[metrics-team] Sonarqube on metrics-lib

Karsten Loesing karsten at torproject.org
Mon May 20 09:53:48 UTC 2019 

Hi Fava,

On 2019-05-19 01:09, Fava wrote:
> Hi
> 
> I am starting to setup dev environment and I execute a source
> code static analysis on metrics-lib using sonarqube[1].
> 
> There are some issues: something that could be easily fixed and others
> that could take more work.

Thanks for starting this. We're using Checkstyle 6.17 to capture some of
these issues, but our plans to use something like FindBugs or SonarQube
never materialized.

> Please find in attachment the result of sonarqube analysis [2].
> * What do you think if I start working on these issues?

Yes, please!

> * In your opinion, are there some priority in these issues?

From a quick look at the CSV, I'd say start with BUGS and then look into
CODE_SMELL as the next step.

> * I see that you use an agile approach and track activity. Have you any
> advice how to track this activity?

You could start a new Trac ticket for each issue type and attach a patch
for one instance or link to your GitHub task branch, and then we would
discuss whether that's a good fix in our situation. Does this make sense?

> Steps:
> 1. Start sonarqube docker image [3]
> 2. Set up build.xml in order to add sonar task [4]
> 3. I created a python script in order to extract information from
> sonarqube API [5]
> 4. Execute python script [5]

Is there a way to include this check in our build.xml using Debian
packages? If not, can we still include it in our build.xml and provide
the necessary .jar files in our release tarball?

Regardless of these questions, we could start this by you running these
steps and telling us what else is broken, and then we go fix these
issues. And then we figure out a way to integrate SonarQube in our
workflow at a later point.

> Best Regards,
> fava

Thanks again!

All the best,
Karsten


> 
> ~~~
> [1] https://www.sonarqube.org/
> [2] report-metrics-lib.csv.zip
> [3] https://docs.docker.com/samples/library/sonarqube/
> [4]
> https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Ant
> [5] create-report.py
> 
> 
> _______________________________________________
> metrics-team mailing list
> metrics-team at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/metrics-team
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 528 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/metrics-team/attachments/20190520/54525909/attachment.sig>

More information about the metrics-team mailing list