-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(testing): Configure SonarQube to include TypeScript test files #36
Conversation
Added a configuration to include TypeScript test files located in the `src` directory for SonarQube analysis. This change helps in capturing and analyzing test-specific metrics to enhance code quality assessments.
Remove the standalone sonar-project.properties file and incorporate its configuration directly into the GitHub Actions workflow. This change centralizes the SonarCloud configuration, streamlining the maintenance and execution process within the CI/CD pipeline.
Reviewer's Guide by SourceryThe changes configure SonarQube to analyze TypeScript test files by adding specific configuration parameters to the GitHub Actions workflow and removing the standalone sonar-project.properties file. The configuration is now centralized in the workflow file with explicit settings for test file inclusion and various report paths. No diagrams generated as the changes look simple and do not need a visual representation. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @hckhanh - I've reviewed your changes - here's some feedback:
Overall Comments:
- Consider keeping the sonar-project.properties file alongside the workflow configuration to support local SonarQube analysis and serve as documentation. The workflow can either reference the properties file or override specific values as needed.
Here's what I looked at during the review
- 🟢 General issues: all looks good
- 🟡 Security: 1 issue found
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Documentation: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
@@ -92,6 +92,14 @@ jobs: | |||
run: pnpm test:eslint | |||
- name: SonarCloud Scan | |||
uses: SonarSource/sonarcloud-github-action@383f7e52eae3ab0510c3cb0e7d9d150bbaeab838 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 suggestion (security): Consider using a major version tag instead of a commit hash for the SonarCloud action
Using a major version tag (e.g., '@v1') ensures you get security updates while maintaining compatibility. Commit hashes make updates more manual and might miss important fixes.
uses: SonarSource/sonarcloud-github-action@383f7e52eae3ab0510c3cb0e7d9d150bbaeab838 | |
uses: SonarSource/sonarcloud-github-action@v1 |
Modified the ESLint run command to process the report by removing the workspace path prefix in the 'eslint-report.json'. This change ensures that file paths in the report are relative, thus simplifying file path management and making reports easier to manage and interpret.
This change modifies the path replacement in the ESLint report generation step to use '/github/workspace/' instead of removing the GitHub workspace path prefix. This ensures that paths in the ESLint report correctly reflect the directory structure used during the GitHub Action's execution. It aims to improve the accuracy and usefulness of the ESLint reports in CI workflows.
Introduce a new `sonar-project.properties` file to configure SonarCloud integration for the project. This change centralizes the SonarCloud settings and removes redundant command-line parameters from the GitHub Actions workflow. Additionally, it fixes the ESLint report path in CI by stripping the workspace prefix.
Reordered the paths for JavaScript and ESLint reports in sonar-project.properties to enhance readability and maintain consistency. Updated the ESLint command in package.json to specify the src/ directory, ensuring linting is applied only to source files.
Quality Gate passedIssues Measures |
Added a configuration to include TypeScript test files located in the
src
directory for SonarQube analysis. This change helps in capturing and analyzing test-specific metrics to enhance code quality assessments.Summary by Sourcery
CI: