Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate code quality indicators #488

Open
1 of 3 tasks
abelsromero opened this issue Oct 16, 2020 · 16 comments
Open
1 of 3 tasks

Integrate code quality indicators #488

abelsromero opened this issue Oct 16, 2020 · 16 comments

Comments

@abelsromero
Copy link
Member

abelsromero commented Oct 16, 2020
edited
Loading

What is this issue about?

  • Bug report
  • Feature request
  • Question

Description
Currently, the only indicator the project has is coverage but there are other interesting metric we could include.
There are several online platforms available for OS projects that integrate with GitHub repos but I personaly have no knowledge of PROS and CONS of them.
We could use so long there are no licencing issues, they provide metrics on PRs, and they support multimodule projects.
@abelsromero
Copy link
Member Author

https://github.com/asciidoctor-lifecycle-maven/asciidoctor-lifecycle-maven-plugin already uses some. Maybe @rrialq 🙄 would like to see what we need to integrate them?

@uniqueck
Copy link
Member

Hi @abelsromero,
I can support with sonarcloud, i used it in different projects and we can define a specific quality goal based on our requirements.

@abelsromero
Copy link
Member Author

I can support with sonarcloud, i used it in different projects and we can define a specific quality goal based on our requirements.

Go for it 🚀 I have no specific requirements.

@uniqueck
Copy link
Member

@mojavelinux I have applied access for analyzing asciidoctor-maven-plugin with sonarcloud, can you please accept this.

@mojavelinux
Copy link
Member

I think this is now set up at https://sonarcloud.io/organizations/asciidoctor/projects. Let me know if you need any other assistance.

@uniqueck
Copy link
Member

Hi @mojavelinux, thx for the setup, but i need for the analysis the api token and the project key. You get this if you configure this. You can declare this secrets as secrets in this repository, so i can setup the ci job.

@abelsromero
Copy link
Member Author

I tried and I don't see it and I can't import the project. If @mojavelinux can add me as some admin I can continue with @uniqueck.
Btw, what's the approach? I see in the docs there are 2 options: automatic and CI-based https://sonarcloud.io/documentation/getting-started/github/

image

You can declare this secrets as secrets in this repository, so i can setup the ci job.

Keep in mind secrets are not shared with external PR, we may need to set the job to run when merge on main only. Or prepare the blades fro some yak shaving dependabot/dependabot-core#3253 (comment)..

@uniqueck
Copy link
Member

CI based is my preferred approach. Yes this would be nice to add @abelsromero or myself as admin, so it would be a little bit faster to setup the stuff. @abelsromero with the secrets from external PR I know it, but i found an approach it should work. But i have to try it.

@uniqueck
Copy link
Member

@mojavelinux can you please provide that secret from sonar, so that i can go on with this issue.

@uniqueck
Copy link
Member

Is there any progress for this issue?

@mojavelinux
Copy link
Member

This kind of stuff really frustrates me because there are no clear guides for what an admin of the repository actually has to do to get it working. Instead, I feel like we just hobble along trying to figure out which buttons to click.

I added you both as administrators in SonarCube. Let me know if that gives you enough to do what you need to do.

@uniqueck
Copy link
Member

Thx Dan, Now it works, i can great a secret. @abelsromero can you give me access to that repository or you have to create that repository secrets. We need a SONAR_TOKEN as repository secret.

@abelsromero
Copy link
Member Author

Thx Dan, Now it works, i can great a secret. @abelsromero can you give me access to that repository or you have to create that repository secrets. We need a SONAR_TOKEN as repository secret.

I granted you quick access to get this done asap. In the long term we would want to managet that with a group we have though.

@uniqueck
Copy link
Member

Hi @abelsromero,
I'm sorry, but somehow I still can't create Repository Secrets. Here is a documentation which permissions are necessary. We can also add secrets on organization level and share they for all repositories. We can also setup an review process, so we can review secrets before they can affect the repositories. For me it is okay, if someone with enough permissions create these secret SONAR_TOKEN. Let me know if I can do something or can go one with setting up the workflow to analyse the code.

@mojavelinux
Copy link
Member

We can also add secrets on organization level and share they for all repositories.

Secrets need to be kept per repository. The projects in Asciidoctors are maintained by a lot of different people and thus the administration is handled at the repository level.

@abelsromero
Copy link
Member Author

@uniqueck I elevated your permissions to Admin now. You should be able to handle secrets now.

Secrets need to be kept per repository.

Definetly, no question about that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mojavelinux @abelsromero @uniqueck