feat: Add sonarcloud scanning #935
Conversation
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_JAVA }} | ||
| run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=redhat-appstudio-1_jvm-build-service-java |
There was a problem hiding this comment.
This will end up running tests duplicating (and duplicating) work done in other workflows. Why can't a single workflow be used? Note also #936 which reduces the CI load somewhat (as well as fixing coverage reporting).
| sonar.sourceEncoding=UTF-8 | ||
|
|
||
| # Exclusions for copy-paste detection | ||
| sonar.cpd.exclusions=**/*test* |
There was a problem hiding this comment.
Is this only for the GoLang scanning? Can this be a hidden file or specified directly in the workflow?
There was a problem hiding this comment.
yes this is only for golang and this cannot be a hidden file i want this in the repo as i have for all the RHTAP repos
There was a problem hiding this comment.
How come you renamed it to a hidden file in other repositories e.g. https://github.com/redhat-appstudio/e2e-tests/blob/main/.sonarcloud.properties , https://github.com/redhat-appstudio/service-provider-integration-operator/blob/main/.sonarcloud.properties ?
|
Will this cause the run to fail if the sonar run complains? i.e. can it be configured to notify only? |
|
@sawood14012: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Hi, Since JVM is a complex repo the sonar cloud automatic scan would not work and i would like to split it into 2 scans like this and 2 corresponding projects in sonar cloud
https://issues.redhat.com/browse/STONEBLD-1940
https://issues.redhat.com/browse/KONFLUX-737