[FOLIO-1421] Enable SonarCloud static code analysis scan for UI modules. Created: 17/Aug/18 Updated: 27/Oct/22 Resolved: 31/Oct/18 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | Continuous Integration |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P2 |
| Reporter: | Anton Emelianov (Inactive) | Assignee: | mark.stacy |
| Resolution: | Done | Votes: | 0 |
| Labels: | ci, sprint45, sprint47, sprint48, sprint49, sprint50, uitestingteam | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||||||
| Sprint: | |||||||||||||||||
| Development Team: | Prokopovych | ||||||||||||||||
| Comments |
| Comment by John Malconian [ 29/Sep/18 ] |
|
Sonarqube code analysis is now implemented in Jenkins pipeline builds for frontend projects. To enable Sonarqube analysis for a given repo, the following parameter should be added to the project's Jenkinsfile: runSonarqube = true For example, buildNPM {
publishModDescriptor = 'no'
runLint = 'no'
runSonarqube = true
runTest = 'yes'
}
Unfortunately, a branch or PR build will fail the Sonarqube analysis stage if the master branch of a project has not already been scanned first. Therefore, 'runSonarqube = true' should be added to the Jenkinsfile and committed directly to master first. Sonarqube has been enabled on all 'folio-org/stripes-*' projects. All branches and PRs are scanned. If the project generates a lcov.info file, this file is used by Sonarqube for coverage analysis. Let's see how things go with the initial stripes-* projects before enabling on ui-* projects. |
| Comment by John Malconian [ 11/Oct/18 ] |
|
Sonarqube has now been enabled on all platform-core modules. |
| Comment by John Malconian [ 11/Oct/18 ] |
|
enabled on ui-eholdings as well. |
| Comment by Jakub Skoczen [ 17/Oct/18 ] |
|
John Malconian can we resolve this? |
| Comment by Jakub Skoczen [ 24/Oct/18 ] |
|
This has been enable for platform-core modules and a couple other (ui-eholdings) what remains is platform-complete modules. |
| Comment by Jakub Skoczen [ 24/Oct/18 ] |
|
Reassign to mark.stacy to complete this issues for platform-complete modules and exercise his GitHub access. |
| Comment by Anton Emelianov (Inactive) [ 29/Oct/18 ] |
|
mark.stacy, the following modules should be added: |
| Comment by Jeffrey Cherewaty [ 29/Oct/18 ] |
|
Anton Emelianov I think ui-scan is deprecated. |
| Comment by John Malconian [ 29/Oct/18 ] |
|
ui-scan is indeed deprecated and is no longer maintained. ui-plugin-find-instance has actually been completed. ui-license is just the old name for ui-licenses. |
| Comment by mark.stacy [ 29/Oct/18 ] |
|
SonarCloud Enabled: ui-audit Ok, very tedious! Looking into Github API for an automated scripted solution. John Malconian Do you want me to set up a "Branch Protection Rule" if the repo does not currently have one set up? or was this done on purpose? See the above list for repos without rule set. |
| Comment by John Malconian [ 30/Oct/18 ] |
|
Thanks, Mark. I went ahead and enabled branch protection for master on those two repos. When a new repo is created I typically wait for a period of time for the project to ramp up before enabling the branch protection. |
| Comment by mark.stacy [ 30/Oct/18 ] |
|
John Malconian Thanks! I have created a python script that uses the Github API. Created a gist https://gist.github.com/mbstacy/6c769be0b5c7aac0b52e6037592da397 It works the same way as git push: $ gitPushAdminEnforcement <remote> <branch> The user must have the appropriate privileges to complete the push to remote. |
| Comment by mark.stacy [ 30/Oct/18 ] |
|
Completion of UI-* modules ui-plugin-find-license * No master Branch Protection Rule! |
| Comment by John Malconian [ 31/Oct/18 ] |
|
mark.stacy Can we close this? |
| Comment by mark.stacy [ 31/Oct/18 ] |
|
John Malconian I recieved an error on ui-plugin-find-license Check console output at https://jenkins-aws.indexdata.com/job/folio-org/job/ui-plugin-find-license/job/master/2/console to view the results. Yes, can close but didn't know if I should pull back out SonarCloud on ui-plugin-find-license. |
| Comment by John Malconian [ 31/Oct/18 ] |
|
That build failure is due to an NPM dependency resolution issue - unrelated to Sonarqube. I've notified Mark D. and Ian. We can close this. Thanks, Mark! |