On Fri, Oct 26, 2018 at 9:08 PM Stas Malyshev <[email protected]> wrote: > > Hi! > > > I took some time to upload a first analysis of our Java based projects > > to SonarCloud [1]. This is just experimentation at this point, but > > there are a few interesting findings that should be corrected. > > I took a look at it, and it looks interesting, but I think we do need > some discussion about the issues it is highlighting and prioritization > (I think it is getting some things wrong, but I won't get into it here > so we could have proper discussion).
At the moment, the analysis is using the default "sonar way" profiles. I also disagree with some of their decisions, so yes, discussion is definitely needed! > Otherwise, it looks great, but I really feel this needs separation > between projects - right now everything is in one place and it looks > messy. We need some separation between e.g. CirrusSearch, WDQS and > elastic plugins. I'm not sure what you mean. All the projects are visible in the main dashboard, but you can then dig into each project separately. > It would be nice if we could define different profiles > for different projects - same issue may be more relevant in Java than > PHP and in remotely accessible server more than a maintenance script. The profiles are already different by language, but they are all the default profiles, coming from SonarSource. They can be refined, inherited, multiplied, etc, ad infinitum. What is usually done is to have a generic profile per language at organisation level, and then refine it (add or remove rules) per team. I'm not entirely sure what would make most sense for us, but there are lots of possibilities. I also think we need to push a bit further into making sure the tool works for our workflows before investing in customising profiles. > I also wonder how customizeable this is - i.e. can we have a button that > would automatically create Phab task? Would it be realistic to use it in > CI for ensuring there is no high-level issues? I may have more ideas > about this, depending on how scriptable/customizeable this is. But even > if it's not, I think it would be useful. There is a lot of customization possible, a lot of existing plugins (it looks like there are a few about phabricator integration, but I don't have experience with them). The first question is what kind of workflow we want. There are discussions on that topic in the code health metrics working group, feel free to join! My thoughts are that integration with gerrit would be more interesting than opening issues in phab. Ideally, we should have SonarQube be a reviewer, leaving inline comments where it detects new issues. And leave the responsibility to the human reviewer of choosing what to do with them. We could also have discussions about quality gates, but that would be more interesting with some examples. > Thanks a lot for doing this - I feel this will be an awesome addition to > our toolkit! > -- > Stas Malyshev > [email protected] -- Guillaume Lederrey Operations Engineer, Search Platform Wikimedia Foundation UTC+2 / CEST _______________________________________________ Discovery mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/discovery
