[richfaces-planning-issues] [JBoss JIRA] (RFPL-3046) Review Sonar reports

Matej Novotny (JIRA) issues at jboss.org
Tue Apr 22 07:54:33 EDT 2014 

    [ https://issues.jboss.org/browse/RFPL-3046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12962989#comment-12962989 ] 

Matej Novotny commented on RFPL-3046:
-------------------------------------

I made some investigation and the results are following:

* There are 2 RF projects at the moment
** ['RichFaces Parent master'|http://sonar.mw.lab.eng.bos.redhat.com/sonar/dashboard/index/org.richfaces:richfaces-parent:master] is RF 5 project, fully working
** ['RichFaces Parent origin/master'|http://sonar.mw.lab.eng.bos.redhat.com/sonar/dashboard/index/org.richfaces:richfaces-parent:origin/master] is RF 4 project, outdated, there is no Jenkins job connected to it
* New projects (eg. new RF 4 project) can be pushed via Jenkins (as post build action - see [this|https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/RichFaces/view/5.0/job/richfaces-5.0-sonar/]) which has installed plugin for Sonar (accordingly to Mojo article [here|https://mojo.redhat.com/docs/DOC-191202]).
** I tried to create a new [job|https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/RichFaces/view/4.3/job/richfaces-4.3-sonar/] for RF 4 to replace the outdated one but so far I cannot make it work
* We have read-only access to Sonar reports which is the major problem because:
** There are sets of [rules|http://sonar.mw.lab.eng.bos.redhat.com/sonar/rules_configuration/index/2?commit=Search&page=1&rule_activation=ACTIVE&searchtext=&sort_by=SORT_BY_RULE_NAME] which Sonar uses to detect quality of code, these are chosen and we cannot change them (there is 500+ rules used in current filter)
** We cannot mark some issues as 'false positive' so every time we would check the reports the same issues would pop-up over and over again
*** For instance some code in demos does not meet quality requirement and Sonar detects this, however it is not really a problem as it is there for the sake of simplicity
** Cannot assign people to issues directly via Sonar
** Unability to change issue level (that is 'warning', 'blocker', 'major') results in some issues (for us maybe not so crucial) being marked with high priority
** The result of such extensive scan (given the rules used) is 3500+ issues found which is quite a lot and it is difficult to determine important issues since even amongst 'Major' issues there is almost 2000 of them
* Code coverage:
** Sonar only reports on unit test coverage which is not really useful for us
** Mojo [article|https://mojo.redhat.com/docs/DOC-191202] claims it to be possible to execute integration tests, but one needs to use JaCoCo to generate results and Sonar then only shows them, this would be very difficult since we can only use Sonar via Jenkins and we have separate projects for tests and project itself => in theory it is possible to see integration test coverage with our setup but it would be very difficult to achieve and probably not so rewarding
** Sonar must have a plugin to display integration test coverage and I haven't found out whether we have it or not

Summary:
* Not suitable to be used for every release since the same issues (false-positive) would be displayed
* However we can use these results for a one-time code improvement (but that requires quite a lot of time to determine which issues are to be corrected and which not)
** Certain issues are interesting and probably worth fixing BUT they are hard to locate amongst loads of other issues (we would need to choose only few probably)
** I will discuss this with [~ppitonak] and create relevant issues if we decide to track it
* I will try to make the RF 4 repository tested by Sonar as well so I can see the results there (to see if there are as many issues as in RF 5)

That is about what I found, I will add/edit comment if I find out anything else.
                
> Review Sonar reports
> --------------------
>
>                 Key: RFPL-3046
>                 URL: https://issues.jboss.org/browse/RFPL-3046
>             Project: RichFaces Planning
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>          Components: QE
>    Affects Versions: 5.0.0.Alpha1
>            Reporter: Pavol Pitonak
>            Assignee: Matej Novotny
>             Fix For: 5-Future
>
>
> Review Sonar reports, decide which warnings are important and either fix them or create RF issues for them.
> Find a way how to exclude rules which are not importat for us.
> http://sonar.mw.lab.eng.bos.redhat.com/sonar/dashboard/index/5878

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the richfaces-planning-issues mailing list