Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for decorating Pull Requests #30

Merged
merged 5 commits into from
Jan 8, 2020
Merged

Add support for decorating Pull Requests #30

merged 5 commits into from
Jan 8, 2020

Conversation

mc1arke
Copy link
Owner

@mc1arke mc1arke commented Aug 19, 2019
edited
Loading

This change introduces the APIs and components to allow the collection of issues and metrics during analysis, and an initial implementation for decorating requests on Github using these metrics. The Github implementation uses v4 of the Github API to create the 'check run' with the analysis results, but v3 of the API to acquire the relevant application authentication tokens since application authentication cannot currently be created/retrieved through the v4 API.

The provided implementation currently only supports the same level of reporting as provided by the official SonarQube branch decoration, but without including any images in the summary, and the configuration properties match those in the official documentation for setting up SonarQube for application based authentication against Github.

@mc1arke mc1arke mentioned this pull request Aug 19, 2019
Closed
@4n4n4s
Copy link
Contributor

4n4n4s commented Sep 6, 2019

LGTM

@mc1arke When do you expect that this is merged? Are there still things that you want to refactor or add (tests)? I would like to add the Bitbucket Server integration including comments on file level.

@majorvin
Copy link

majorvin commented Sep 7, 2019

@4n4n4s when i run it locally, some tests are failing.
@mc1arke since this is an open source project, I think you can integrate your project with some of the CICD tools to have your PR run your tests. Thanks!

@4n4n4s
Copy link
Contributor

4n4n4s commented Sep 8, 2019

@majorvin
I worked on a Bitbucket Server integration today based on this PR.
It's incuding commenting on file level (this still has some flaws).
However the basic thing is working on my test project.

Changed the way that the overall comment is built to use a builder as this was very hard to read.

I also had to rework PostAnalysisIssueVisitor a bit so that we can keep the path to the analysed file as this is required for a file comment.

@mc1arke can we add the changes I made to this PR?

@mc1arke
Copy link
Owner Author

mc1arke commented Sep 8, 2019

since this is an open source project, I think you can integrate your project with some of the CICD tools to have your PR run your tests. Thanks!

@majorvin What tests are failing? When built with Java 9 or above ClassReferenceElevatedClassLoaderFactoryTest.testClassloaderReturnedOnHappyPath fails due to it not setting up class loading in a way compatible with the new jdk.internal.loader.BuiltinClassLoader introduced in Java 9. I'll look to fix this at some point in the near future, but currently running the tests with Java 8 should prove the necessary functionality.

I've got the travis-ci branch configured to run the build using Java 8 and Java 11. Once the class loading test is fixed I'll merge this back to master.

can we add the changes I made to this PR?

@4n4n4s If you think you're code is ready for review/merge then please raise a Pull Request targeting the pr-decoration branch. I've got a number of changes locally to refactor the code for test-ability and maintainability, but haven't pushed it yet as I wanted to get the test coverage increased. Therefore, you may need to do some re-basing as I tidy up my initial commit; but we can deal with that if we need to.

@4n4n4s
Copy link
Contributor

4n4n4s commented Sep 9, 2019

@mc1arke thx for your reply. I do agree. It should not make too many problems to update the classes I touched with your changes.

When do you think that your changes will be ready for pushing it to this PR?

I will create the PR targeting this branch hopefully today.

@tisoft
Copy link
Contributor

tisoft commented Sep 21, 2019

Added an implementation for GitLab in #34 to make the trio complete. 😄

Maybe we should have a central class that handles the generation of the text for the summary/file comments, so that it is not repeated in each implementation. Or switch to a template based solution as done here.

@coreinsane
Copy link

Will you plan to support Azure DevOps Server PR Decoration?

@mc1arke
Copy link
Owner Author

mc1arke commented Sep 23, 2019

@tisoft thanks for the contribution. I've had limited time for properly being involved in these changes in the past month but hope to get back into it this week. I'll take a look at your changes as-soon-as-possible and give you any feedback. As you've suggested, I've refactored my initial Pull Request to split up some of the generation and gathering steps and the actual decoration step which should simplify what needs implemented in each case. I'll probably raise the changes under another branch so @4n4n4s can rebase cleanly rather than dealing with re-writing history against the current branch.

@coreinsane I've never use Azure DevOps and am happy to look at supporting it, but would need the community to provide support in testing it and confirming any usage patterns that need to be followed.

@rverma-nikiai
Copy link

@mc1arke Tried to run the branch with additional parameters as

sonar.pullrequest.branch=pr-decoration
sonar.pullrequest.key=2
sonar.pullrequest.provider=Github
sonar.github.repository=rverma/sonarqube-community-branch-plugin

But getting
No decorator found for this Pull Request.

