Hello Guillaume, I myself have no spare cycles to even look at SonarQube. Seems it needs a local client to collect informations and a server to process the gather data which report back.
Maybe a proof of concept can be setup on wmflabs ? If it can prove to be any helpful for Puppet or other repository, I am all for it. cheers, -- Antoine Musso Le 05/02/2016 19:40, Guillaume Lederrey a écrit : > Message below cross posted > from [email protected] > <mailto:[email protected]>. > > Seems that the discussion might be interesting to QA team as well. > > ---------- Forwarded message ---------- > From: *Guillaume Lederrey* > <[email protected] > <mailto:[email protected]>> > Date: Fri, Feb 5, 2016 at 10:43 AM > Subject: SonarQube and Puppet > To: [email protected] > <mailto:[email protected]> > Cc: David Racodon <[email protected] > <mailto:[email protected]>> > > > Hello all ! > > Since I'm fairly new here, I still have a few idea coming from my former > life. Time to expose some of them before I forget them... > > While trying to familiarize myself a bit with our Puppet code base, I > did run a SonarQube analysis on it. And I remembered having a few > discussion about SonarQube during my interview process. So, short > presentation: > > SonarQube is an amazing project to manage code quality. It supports a > long list of languages, from Java to PHP, from Cobol to ABAP. And of > course Puppet [1] (even if that support is still a bit young). > > First things first, how to try it? Of course, docker [2] is our friend > (tested myself with v4.5.6). Or David Racodon has a simple package [3] > to test the puppet support. > > > **Why do we need SonarQube, we already have puppet-lint, rspec-puppet, > cucumber-puppet, ...** > > 1) SonarQube rules go a bit further than puppet-lint. For example the > DuplicateHashKeys rule [4] has no equivalent in puppet-lint and a few > violations on our code base that are clear indication of a problem. Note > that all puppet-lint rules have been re implemented in the SonarQube > plugin. Rules about code complexity, code duplication and quite a few > other metrics are also available. > > 2) Holistic view of code quality (yes, I know, big words). SonarQube web > interface provides a good way to compare quality of projects, to dig > into specific issues, keep track of evolution over time. Much richer > than a build time check that either pass or fail. > > 3) Actually help you improve. A binary check like puppet-lint (or other > similar tools) gives you a very simple feedback, you're good or you're > not. Reality is usually more complex. We have existing code base which > have a history. We might not want to fix all issues right now (after > all, our current code is in production, so it is probably mostly good > enough) but we want to improve on the long term. We want to introduce > new checks, higher quality standards, but not stop everything while we > are improving our standards. SonarQube gives us "quality gates", where > we define rules about what is good enough. And those rules can be > differential. For example: "quality gate passes if the commit does not > introduce any new issue (I don't care about existing issues)". > > > **Do we need SonarQube at WMF** > > Honestly, I don't know enough about how we manage Puppet (or other code) > to have an opinion on this (yet). I have not seen anything scary in my > code analysis. You tell me... > > > **Disclaimer** > > I have worked with David (the author of the Puppet plugin for SonarQube) > for some time. He has convinced me, perverted me and all those things > about code quality. Beside being a Nice Guy (tm) he is Pretty Smart (c) > and knows SonarQube fairly well. He might be available for a chat if > anyone is interested. > > > **Note on testing on Docker** > > The Docker image provided by SonarQube only contains a minimal set of > plugins. To add Puppet support, go to the web interface > (https://localhost:9000, user: admin, pwd: admin) look for the update > center and add the Puppet plugin. Restart required. You'll need to > install sonar-runner [5] locally. > > > > [1] https://github.com/iwarapter/sonar-puppet > [2] https://hub.docker.com/_/sonarqube/ > [3] https://github.com/racodond/package-test-sonarqube-puppet > [4] > https://github.com/iwarapter/sonar-puppet/blob/master/puppet-checks/src/main/resources/org/sonar/l10n/pp/rules/puppet/DuplicatedHashKeys.html > [5] > http://central.maven.org/maven2/org/codehaus/sonar/runner/sonar-runner-dist/2.4/sonar-runner-dist-2.4.zip > _______________________________________________ QA mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/qa
