asciidoctor-maven-plugin icon indicating copy to clipboard operation
asciidoctor-maven-plugin copied to clipboard

Published 20 hours ago verified publisher icon asciidoctor

Integrate code quality indicators

Open abelsromero opened this issue 5 years ago • 16 comments

What is this issue about?

  • [ ] Bug report
  • [x] Feature request
  • [ ] Question

Description Currently, the only indicator the project has is coverage but there are other interesting metric we could include. There are several online platforms available for OS projects that integrate with GitHub repos but I personaly have no knowledge of PROS and CONS of them. We could use so long there are no licencing issues, they provide metrics on PRs, and they support multimodule projects.

abelsromero avatar Oct 16 '20 09:10 abelsromero

https://github.com/asciidoctor-lifecycle-maven/asciidoctor-lifecycle-maven-plugin already uses some. Maybe @rrialq :roll_eyes: would like to see what we need to integrate them?

abelsromero avatar Oct 16 '20 09:10 abelsromero

Hi @abelsromero, I can support with sonarcloud, i used it in different projects and we can define a specific quality goal based on our requirements.

uniqueck avatar Apr 30 '21 21:04 uniqueck

I can support with sonarcloud, i used it in different projects and we can define a specific quality goal based on our requirements.

Go for it :rocket: I have no specific requirements.

abelsromero avatar May 01 '21 07:05 abelsromero

@mojavelinux I have applied access for analyzing asciidoctor-maven-plugin with sonarcloud, can you please accept this.

uniqueck avatar May 10 '21 21:05 uniqueck

I think this is now set up at https://sonarcloud.io/organizations/asciidoctor/projects. Let me know if you need any other assistance.

mojavelinux avatar May 10 '21 21:05 mojavelinux

Hi @mojavelinux, thx for the setup, but i need for the analysis the api token and the project key. You get this if you configure this. You can declare this secrets as secrets in this repository, so i can setup the ci job.

uniqueck avatar May 19 '21 07:05 uniqueck

I tried and I don't see it and I can't import the project. If @mojavelinux can add me as some admin I can continue with @uniqueck. Btw, what's the approach? I see in the docs there are 2 options: automatic and CI-based https://sonarcloud.io/documentation/getting-started/github/

image

You can declare this secrets as secrets in this repository, so i can setup the ci job.

Keep in mind secrets are not shared with external PR, we may need to set the job to run when merge on main only. Or prepare the blades fro some yak shaving https://github.com/dependabot/dependabot-core/issues/3253#issuecomment-797125425..

abelsromero avatar May 19 '21 08:05 abelsromero

CI based is my preferred approach. Yes this would be nice to add @abelsromero or myself as admin, so it would be a little bit faster to setup the stuff. @abelsromero with the secrets from external PR I know it, but i found an approach it should work. But i have to try it.

uniqueck avatar May 19 '21 08:05 uniqueck

@mojavelinux can you please provide that secret from sonar, so that i can go on with this issue.

uniqueck avatar May 31 '21 22:05 uniqueck

Is there any progress for this issue?

uniqueck avatar Jul 26 '21 21:07 uniqueck

This kind of stuff really frustrates me because there are no clear guides for what an admin of the repository actually has to do to get it working. Instead, I feel like we just hobble along trying to figure out which buttons to click.

I added you both as administrators in SonarCube. Let me know if that gives you enough to do what you need to do.

mojavelinux avatar Jul 29 '21 18:07 mojavelinux

Thx Dan, Now it works, i can great a secret. @abelsromero can you give me access to that repository or you have to create that repository secrets. We need a SONAR_TOKEN as repository secret.

uniqueck avatar Jul 29 '21 21:07 uniqueck

Thx Dan, Now it works, i can great a secret. @abelsromero can you give me access to that repository or you have to create that repository secrets. We need a SONAR_TOKEN as repository secret.

I granted you quick access to get this done asap. In the long term we would want to managet that with a group we have though.

abelsromero avatar Jul 30 '21 07:07 abelsromero

Hi @abelsromero, I'm sorry, but somehow I still can't create Repository Secrets. Here is a documentation which permissions are necessary. We can also add secrets on organization level and share they for all repositories. We can also setup an review process, so we can review secrets before they can affect the repositories. For me it is okay, if someone with enough permissions create these secret SONAR_TOKEN. Let me know if I can do something or can go one with setting up the workflow to analyse the code.

uniqueck avatar Jul 30 '21 23:07 uniqueck

We can also add secrets on organization level and share they for all repositories.

Secrets need to be kept per repository. The projects in Asciidoctors are maintained by a lot of different people and thus the administration is handled at the repository level.

mojavelinux avatar Jul 31 '21 01:07 mojavelinux

@uniqueck I elevated your permissions to Admin now. You should be able to handle secrets now.

Secrets need to be kept per repository.

Definetly, no question about that.

abelsromero avatar Jul 31 '21 06:07 abelsromero