@tisoft
Copy link
Contributor

tisoft commented Oct 13, 2019

@rverma-nikiai I had the same behavior if the sonar.branch.name parameter is set while trying to do pull request analysis.

@rverma-nikiai
Copy link

Wondering what is a good way to debug sonarqube plugins. I tried to add sonar.web.javaAdditionalOpts=-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=8000 and attached remote debugger to this project. Unfortunately it didn't work.

@tisoft Did it work if you stop passing sonar.branch.name?

@tisoft
Copy link
Contributor

tisoft commented Oct 13, 2019

Yes that helped.

@rverma-nikiai
Copy link

Removing that did regitered the pullrequest decorator. But now getting exception as Caused by: java.lang.IllegalStateException: File 'ComponentImpl{type=FILE, status=SAME, name='src/main/java/com/github/mc1arke/sonarqube/plugin/ce/CommunityBranchEditionProvider.java', dbKey='com.github.mc1arke.sonarqube.plugin:sonarqube-community-branch-plugin:src/main/java/com/github/mc1arke/sonarqube/plugin/ce/CommunityBranchEditionProvider.java', key='com.github.mc1arke.sonarqube.plugin:sonarqube-community-branch-plugin:src/main/java/com/github/mc1arke/sonarqube/plugin/ce/CommunityBranchEditionProvider.java', uuid='AW3D4QucCpRUzI-za-Tf', description='null', children=[], projectAttributes=null, reportAttributes=ReportAttributes{ref=28, scmPath='src/main/java/com/github/mc1arke/sonarqube/plugin/ce/CommunityBranchEditionProvider.java'}, fileAttributes=FileAttributes{languageKey='java', unitTest=false, lines=33}}' has no source code

@rverma-nikiai
Copy link

rverma-nikiai commented Oct 13, 2019
edited
Loading

Found that above issue was cause of an empty line at EOF. Now the scan run successfully but I don't see anything in my github PR.

@mc1arke
Copy link
Owner Author

mc1arke commented Oct 13, 2019

You're more likely to want sonar.ce.javaAdditionalOpts if trying to debug the plugin during PR decoration as this is executed by the Compute Engine (CE) component if SonarQube:

  • Classes in com.github.mc1arke.sonarqube.plugin.ce can be debugged using sonar.ce.javaAdditionalOpts
  • Classes in com.github.mc1arke.sonarqube.plugin.server can be debugged using sonar.web.javaAdditionalOpts
  • Classes in com.github.mc1arke.sonarqube.plugin.scanner can be debugged using mvnDebug or similar to run the scan

Other classes are shared across the different components in the infrastructure so debugging them will depend on what feature you're trying to use/test.

@IMKnysh
Copy link

IMKnysh commented Oct 20, 2019

It will be nice to have coverage analyses result in comments on PR. What do you think about?

@pierCo
Copy link

pierCo commented Nov 18, 2019

I tried to test the PR decoration (I build manually your code) to validate this PR and the behaviour, but without any success.

My conclusion is that I did not pushed parameters from my maven command to Sonar.

Below my mvn command:

 mvn clean package sonar:sonar \
    -Dsonar.pullrequest.provider=Github \
    -Dsonar.host.url=https://sonar-poc-server.cleverapps.io \
    -Dsonar.pullrequest.github.repository=pierCo/sonar-poc-2 \
    -Dsonar.pullrequest.base=master \
    -Dsonar.pullrequest.branch=fix-issues \
    -Dsonar.pullrequest.key=1

In Sonar logs: No decorator found for this Pull Request.

To move forward, I force the parameter sonar.pullrequest.provider (defined in my command line) value directly in the source code (edit the file PullRequestPostAnalysisTask.java).
But another empty parameter appears: sonar.pullrequest.github.repository (also defined in my command line)

So, I think I have miss something somewhere, Do you have an idea?

Information: I test with Sonar 7.9.

@hnrkdmsk
Copy link

hnrkdmsk commented Nov 19, 2019
edited
Loading

I tried to test the PR decoration (I build manually your code) to validate this PR and the behaviour, but without any success.

My conclusion is that I did not pushed parameters from my maven command to Sonar.

Below my mvn command:

 mvn clean package sonar:sonar \
    -Dsonar.pullrequest.provider=Github \
    -Dsonar.host.url=https://sonar-poc-server.cleverapps.io \
    -Dsonar.pullrequest.github.repository=pierCo/sonar-poc-2 \
    -Dsonar.pullrequest.base=master \
    -Dsonar.pullrequest.branch=fix-issues \
    -Dsonar.pullrequest.key=1

In Sonar logs: No decorator found for this Pull Request.

