From 3a199194247773be7506d52b4fbb205a1a230a3f Mon Sep 17 00:00:00 2001 From: Stefan Verhoeven Date: Fri, 16 Apr 2021 13:49:19 +0200 Subject: [PATCH 1/9] Added SonarCloud integration Refs #88 Refs #89 --- .../.github/workflows/quality.yml | 30 +++++++++++++++++++ {{cookiecutter.project_slug}}/README.rst | 12 ++++++++ .../project_setup.md | 10 +++++++ .../sonar-project.properties | 12 ++++++++ 4 files changed, 64 insertions(+) create mode 100644 {{cookiecutter.project_slug}}/.github/workflows/quality.yml create mode 100644 {{cookiecutter.project_slug}}/sonar-project.properties diff --git a/{{cookiecutter.project_slug}}/.github/workflows/quality.yml b/{{cookiecutter.project_slug}}/.github/workflows/quality.yml new file mode 100644 index 00000000..0e7e6b73 --- /dev/null +++ b/{{cookiecutter.project_slug}}/.github/workflows/quality.yml @@ -0,0 +1,30 @@ +name: quality +on: + push: + pull_request: + types: [opened, synchronize, reopened] +jobs: + sonarcloud: + name: SonarCloud + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.8 + - name: Install dependencies + run: python -m pip install .[dev] + - name: Check style against standards using prospector + run: prospector --zero-exit -o grouped -o pylint:pylint-report.txt + - name: Run unit tests with coverage + run: pytest --cov --cov-report term --cov-report xml --junitxml=xunit-result.xml tests/ + - name: Correct coverage paths + run: sed -i "s+$PWD/++g" coverage.xml + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/{{cookiecutter.project_slug}}/README.rst b/{{cookiecutter.project_slug}}/README.rst index add1c986..227c84e0 100644 --- a/{{cookiecutter.project_slug}}/README.rst +++ b/{{cookiecutter.project_slug}}/README.rst @@ -20,6 +20,10 @@ - |Python Build| |PyPI Publish| * - Metadata consistency - |metadata consistency| + * - Code quality + - |sonarcloud quality badge| + * - Code coverage of unit tests + - |sonarcloud coverage badge| (Customize these badges with your own links, and check https://shields.io/ or https://badgen.net/ to see which other badges are available.) @@ -65,6 +69,14 @@ :target: https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/actions?query=workflow%3A%22cffconvert%22 :alt: metadata consistency badge +.. |sonarcloud quality badge| image:: https://sonarcloud.io/api/project_badges/measure?project=fair-software_howfairis&metric=alert_status + :target: https://sonarcloud.io/dashboard?id={{ cookiecutter.github_organization }}_{{ cookiecutter.project_slug }} + :alt: Quality Gate Status + +.. |sonarcloud coverage badge| image:: https://sonarcloud.io/api/project_badges/measure?project=fair-software_howfairis&metric=coverage + :target: https://sonarcloud.io/dashboard?id={{ cookiecutter.github_organization }}_{{ cookiecutter.project_slug }} + :alt: Coverage + ################################################################################ {{ cookiecutter.project_name }} ################################################################################ diff --git a/{{cookiecutter.project_slug}}/project_setup.md b/{{cookiecutter.project_slug}}/project_setup.md index c447d543..cf261d0b 100644 --- a/{{cookiecutter.project_slug}}/project_setup.md +++ b/{{cookiecutter.project_slug}}/project_setup.md @@ -104,6 +104,16 @@ help you decide which tool to use for packaging. - [Relevant section in the guide](https://guide.esciencecenter.nl/#/best_practices/language_guides/python?id=coding-style-conventions) +## Continuous code quality + +- [Sonarcloud](https://sonarcloud.io/) is used to perform quality analysis and code coverage report on each push +- The GitHub organization and repository must be added Sonarcloud for analysis to work by going to + [Sonarcloud](https://sonarcloud.io/projects/create), login with your GitHub account, + add organization or reuse existing and setup repository +- Analysis is run in [GH action workflow](.github/workflows/quality.yml) +- To run analysis a token must be created at [Sonarcloud account](https://sonarcloud.io/account/security/) + and token must be added as `SONAR_TOKEN` to [secrets on GitHub](https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/settings/secrets/actions) + ## Package version number - We recommend using [semantic diff --git a/{{cookiecutter.project_slug}}/sonar-project.properties b/{{cookiecutter.project_slug}}/sonar-project.properties new file mode 100644 index 00000000..e8ead930 --- /dev/null +++ b/{{cookiecutter.project_slug}}/sonar-project.properties @@ -0,0 +1,12 @@ +sonar.organization={{ cookiecutter.github_organization }} +sonar.projectKey={{ cookiecutter.github_organization }}_{{ cookiecutter.project_slug }} +sonar.host.url=https://sonarcloud.io +sonar.sources={{ cookiecutter.project_slug.lower().replace(" ", "_").replace("-", "_")}}/ +sonar.tests=tests/ +sonar.links.homepage=https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }} +sonar.links.scm=https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }} +sonar.links.issue=https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/issues +sonar.links.ci=https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/actions +sonar.python.coverage.reportPaths=coverage.xml +sonar.python.xunit.reportPath=xunit-result.xml +sonar.python.pylint.reportPaths=pylint-report.txt From 91ff9938811cede2fdd07058323a2e4864d179c2 Mon Sep 17 00:00:00 2001 From: Stefan Verhoeven Date: Fri, 16 Apr 2021 14:10:44 +0200 Subject: [PATCH 2/9] Fix action version --- {{cookiecutter.project_slug}}/.github/workflows/quality.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/{{cookiecutter.project_slug}}/.github/workflows/quality.yml b/{{cookiecutter.project_slug}}/.github/workflows/quality.yml index 0e7e6b73..0469d6cc 100644 --- a/{{cookiecutter.project_slug}}/.github/workflows/quality.yml +++ b/{{cookiecutter.project_slug}}/.github/workflows/quality.yml @@ -24,7 +24,7 @@ jobs: - name: Correct coverage paths run: sed -i "s+$PWD/++g" coverage.xml - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@v2 + uses: SonarSource/sonarcloud-github-action@master env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 3b7e77433d4eeca1fab932049e27414fd92866c1 Mon Sep 17 00:00:00 2001 From: Stefan Verhoeven Date: Fri, 16 Apr 2021 12:40:12 +0200 Subject: [PATCH 3/9] Exclude links with template values from link checker --- .mlc-config.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.mlc-config.json b/.mlc-config.json index f678b247..a929247a 100644 --- a/.mlc-config.json +++ b/.mlc-config.json @@ -3,6 +3,9 @@ "ignorePatterns": [ { "pattern": "^http://localhost" + }, + { + "pattern": "\\{\\{" } ], "replacementPatterns": [ From f324ca4fc44558cc6db05ab6dcf85667c81910a0 Mon Sep 17 00:00:00 2001 From: Stefan Verhoeven Date: Fri, 16 Apr 2021 14:20:10 +0200 Subject: [PATCH 4/9] Add to feature list --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6b727b43..092dc184 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ an empty Python package. Features include: - [Editorconfig]({{cookiecutter.project_slug}}/.editorconfig), - Miscellaneous files, such as [Change log]({{cookiecutter.project_slug}}/CHANGELOG.rst), [Code of Conduct]({{cookiecutter.project_slug}}/CODE_OF_CONDUCT.rst), and [Contributing guidelines]({{cookiecutter.project_slug}}/CONTRIBUTING.rst), - A [README]({{cookiecutter.project_slug}}/README.rst) and [a separate document]({{cookiecutter.project_slug}}/project_setup.md) with extensive documentation about project setup. +- Continuous code quality and code coverage reporting using [Sonarcloud](https://sonarcloud.io/) ## Badges From 4a2e8b1cdcb3c2e378a0f216933a23a9e3585288 Mon Sep 17 00:00:00 2001 From: Stefan Verhoeven Date: Fri, 16 Apr 2021 15:21:49 +0200 Subject: [PATCH 5/9] Apply suggestions from code review Co-authored-by: Faruk D. --- {{cookiecutter.project_slug}}/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/{{cookiecutter.project_slug}}/README.rst b/{{cookiecutter.project_slug}}/README.rst index 227c84e0..2e724942 100644 --- a/{{cookiecutter.project_slug}}/README.rst +++ b/{{cookiecutter.project_slug}}/README.rst @@ -69,11 +69,11 @@ :target: https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/actions?query=workflow%3A%22cffconvert%22 :alt: metadata consistency badge -.. |sonarcloud quality badge| image:: https://sonarcloud.io/api/project_badges/measure?project=fair-software_howfairis&metric=alert_status +.. |sonarcloud quality badge| image:: https://sonarcloud.io/api/project_badges/measure?project={{ cookiecutter.github_organization }}_{{ cookiecutter.project_slug }}&metric=alert_status :target: https://sonarcloud.io/dashboard?id={{ cookiecutter.github_organization }}_{{ cookiecutter.project_slug }} :alt: Quality Gate Status -.. |sonarcloud coverage badge| image:: https://sonarcloud.io/api/project_badges/measure?project=fair-software_howfairis&metric=coverage +.. |sonarcloud coverage badge| image:: https://sonarcloud.io/api/project_badges/measure?project={{ cookiecutter.github_organization }}_{{ cookiecutter.project_slug }}&metric=coverage :target: https://sonarcloud.io/dashboard?id={{ cookiecutter.github_organization }}_{{ cookiecutter.project_slug }} :alt: Coverage From 9ba1a276d77151538e1be5b895ed177d7bb01a5e Mon Sep 17 00:00:00 2001 From: Stefan Verhoeven Date: Fri, 16 Apr 2021 15:27:40 +0200 Subject: [PATCH 6/9] Update {{cookiecutter.project_slug}}/project_setup.md Co-authored-by: Faruk D. --- {{cookiecutter.project_slug}}/project_setup.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/{{cookiecutter.project_slug}}/project_setup.md b/{{cookiecutter.project_slug}}/project_setup.md index cf261d0b..9dfada87 100644 --- a/{{cookiecutter.project_slug}}/project_setup.md +++ b/{{cookiecutter.project_slug}}/project_setup.md @@ -107,9 +107,11 @@ help you decide which tool to use for packaging. ## Continuous code quality - [Sonarcloud](https://sonarcloud.io/) is used to perform quality analysis and code coverage report on each push -- The GitHub organization and repository must be added Sonarcloud for analysis to work by going to - [Sonarcloud](https://sonarcloud.io/projects/create), login with your GitHub account, - add organization or reuse existing and setup repository +- The GitHub organization and repository must be added Sonarcloud for analysis to work + 1. go to [Sonarcloud](https://sonarcloud.io/projects/create) + 2. login with your GitHub account + 3. add organization or reuse existing + 4. setup repository - Analysis is run in [GH action workflow](.github/workflows/quality.yml) - To run analysis a token must be created at [Sonarcloud account](https://sonarcloud.io/account/security/) and token must be added as `SONAR_TOKEN` to [secrets on GitHub](https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/settings/secrets/actions) From 3c5634a58e47c8f4871f385a7cff8a25734f7c43 Mon Sep 17 00:00:00 2001 From: Stefan Verhoeven Date: Fri, 16 Apr 2021 15:29:04 +0200 Subject: [PATCH 7/9] Update {{cookiecutter.project_slug}}/project_setup.md Co-authored-by: Faruk D. --- {{cookiecutter.project_slug}}/project_setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/{{cookiecutter.project_slug}}/project_setup.md b/{{cookiecutter.project_slug}}/project_setup.md index 9dfada87..db5a420a 100644 --- a/{{cookiecutter.project_slug}}/project_setup.md +++ b/{{cookiecutter.project_slug}}/project_setup.md @@ -112,7 +112,7 @@ help you decide which tool to use for packaging. 2. login with your GitHub account 3. add organization or reuse existing 4. setup repository -- Analysis is run in [GH action workflow](.github/workflows/quality.yml) +- The analysis will be run by [GitHub Action workflow](.github/workflows/quality.yml) - To run analysis a token must be created at [Sonarcloud account](https://sonarcloud.io/account/security/) and token must be added as `SONAR_TOKEN` to [secrets on GitHub](https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/settings/secrets/actions) From 41ebdb6a1e206e5928324d4fd83e275c9765a7b0 Mon Sep 17 00:00:00 2001 From: Stefan Verhoeven Date: Fri, 16 Apr 2021 15:31:04 +0200 Subject: [PATCH 8/9] Update {{cookiecutter.project_slug}}/project_setup.md Co-authored-by: Faruk D. --- {{cookiecutter.project_slug}}/project_setup.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/{{cookiecutter.project_slug}}/project_setup.md b/{{cookiecutter.project_slug}}/project_setup.md index db5a420a..8d191fd0 100644 --- a/{{cookiecutter.project_slug}}/project_setup.md +++ b/{{cookiecutter.project_slug}}/project_setup.md @@ -113,8 +113,7 @@ help you decide which tool to use for packaging. 3. add organization or reuse existing 4. setup repository - The analysis will be run by [GitHub Action workflow](.github/workflows/quality.yml) -- To run analysis a token must be created at [Sonarcloud account](https://sonarcloud.io/account/security/) - and token must be added as `SONAR_TOKEN` to [secrets on GitHub](https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/settings/secrets/actions) +- To be able to run the analysis, a token must be created at [Sonarcloud account](https://sonarcloud.io/account/security/) and this token must be added as `SONAR_TOKEN` to [secrets on GitHub](https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/settings/secrets/actions) ## Package version number From 39bc6d9b159eea97ea3ee6ddb71dbb9d05c020c8 Mon Sep 17 00:00:00 2001 From: Stefan Verhoeven Date: Fri, 16 Apr 2021 15:56:16 +0200 Subject: [PATCH 9/9] Update {{cookiecutter.project_slug}}/project_setup.md Co-authored-by: Faruk D. --- {{cookiecutter.project_slug}}/project_setup.md | 1 + 1 file changed, 1 insertion(+) diff --git a/{{cookiecutter.project_slug}}/project_setup.md b/{{cookiecutter.project_slug}}/project_setup.md index 8d191fd0..0a3c603d 100644 --- a/{{cookiecutter.project_slug}}/project_setup.md +++ b/{{cookiecutter.project_slug}}/project_setup.md @@ -112,6 +112,7 @@ help you decide which tool to use for packaging. 2. login with your GitHub account 3. add organization or reuse existing 4. setup repository + 5. go to [new code definition administration page](https://sonarcloud.io/project/new_code?id={{ cookiecutter.github_organization }}_{{ cookiecutter.project_slug }}) and select `Number of days` option - The analysis will be run by [GitHub Action workflow](.github/workflows/quality.yml) - To be able to run the analysis, a token must be created at [Sonarcloud account](https://sonarcloud.io/account/security/) and this token must be added as `SONAR_TOKEN` to [secrets on GitHub](https://github.com/{{ cookiecutter.github_organization }}/{{ cookiecutter.project_slug }}/settings/secrets/actions)