Maxim Muzafarov created CASSANDRA-18390:
-------------------------------------------
Summary: Run Sonar analyzer over the Cassandra project
Key: CASSANDRA-18390
URL: https://issues.apache.org/jira/browse/CASSANDRA-18390
Project: Cassandra
Issue Type: Task
Components: Build
Reporter: Maxim Muzafarov
Assignee: Maxim Muzafarov
As we already have Cassandra's project configured for the sonarcloud.io
INFRA-24196, I wonder if we will be able to release branches, trunk, and pull
requests to get analyzed by the SonarAnalyzer tool.
Sonar is a code quality and security tool that is free to open-source projects
and recommended by the INFRA team:
https://cwiki.apache.org/confluence/display/INFRA/SonarCloud+for+ASF+projects
It can have the following benefits without introducing any drawbacks (except
for a few lines of source code)
- visualise the LFH problems to work on;
- see the trends in the source code;
- add an extra layer of static code analysis;
Changes below I have tested it locally with my SonarQube deployed on
http://localhost:9000 and run the `act` for the GA part of the PR. It seems to
work and parse classes correctly, but there are a few steps that need to be
done by Cassandra's Committer or PMC (I do not have sufficient privileges):
- Get the {{sonar.projectKey}} from the INFRA team;
- make sure that the {{SONARCLOUD_TOKEN}} is available for GA and enabled for
the project;
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
