You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The static analysis script allows us to perform sonar analysis on any branch, which results in a pass/fail check on the commit. This works well for branches and individual commits but sonarcloud also has the ability to perform analysis on a PR. The main difference being that it publishes an update to the PR itself. This makes it much easier to see the full results at a glance, and can point out issues which wouldn't necessarily make the check fail.
What is the feature that you are proposing to solve the problem?
I think we should add a new environment variable to the script of PULL_REQUEST_KEY which contains the pull request number for the relevant PR. If a value is provided then we pass it through to the sonar analysis in PR specific fields, otherwise we default to the current setup.
I've already worked on this as part of a PR on our project - NHSDigital/healthcare-worker-api#26 but as-per the note in the file I wanted to raise as a PR (which I don't currently have the rights to do).
What alternatives have you considered?
There are some obvious minor variations from the implementation in my PR. We could have a completely separate perform-pr-static-analysis.sh script for example. But I think it's sensible to keep it in this file. This does end up with four slightly different ways of calling the sonar-scanner command (docker & pr on/off) but ultimately I suspect we'd make it harder to maintain by extracting out any common bits.
Code of Conduct
I agree to follow this project's Code of Conduct
Sensitive Information Declaration
I confirm that neither PII/PID nor sensitive data are included in this form
The text was updated successfully, but these errors were encountered:
What is the problem this feature will solve?
The static analysis script allows us to perform sonar analysis on any branch, which results in a pass/fail check on the commit. This works well for branches and individual commits but sonarcloud also has the ability to perform analysis on a PR. The main difference being that it publishes an update to the PR itself. This makes it much easier to see the full results at a glance, and can point out issues which wouldn't necessarily make the check fail.
What is the feature that you are proposing to solve the problem?
I think we should add a new environment variable to the script of
PULL_REQUEST_KEYwhich contains the pull request number for the relevant PR. If a value is provided then we pass it through to the sonar analysis in PR specific fields, otherwise we default to the current setup.I've already worked on this as part of a PR on our project - NHSDigital/healthcare-worker-api#26 but as-per the note in the file I wanted to raise as a PR (which I don't currently have the rights to do).
What alternatives have you considered?
There are some obvious minor variations from the implementation in my PR. We could have a completely separate
perform-pr-static-analysis.shscript for example. But I think it's sensible to keep it in this file. This does end up with four slightly different ways of calling thesonar-scannercommand (docker & pr on/off) but ultimately I suspect we'd make it harder to maintain by extracting out any common bits.Code of Conduct
Sensitive Information Declaration
The text was updated successfully, but these errors were encountered: