Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-18390

Run Sonar analyzer over the Cassandra project

    XMLWordPrintableJSON

Details

    • Task
    • Status: Patch Available
    • Normal
    • Resolution: Unresolved
    • None
    • Build
    • None
    • Code Clarity
    • Normal
    • All
    • None
    • Hide

      To test - run SonarQube using the docker image, generate a token in the UI, and update sonar-project.properties to appropriate variables. Run:
      ant sonar -Dsonar.login=your_token
      https://docs.sonarqube.org/9.6/try-out-sonarqube/
      Alternatively, the act can be used to check the GA.

      Show
      To test - run SonarQube using the docker image, generate a token in the UI, and update sonar-project.properties to appropriate variables. Run: ant sonar -Dsonar.login=your_token https://docs.sonarqube.org/9.6/try-out-sonarqube/ Alternatively, the act can be used to check the GA.

    Description

      As we already have Cassandra's project configured for the sonarcloud.io INFRA-24196, I wonder if we will be able to release branches, trunk, and pull requests to get analyzed by the SonarAnalyzer tool.

      Sonar is a code quality and security tool that is free to open-source projects and recommended by the INFRA team:
      https://cwiki.apache.org/confluence/display/INFRA/SonarCloud+for+ASF+projects

      It can have the following benefits without introducing any drawbacks (except for a few lines of source code)

      • visualise the LFH problems to work on;
      • see the trends in the source code;
      • add an extra layer of static code analysis;

      Changes below I have tested it locally with my SonarQube deployed on http://localhost:9000 and run the `act` for the GA part of the PR. It seems to work and parse classes correctly, but there are a few steps that need to be done by Cassandra's Committer or PMC (I do not have sufficient privileges):

      • make sure that the SONARCLOUD_TOKEN is available for GA and enabled for the project;
      • quality profile is configured for the project (the "Sonar way" seems to be heavy to run);

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. CASSANDRA-18239 Replace eclipse warnings based static code analysis with something better (CheckerFramework)

          • Normal -
          • Review In Progress
          links to

          Web Link GitHub PullRequest: 2252

          Activity

            People

              mmuzaf Maxim Muzafarov
              mmuzaf Maxim Muzafarov
              Maxim Muzafarov
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10m
                  10m