Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: replace Codecov with SonarCloud scan #129

Merged
merged 1 commit into from
Oct 31, 2023
Merged

ci: replace Codecov with SonarCloud scan #129

merged 1 commit into from
Oct 31, 2023

Conversation

stklcode
Copy link
Contributor

@stklcode stklcode commented Oct 2, 2023

Synchronize our projects and move AntiVirus to SonarCloud, too. Use a dedicated CI step here to process code coverage.

@stklcode stklcode marked this pull request as ready for review October 2, 2023 18:51
@stklcode
ci: replace Codecov with SonarCloud scan
9593620 
Synchronize our projects and move AntiVirus to SonarCloud, too.
Use a dedicated CI step here to process code coverage.
@stklcode stklcode self-assigned this Oct 2, 2023
@Zodiac1978
Copy link
Member

I checked this rough and didn't understand why there are some things we do not have in ASB for example. GITHUB_TOKEN are not used in the ASB test.yml ... can you elaborate on this one?

@stklcode
Copy link
Contributor Author

In other projects like ASB we use SonarCloud's automatic analysis [1]. So Sonar is just informed that changes have been pushed and performs static code analysis. This is fine for many quality checks, but has at least one flaw: No other build stages are executed, so the analyzer has no idea about test coverage.

In AntiVirus we used to have test coverage analysis as well, so I switched from automatic to CI-based analysis. This usese an additional "SonarCloud Scan" stage as part of the CI pipeline where the analysis is actively performed and the results pushed to SonarCloud.

This PR is not a good example to show this in action. Because no code was changed, we obviously have no coverage on "new code"... The analysis overview[3] estimates 32.8% after merge which is roughly the same as CodeCov calculated before.

[1] https://docs.sonarcloud.io/advanced-setup/automatic-analysis/
[2] https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/github-actions-for-sonarcloud/
[3] https://sonarcloud.io/summary/new_code?id=pluginkollektiv_antivirus&pullRequest=129

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 31, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

Zodiac1978
Zodiac1978 approved these changes Oct 31, 2023
View reviewed changes
Copy link
Member

@Zodiac1978 Zodiac1978 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stklcode stklcode merged commit 9593620 into develop Oct 31, 2023
11 checks passed
@stklcode stklcode deleted the sonarcloud branch October 31, 2023 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zodiac1978 Zodiac1978 Zodiac1978 approved these changes

Assignees

@stklcode stklcode

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stklcode @Zodiac1978