Daffodil uses the online version of the SonarQube tool  hosted by Apache. Results of analysis can be viewed via this link.

Topics Discussed:

Testing changes locally

  1. Download SonarQube and SonarScanner, and add them to your path

  2. Spin up the local server by running the below, it defaults to localhost:9000

    sonar.sh console &
  3. Make changes to sonar-project.properties or .github/workflows/sonarcloud.yml as necessary

  4. Kick off the scan by compiling the code and running the scanner

    sbt compile test:compile it:compile && sonar-scanner

Granting Administrative Permissions

  1. From the Daffodil Sonarcloud page, use the toolbar to navigate to Adminstration > Permissions
  2. Search for the user or group of choice, then add the desired permissions
  3. Only PPMC members should have all 4 permissions

Reviewing/Updating Quality Profiles

  1. Navigate to the ASF sonarcloud organization page then Quality Profiles
  2. We have custom profiles under  Scala and Java
  3. To review a log of changes, click "Changelog" or use Java or Scala
  4. To update click, use "Activate More"


Updating Profiles

To be able to update/change features of the profile, you'd need to have a Sonarcloud account and have been granted administrative permissions to update quality profiles.


Signing up for Sonarcloud Notifications

To receive email notifications from Sonarcloud, each user must manually sign up. To do so:

  1. Navigate to My Account settings (Top right icon > My Account)
  2. Navigate to the Notifications settings via the navigation bar
  3. Select the notifications of interest, either on a per project level or for the whole instance (in case of multiple projects)

One notification that is highly recommended is the New quality gate status which allows us to catch when our project changes status (i.e from passing to failing or vice versa)

  • No labels