BENCH-97 sonar cloud code analysis #37
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PietroConvalleAD
requested review from
abbas-khan8,
JoeCSykes,
MichaelOSullivanAnswer and
NogaAD
|
can I see an example of a purposeful fail? |
I believe that it will never fail, it creates a report in the sonar website, I can add a fake secret in the code and see what happens tho |
JoeCSykes
reviewed
Nov 18, 2022
ok well this seems like a problem then, as we want it to fail if there are errors detected. Could you try giving it a typo error instead of a fake secret (which it doesn't seem to have picked up) |
|
also, the coverage seems to be looking in "answerking/settings" folder. Is there a way to ignore this? |
JoeCSykes
reviewed
Nov 21, 2022
|
maybe speak to Alister about getting sonarcloud job to fail if the sonar report says the code has failed? |
PietroConvalleAD
force-pushed
the
BENCH-97-sonar-analysis
branch
from
4aa2376 to
74d4541
Compare
JoeCSykes
reviewed
Nov 22, 2022
.github/workflows/ci.yml
Outdated
| run: poetry run python manage.py test | ||
| - uses : actions/checkout@v3 | ||
| - uses: ./.github/actions/dependencies | ||
| - uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049 |
There was a problem hiding this comment.
why do you not use SonarSource/sonarcloud-github-action@master given in the example?
https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/github-actions-for-sonarcloud/
There was a problem hiding this comment.
mh, was autogenerated by github, no idea, will change it
There was a problem hiding this comment.
There was a problem hiding this comment.
could try setting sonarcloud as a separate job that runs after all the other linting checks (use 'needs:' in this case)
There was a problem hiding this comment.
used to be separate, didn't make the difference, I need it there because I need the coverage report
abbas-khan8
approved these changes
Nov 22, 2022
MichaelOSullivanAnswer
approved these changes
Nov 23, 2022
PietroConvalleAD
added a commit
that referenced
this pull request
Feb 24, 2023
* Add poetry to manage dependencies * Remove name from toml file and separate dependencies * Remove requirements.txt * Remove blank line * Add pycodestyle and coverage * BENCH-62 patch test_get_all_without_categories_returns_no_content test case (#12) * BENCH-65: Updated README.md and added .editorconfig * Bench 48 update typing to models (#9) update typing into models, validators and serializers * Bench 47 refactor with typing test items (#10) * Adds typing to items tests * moved ErrorType in views Co-authored-by: pietro convalle <pietroconvalle@python.it> * Bench 53 refactor with typing test categories (#11) * Adds typing in categories tests * BENCH-49: Add typing to answerking_app services * BENCH-50: Update views with typing * add typing to urls folder and apps.py * BENCH-55: Update orderline tests with typing * Bench 54 refactor with typing test orders (#15) Added typing to test orders * BENCH-77: Add Makefile and reformat * BENCH-61-update-views-with-djangoRESTframework * Bench 75 update serializer with DRF (#19) * Updated Serializers and models to support DRF * updated order service to support the serializer * fixed typehints * minor code changes * fixed wrong decimal size in serializer * now using partial=True for partial updates, and required=False in some serializer fields * fixed uninque key missing from the model, and fixed related code Co-authored-by: pietro convalle <pietroconvalle@python.it> * Bench 75 update serializer with DRF (#19) (#20) * Updated Serializers and models to support DRF * Also fixed test errors * BENCH-78: Refactor to use DRF mixins (#21) * BENCH-115: Configure swagger and split base and dev settings * BENCH-70-compile and build answerking app using github-actions (#22) * Create ci.yml for CI workflow * added unit tests and tests for linting and type checking * separated out tests into different steps for better reporting * Bench 129 fix category bug (#25) Bug fixed, Created and update methods add to category serializer * Updated Migration workflow job for ci.yml * Bench 122 add retired field to models (#26) add retired to items and category models * Bench 146 caching package dependencies (#29) * cach poetry dependencies * poetry.lock file not ignored as used in github workflow * exclude migrations file from black test * Bench 121 rfc787 standard messages (#24) * added drf-problems dependency * fixes middleware 404, temporarly in the codebase, awaiting for the PR to be merged, fixes error codes using drf-problems * replaced Responses to Raise Exception * temporarly changed dependencies to forks, awaiting for merge * Defined generic Exception Class * Renamed integrityHandlerMixin * added detail handle for serializer Errors * Added detail handle for 404 errors * added typing_extensions to dependencies * added specific type ignore Co-authored-by: pietro convalle <pietroconvalle@python.it> * BENCH-158-change-pipeline-to-run-poetry-install * changed packages for tool.poetry in toml file to sort poetry install error * changed poetry update to install for workflow jobs * BENCH-164-refactor-tests (#33) * removed hardcoded strings and operations from tests Co-authored-by: pietro convalle <pietroconvalle@python.it> * Improve docs/setup for first run (#34) * First draft of changes * Slight tweak to README to follow the way returns have been done * BENCH-177 refactor exception handlers (#35) * moved mixins handlers in exceptions_handler.wrapper Co-authored-by: pietro convalle <pietroconvalle@python.it> * BENCH-132-dependabot (#36) * Create sonarcloud.yml * BENCH-97 sonar cloud code analysis (#37) * created sonarcloud workflow and moved dependency action in separate workflow Co-authored-by: pietro convalle <pietroconvalle@python.it> * Bench-123: Contract refactor (#32) Refactor models, serializers, views and tests to fit the new api structure * bug fixed (#40) * BENCH-229-Fix-TestBase-abstract-methods (#41) change TestBase to inherent TransactionTestCase * BENCH-230-Add-400-status-path-in-all-GET-by-id-methods (#42) * Create a check url parameter function Co-authored-by: pietro convalle <pietroconvalle@python.it> * Refactor /items tests (#38) * Bench 97 sonar analysis fix warnings (#39) * changed permissions location * added python version and removed coverage path * updated poetry.lock and formatting * renamed ci file and removed makemigrations step * cleaned up the sonarcloud test workflow and fixes warnings Co-authored-by: pietro convalle <pietroconvalle@python.it> * Bench 152 write unit tests for LineItemSerializer, CategorySerializer and CategoryDetailSerializer (#46) * changed max-line-length to 100 to ignore E501 error (dont use --ignore as this overrides default ignored error messages) * created white_space function unit tests * created fixtures for unit tests * created UnitTestBase * created unit tests for models * created unit tests for line item serializer * created unit tests for category detail serializer * created unit tests for category serializer * BENCH-246: Write unit tests for product serializers (#47) * Bump certifi from 2022.9.24 to 2022.12.7 (#48) Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.9.24 to 2022.12.7. - [Release notes](https://github.com/certifi/python-certifi/releases) - [Commits](certifi/python-certifi@2022.09.24...2022.12.07) --- updated-dependencies: - dependency-name: certifi dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JoeCSykes <91789402+JoeCSykes@users.noreply.github.com> * Bump django from 4.1.3 to 4.1.4 (#49) Bumps [django](https://github.com/django/django) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/django/django/releases) - [Commits](django/django@4.1.3...4.1.4) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JoeCSykes <91789402+JoeCSykes@users.noreply.github.com> * created docker file and updated docker-compose * minor changed, added some information to the ReadMe * fixed port error * removed not used args from DockerFile * added branch argument in docker file * removed file .env from docker compose and added explicit environtment * added publish workflow * moved entrypoint in DockerFile * updated README * test package workflow * added workflow dispatch * renamed workflow file * added workflow on_pull_request * trigger workflows * added dockerfile name * added image field * added migrations and timezone dependencies * condensed DockerFile * testing docker workflow * trigger on pull request * changed name of docker file * added wait func to ensure db is up before running app * corrected so can send requests + updated ReadMe details * run make prepare + changed git ignore to ignore any file starting with .env * Delete .env.production * supplied database engine value to env variables * Update test.yml * Bench 89 add integration test step to workflow (#55) * create integration test workflow * correct typo in workflow * added environment variables * added database service * Bench 89 add integration test step to workflow (#56) * create integration test workflow * correct typo in workflow * added enviroment variables * added datavase service * added workflow dispatch tag so we can run workflow manually * merged linting workflow and unit test / sonar cloud workflow together (#57) * merged linting workflow and unit test / sonar cloud workflow together * added names to jobs * added DATABASE_ENGINE variable to environment * changed so runs unit tests only * Bench 105 create docker image (#44) * created docker file * created docker-compose * added steps to deploy app in docker container locally to the ReadMe * added waitForDB command to ensure db is up before running app * changed git ignore to ignore any file starting with .env Co-authored-by: pietro convalle <pietroconvalle@python.it> Co-authored-by: Joseph Sykes <joseph.c.sykes@outlook.com> * BENCH-271: Write unit tests for utils (#54) * Bench 258 unit tests for order serializer (#52) Created unit test for order serializer and change check_products function to be part of the utils * Bump django from 4.1.4 to 4.1.5 (#59) Bumps [django](https://github.com/django/django) from 4.1.4 to 4.1.5. - [Release notes](https://github.com/django/django/releases) - [Commits](django/django@4.1.4...4.1.5) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytz from 2022.6 to 2022.7 (#58) Bumps [pytz](https://github.com/stub42/pytz) from 2022.6 to 2022.7. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2022.6...release_2022.7) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JoeCSykes <91789402+JoeCSykes@users.noreply.github.com> * BENCH-267-return-204-for-all-delete-methods * Changed delete methods to return 204 * BENCH-285-configure-sonarcloud (#61) * added path of coverage.xml to sonar cloud arguments for CI job * correcting code smells from sonarcloud * removed ignored coverage files in code and ignored them in sonar cloud directly * update "unit test and sonarcloud job to use V3 of checkout action (#64) * BENCH-186: Add OpenAPI documentation (#63) * Bump pytz from 2022.7 to 2022.7.1 (#66) Bumps [pytz](https://github.com/stub42/pytz) from 2022.7 to 2022.7.1. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2022.7...release_2022.7.1) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python-dotenv from 0.21.0 to 0.21.1 (#68) Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 0.21.0 to 0.21.1. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v0.21.0...v0.21.1) --- updated-dependencies: - dependency-name: python-dotenv dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pyright from 1.1.288 to 1.1.290 (#69) Bumps [pyright](https://github.com/RobertCraigie/pyright-python) from 1.1.288 to 1.1.290. - [Release notes](https://github.com/RobertCraigie/pyright-python/releases) - [Commits](RobertCraigie/pyright-python@v1.1.288...v1.1.290) --- updated-dependencies: - dependency-name: pyright dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JoeCSykes <91789402+JoeCSykes@users.noreply.github.com> * Bump pyright from 1.1.290 to 1.1.291 (#71) Bumps [pyright](https://github.com/RobertCraigie/pyright-python) from 1.1.290 to 1.1.291. - [Release notes](https://github.com/RobertCraigie/pyright-python/releases) - [Commits](RobertCraigie/pyright-python@v1.1.290...v1.1.291) --- updated-dependencies: - dependency-name: pyright dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * BENCH-297: Terraform AWS infrastructure (#70) * initial commit * Update README * Update README * Update README * Update README * add variable for port in db security group and edit README * update terraform * variables for host and container port * change to use gunicorn * add backend.tf * configure to be used with deploy github action * test * re install gunicorn * setup s3 backend * setup s3 backend * update providers with versions * Bench 349: Products set to have one category (#73) * Bench 276 sort integration tests for products and categories (#72) * created integration tests for products without categories * added extra snappshot tests * finish snapshots for categories GET requests and start snapshots for categories POST requests * added more integration test for cats + edited product_check so send list of ids in cat post request * completed integration tests for categories + added 410 test for products * ran make prepare * created integration tests for products without categories * added extra snappshot tests * finish snapshots for categories GET requests and start snapshots for categories POST requests * added more integration test for cats + edited product_check so send list of ids in cat post request * completed integration tests for categories + added 410 test for products * sorting out make prepare errors * run black * sorting out snapshots * shortening lines to comply with pycodestyle * run make prepare * sorted out code smells * sorting out code smells * exclude snapshot files from sonarcloud analysis * exclude snapshot files from sonarcloud analysis attempt 2 * exclude snapshot files from sonarcloud analysis attempt 3 * corrections due to PR BENCH-349 * made changes inline with PR comments * remove unused variable * Bench-371: GitHub action to