[WIP] Sonar? (#177)

Try using sonarcloud for static analysis
2022-04-19 06:24:52 -04:00 · 2022-04-19 06:24:52 -04:00 · ad7502c601
commit ad7502c601
--- a/.github/workflows/sonar.yml
+++ b/.github/workflows/sonar.yml
@ -0,0 +1,79 @@
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Analyze
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  sonar:
+    name: Analyze with Sonar
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting
+          fetch-depth: 0
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Analyze with SonarCloud
+        run: |
+          mvn -Dspotless.apply.skip -Pcoverage -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+        env:
+          # Needed to get some information about the pull request, if any
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: Wait for SonarCloud API to update...
+        run: "sleep 10"
+      - name: Upload annotations on PRs
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ github.token }}
+          script: |
+            const pr = context.payload.pull_request.number;
+            const url = `https://sonarcloud.io/api/issues/search?pullRequest=${pr}&s=FILE_LINE&resolved=false&sinceLeakPeriod=true&ps=100&facets=severities%2Ctypes&componentKeys=onthegomap_planetiler&organization=onthegomap&additionalFields=_all`;
+            console.log("Fetching " + url);
+            const response = await github.request(url);
+            console.log("Got " + JSON.stringify(response.data));
+            response.data.issues.forEach(issue => {
+              try {
+                if (issue.severity === 'INFO') return;
+                const textRange = issue.textRange;
+                const rule = encodeURIComponent(issue.rule);
+                const message = [
+                  issue.message,
+                  '',
+                  `rule: ${issue.rule} (https://sonarcloud.io/organizations/onthegomap/rules?open=${rule}&rule_key=${rule})`,
+                  `issue url: https://sonarcloud.io/project/issues?pullRequest=${pr}&open=${encodeURIComponent(issue.key)}&id=onthegomap_planetiler`
+                ].join('\n');
+                const args = {
+                  title: `${issue.severity} ${issue.type}`,
+                  file: issue.component.replace(/^[^:]*:/, ''),
+                  startLine: textRange.startLine,
+                  endLine: textRange.endLine,
+                  startColumn: textRange.startOffset,
+                  endColumn: textRange.endOffset
+                };
+                core.warning(message, args);
+                console.log(args);
+              } catch (e) {
+                core.error(`Unable to parse sonar issue: ${JSON.stringify(issue)}`);
+              }
+            });
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -35,6 +35,8 @@ easier though.
 - [Install IntelliJ IDEA](https://www.jetbrains.com/help/idea/installation-guide.html)
 - Install
  the [Adapter for Eclipse Code Formatter plugin](https://plugins.jetbrains.com/plugin/6546-adapter-for-eclipse-code-formatter)
+- Install the [SonarLint plugin](https://plugins.jetbrains.com/plugin/7973-sonarlint) (recommended) to see static
+  analysis results while editing code.
 - In IntelliJ, click `Open`, navigate to the the `pom.xml` file in the local copy of this repo, and `Open`
  then `Open as Project`
  - If IntelliJ asks (and you trust the code) then click `Trust Project`
@ -53,6 +55,8 @@ Troubleshooting:
 ### Visual Studio Code

 - Install the [Extension Pack for Java](https://marketplace.visualstudio.com/items?itemName=vscjava.vscode-java-pack)
+- Install the [SonarLint plugin](https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarlint-vscode)
+  (recommended) to see static analysis results while editing code.
 - In VSCode, click `File -> Open` and navigate to Planetiler directory
  - If VSCode asks (and you trust the code) then click `Yes I trust the authors`
 - To verify everything works correctly, go to the `Testing` tab and click `Run Tests`
@ -63,6 +67,8 @@ Learn more about using VSCode with Java [here](https://code.visualstudio.com/doc

 - In [Eclipse for Java Developers](https://www.eclipse.org/downloads/packages/), click `File -> Import ...`
  then `Maven -> Existing Maven Projects`, navigate to Planetiler directory, and click `Finish`
+- Install the [SonarLint plugin](https://marketplace.eclipse.org/content/sonarlint)
+  (recommended) to see static analysis results while editing code.
 - Under `Eclipse -> Preferences...`:
  - Under `Java -> Code Style -> Formatter` and choose `Import...`
    choose [`eclipse-formatter.xml`](eclipse-formatter.xml) from the root of this project. Then choose `Planetiler` as
@ -76,4 +82,3 @@ Learn more about using VSCode with Java [here](https://code.visualstudio.com/doc
 - To verify everything works correctly, right click on `planetiler-core/src/test/java` folder and
  click `Run As -> JUnit Test`

-TODO: Set up checkstyle
--- a/pom.xml
+++ b/pom.xml
@ -22,6 +22,10 @@
    <maven.source.excludeResources>true</maven.source.excludeResources>
    <jackson.version>2.13.2</jackson.version>
    <junit.version>5.8.2</junit.version>
+    <sonar.host.url>https://sonarcloud.io</sonar.host.url>
+    <sonar.organization>onthegomap</sonar.organization>
+    <sonar.projectKey>onthegomap_planetiler</sonar.projectKey>
+    <sonar.moduleKey>${project.artifactId}</sonar.moduleKey>
  </properties>

  <scm>
@ -270,6 +274,16 @@
            </execution>
          </executions>
        </plugin>
+        <plugin>
+          <groupId>org.sonarsource.scanner.maven</groupId>
+          <artifactId>sonar-maven-plugin</artifactId>
+          <version>3.9.1.2184</version>
+        </plugin>
+        <plugin>
+          <groupId>org.jacoco</groupId>
+          <artifactId>jacoco-maven-plugin</artifactId>
+          <version>0.8.8</version>
+        </plugin>
      </plugins>
    </pluginManagement>

@ -282,6 +296,31 @@
  </build>

  <profiles>
+    <profile>
+      <id>coverage</id>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.jacoco</groupId>
+            <artifactId>jacoco-maven-plugin</artifactId>
+            <executions>
+              <execution>
+                <id>prepare-agent</id>
+                <goals>
+                  <goal>prepare-agent</goal>
+                </goals>
+              </execution>
+              <execution>
+                <id>report</id>
+                <goals>
+                  <goal>report</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
    <profile>
      <id>release</id>
      <activation>
--- a/scripts/sonar.sh
+++ b/scripts/sonar.sh
@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -eu
+
+mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage
--- a/sonar-project.properties
+++ b/sonar-project.properties
@ -0,0 +1 @@
+sonar.exclusions=**/VectorTileProto.java