Daffodil uses the online version of the SonarQube tool hosted by Apache. Results of analysis can be viewed via this link.
Topics Discussed:
Testing changes locally
- Download SonarQube and SonarScanner, and add them to your path
Spin up the local server by running the below, it defaults to
localhost:9000
sonar.sh console &
- Make changes to
sonar-project.properties
or.github/workflows/sonarcloud.yml
as necessary Kick off the scan by compiling the code and running the scanner
sbt compile test:compile it:compile && sonar-scanner
Granting Administrative Permissions
- From the Daffodil Sonarcloud page, use the toolbar to navigate to Adminstration > Permissions
- Search for the user or group of choice, then add the desired permissions
- Only PPMC members should have all 4 permissions
Reviewing/Updating Quality Profiles
- Navigate to the ASF sonarcloud organization page then Quality Profiles
- We have custom profiles under Scala and Java
- To review a log of changes, click "Changelog" or use Java or Scala
- To update click, use "Activate More"
Updating Profiles
To be able to update/change features of the profile, you'd need to have a Sonarcloud account and have been granted administrative permissions to update quality profiles.
Signing up for Sonarcloud Notifications
To receive email notifications from Sonarcloud, each user must manually sign up. To do so:
- Navigate to My Account settings (Top right icon > My Account)
- Navigate to the Notifications settings via the navigation bar
- Select the notifications of interest, either on a per project level or for the whole instance (in case of multiple projects)
One notification that is highly recommended is the New quality gate status which allows us to catch when our project changes status (i.e from passing to failing or vice versa)