To move forward, I force the parameter sonar.pullrequest.provider (defined in my command line) value directly in the source code (edit the file PullRequestPostAnalysisTask.java).
But another empty parameter appears: sonar.pullrequest.github.repository (also defined in my command line)

So, I think I have miss something somewhere, Do you have an idea?

Information: I test with Sonar 7.9.

You have to set these values on SonarQube side in your project settings. It would be nice to set these values with the maven command.

See also: https://docs.sonarqube.org/latest/analysis/pull-request/

@artemy-osipov
Copy link
Contributor

@mc1arke Will you plan to rebase/merge this PR or merge other PRs to current branch for nearby future?

@pierCo
Copy link

pierCo commented Nov 27, 2019

I tried to test the PR decoration (I build manually your code) to validate this PR and the behaviour, but without any success.
My conclusion is that I did not pushed parameters from my maven command to Sonar.
Below my mvn command:

 mvn clean package sonar:sonar \
    -Dsonar.pullrequest.provider=Github \
    -Dsonar.host.url=https://sonar-poc-server.cleverapps.io \
    -Dsonar.pullrequest.github.repository=pierCo/sonar-poc-2 \
    -Dsonar.pullrequest.base=master \
    -Dsonar.pullrequest.branch=fix-issues \
    -Dsonar.pullrequest.key=1

In Sonar logs: No decorator found for this Pull Request.
To move forward, I force the parameter sonar.pullrequest.provider (defined in my command line) value directly in the source code (edit the file PullRequestPostAnalysisTask.java).
But another empty parameter appears: sonar.pullrequest.github.repository (also defined in my command line)
So, I think I have miss something somewhere, Do you have an idea?
Information: I test with Sonar 7.9.

You have to set these values on SonarQube side in your project settings. It would be nice to set these values with the maven command.

See also: https://docs.sonarqube.org/latest/analysis/pull-request/

Thanks, it works well for me.

I'll continue to test with more cases.

This was referenced Dec 20, 2019
Closed
Closed
Closed
@mc1arke
Add compile-time support for checking Sonarqube feature deprecation
60f8e8d 
The existing method of adding comments to methods to indicate what version of Sonarqube the method is supporting is difficult to maintain and prevents external developers from easily working with Sonarqube updates. Adding a new `SonarqubeCompatibility` interface with extensions for each major and minor Sonarqube version that removes any methods, as well as switching existing methods to use these new interfaces, allows for the code-base to consistently compile against different Sonarqube versions, and indicates why any out-dated methods are being retained. This change also corrects tests that incorrectly depended on interfaces or methods to perform a test, where an alternative approach could be used for a more reliable and maintainable result.
@mc1arke
Add support for decorating pull requests
ce99b08 
Provides the interfaces and models to allow collection of metrics and issues for publishing to pull requests. To allow consistent rendering of information across different version control providers, an `AnalysisDetails` class exposing the collected metrics, and a pre-built message containing a summary of the analysis results. To allows for different providers using different formats of status messages, the status message is produced as a syntax tree, with each Pull Request Provider implementation providing a formatter to convert the tree to a suitable output type. A default Markdown formatter has been included to support this.

The images used for portraying the measures in the decoration have been copied unmodified from the sonarqube/sonarcloud-github-static-resources repository and, as no license is set on this repository or referenced in any of the files, these are presumed to be in the public domain so available for use here.
@mc1arke
Add support for decorating pull requests on Github
b213d67 
Uses the Github rest APIs to perform application authentication, and the GraphQL APIs to create a 'Check Run' providing the overall summary of the scan, and individual annotations of issues within each file. No attempt is made to remove old runs/annotations given Github seems to manage this when a new run is generated by the same application. The configuration of Sonarqube to allow this decoration aim to match those provided in the documentation for SonarQube 8.0.
@4n4n4s @mc1arke
Add support for decoration pull requests on Bitbucket
7a582ea 
Use Bitbucket REST interfaces to apply comments to Pull Requests. Where possible, any existing comments are removed prior to adding comments to prevent any duplication, and properties have been added to control whether commenting and clean-up of comments is enabled.
@tisoft @mc1arke
Add support for decorating merge requests on Gitlab
9a12d6d 
Uses Gitlab's rest API to create conversations/threads on a merge request containing annotations for each issue discovered by SonarQube, and provides a message on the merge request containing the scan summary.
@mc1arke mc1arke merged commit 9a12d6d into master Jan 8, 2020
@mc1arke mc1arke deleted the pr-decoration branch July 17, 2020 08:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.