dtcenter/METcalcpy

Integrate SonarQube with GitHub Actions

Closed this issue · 1 comments

jprestop commented

Describe the Task

In the METplus-5.0.0 Release Retrospective, @JohnHalleyGotway mentioned that there is a new version of SonarQube that integrates well with GitHub and would be good to consider using. We discussed this at the 20230329 METplus All Hands meeting with the following details:

  • Start with one repo to determine what is involved before creating issues across all METplus component repos.
  • Ideally, we want to do this work through GitHub Actions with a run for each pull request and if the number of SonarQube findings increase, we'd want to fix those problems before approving the pull request.
  • @hsoh-u mentioned that the SonarQube findings are accessed through a webpage, so we’re not sure how an increase would be detected. @bikegeek mentioned that potentially, we could save the html report as an artifact and parse it.

More research is needed to fully understand how we can connect SonarQube and GitHub Actions to accomplish this goal. Minna will take the lead on this task with Howard helping as necessary.

Time Estimate

Leaving this part for @bikegeek to fill in.
Estimate the amount of work required here.

Sub-Issues

Consider breaking the task down into sub-issues.

  • Add a checkbox for each sub-issue here.

Relevant Deadlines

None

Funding Source

Please ask @TaraJensen before starting on this work.

Define the Metadata

Assignee

  • Select engineer(s) or no engineer required
  • Select scientist(s) or no scientist required

Labels

  • Select component(s)
  • Select priority
  • Select requestor(s)

Projects and Milestone

  • Select Repository and/or Organization level Project(s) or add alert: NEED PROJECT ASSIGNMENT label
    Leaving the alert: NEED PROJECT ASSIGNMENT label in place because I'm guessing at a Project Assignment
  • Select Milestone as the next official version or Future Versions

Define Related Issue(s)

Consider the impact to the other METplus components.

Task Checklist

See the METplus Workflow for details.

  • Complete the issue definition above, including the Time Estimate and Funding Source.
  • Fork this repository or create a branch of develop.
    Branch name: feature_<Issue Number>_<Description>
  • Complete the development and test your changes.
  • Add/update log messages for easier debugging.
  • Add/update unit tests.
  • Add/update documentation.
  • Push local changes to GitHub.
  • Submit a pull request to merge into develop.
    Pull request: feature <Issue Number> <Description>
  • Define the pull request metadata, as permissions allow.
    Select: Reviewer(s) and Development issues
    Select: Repository level development cycle Project for the next official release
    Select: Milestone as the next official version
  • Iterate until the reviewer(s) accept and merge your changes.
  • Delete your fork or branch.
  • Close this issue.
bikegeek commented

Found a SonarQube Github action from the marketplace: https://github.com/marketplace/actions/official-sonarqube-scan

Incorporated this into a yaml file and after multiple attempts, cannot get a successful scan of the METcalcpy repository.