deploy (#74) * initial commit * Update action and add back docker action * initial commit * Update action and add back docker action * update settings * lint * update action version * remove ecr file and update README * update README * Bench 338 implement tags endpoint (#76) * cretated model for tags * created serializer for tags + created unit test for tag serliaizer + set products to return tags field * run make prepare * create mixins for tags * added Tag endpoints * generated swagger ui endpoints for tags * sorted errors * sorted code smells * added numbers to the allowed regex + created unit tests for invalid prod id * ran make prepare and corrected the Makefile so didn't print out unnessesary error * Bump pyright from 1.1.291 to 1.1.292 (#78) Bumps [pyright](https://github.com/RobertCraigie/pyright-python) from 1.1.291 to 1.1.292. - [Release notes](https://github.com/RobertCraigie/pyright-python/releases) - [Commits](RobertCraigie/pyright-python@v1.1.291...v1.1.292) --- updated-dependencies: - dependency-name: pyright dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django from 4.1.5 to 4.1.6 (#77) Bumps [django](https://github.com/django/django) from 4.1.5 to 4.1.6. - [Release notes](https://github.com/django/django/releases) - [Commits](django/django@4.1.5...4.1.6) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * added ignore slashs middleware (#81) Co-authored-by: pietro convalle <pietroconvalle@python.it> * Bench 343 create integration test for tags (#80) * initial commit * created get and post integration tests for tags * written PUT and DELETE integration tests for tags endpoints * run make prepare * correcting some tests * added IG tests for POST to api/tags with invalid prod id and nonexistant prod id * run make prepare * Bench-378 and bench-381 retire (#79) * Added update method in RetireMixin and integration and unit tests * Fixed inheritance of Tag/Product/Category view * changed sonar exclusion list --------- Co-authored-by: pietro convalle <pietroconvalle@python.it> * Bench-372: Add load balancer and attach elastic ip & domain name (#75) * initial commit * Update action and add back docker action * initial commit * assign variables to reused values * assign variables to reused values * add record connected to existing dns hosted zone * test * test * test acl * test acl * format * remove ECR file * update README * update README * update diagram in README * Update README.md * Update README.md * Bench 369 orders integration tests (#82) * Bump drf-yasg from 1.21.4 to 1.21.5 (#83) Bumps [drf-yasg](https://github.com/axnsan12/drf-yasg) from 1.21.4 to 1.21.5. - [Release notes](https://github.com/axnsan12/drf-yasg/releases) - [Changelog](https://github.com/axnsan12/drf-yasg/blob/1.21.5/docs/changelog.rst) - [Commits](axnsan12/drf-yasg@1.21.4...1.21.5) --- updated-dependencies: - dependency-name: drf-yasg dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bench 421 fix id assignment bug (#85) * Bump django from 4.1.6 to 4.1.7 (#86) Bumps [django](https://github.com/django/django) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/django/django/releases) - [Commits](django/django@4.1.6...4.1.7) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bench-424 order fix (#87) * changed orderLine POST and PUT field to match agreed API * fixed make file * changed code to use writeonly and readonly fields * updated tests for orders * dependency update * refactored products_check to products_check_retired --------- Co-authored-by: pietro convalle <pietroconvalle@python.it> * Bench 435 add range ip ban (#88) * added geolocation routing to only allow IP traffic from GB * added ban for no GB IP traffic * fix bugs in swagger generation (#89) * removed trailing slashes + changed update mixin to stop PATCH being generated * removed unnecessary imports * HTTPS-420 changed connection to https only (#91) * changed connection to https only * changed port to 443 and added django http redirection --------- Co-authored-by: pietro convalle <pietroconvalle@python.it> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: michael-osullivan <michael.osullivan@answerdigital.com> Co-authored-by: Abbas.Khan <Abbas.Khan@mft.nhs.uk> Co-authored-by: NogaAD <115239141+NogaAD@users.noreply.github.com> Co-authored-by: pietro convalle <pietroconvalle@python.it> Co-authored-by: JoeCSykes <91789402+JoeCSykes@users.noreply.github.com> Co-authored-by: Joseph Sykes <joseph.c.sykes@outlook.com> Co-authored-by: abbas-khan8 <abbas.khan@answerdigital.com> Co-authored-by: MichaelOSullivanAnswer <116073025+MichaelOSullivanAnswer@users.noreply.github.com> Co-authored-by: Joss Sparkes <joss.sparkes@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.