct/18 ]

mark.stacy Can we close this?

Comment by mark.stacy [ 31/Oct/18 ]

John Malconian I recieved an error on ui-plugin-find-license

Check console output at https://jenkins-aws.indexdata.com/job/folio-org/job/ui-plugin-find-license/job/master/2/console to view the results.

Yes, can close but didn't know if I should pull back out SonarCloud on ui-plugin-find-license.

Comment by John Malconian [ 31/Oct/18 ]

That build failure is due to an NPM dependency resolution issue - unrelated to Sonarqube. I've notified Mark D. and Ian. We can close this. Thanks, Mark!

Generated at Thu Feb 08 23:13:13 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.