Include source code analysis

[axel3rd]

See: https://github.com/marketplace/actions/sonarcloud-scan

@peio42 : Please create on https://sonarcloud.io/

• New project with key org.blutch:uvpp
• Please create a SonarCloud token and store it as secret (SONAR_TOKEN) in repo secrets

[axel3rd]

Argh, SonarCloud GitHub action seems not (now) support C/C++ analysis 😭 : https://github.com/SonarSource/sonarcloud-github-action#do-not-use-this-github-action-if-you-are-in-the-following-situations

This language requires build-wrapper usage, seems not been included into action.
But perhaps can be done "manually" ... to investigate.

[axel3rd]

Wrapper URL download: http://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip

[axel3rd]

@peio42 : A Makefile on root where make (as currently) / make clean / make test would be more simple.

[peio42]

See "codeAnalysis" branch for that (which will evolve to run code analsysis)
make => build test program & runs it
make test => build test program
make clean => remove object files

[axel3rd]

Please create a SonarCloud token and store it as secret (SONAR_TOKEN) in repo secrets

@peio42 In your hand 😁 : https://github.com/peio42/uvpp/runs/1473975983?check_suite_focus=true#step:7:10

[peio42]

@axel3rd :
java.lang.IllegalStateException: The "build-wrapper-dump.json" file was found but 0 C/C++/Objective-C files were analyzed. Please make sure that:

• you are using the latest version of the build-wrapper and the CFamily analyzer
• you are correctly invoking the scanner with correct configuration
• your compiler is supported
• you are wrapping your build correctly
• you are wrapping a full/clean build
• you are providing the path to the correct build-wrapper output directory
• you are building and analyzing the same source checkout, absolute paths must be identical in build and analysis steps

[axel3rd]

java.lang.IllegalStateException: The "build-wrapper-dump.json" file was found but 0 C/C++/Objective-C files were analyzed. Please make sure that:

Humm ... don't know why 😢. I would test if removing the "sub call of make" could produce a better result.

[axel3rd]

See https://community.sonarsource.com/t/the-build-wrapper-dump-json-file-was-found-but-0-c-c-objective-c-files-were-analyzed/15944, perhaps it is not supported, because compilation and analysis (in docker) are not done in the same environment.

But I can reproduce the problem locally ... so perhaps not in this case (even if it smells not good).

[axel3rd]

I can analyse the project locally but with:

• One Makefile on root directory
• A sonar.sources=.

So there is a understanding to have with subdirectories. Perhaps a problem is that uvpp doesn't contain sources but only headers. Adding examples as sources can perhaps be a solution.

I will provide some change (that works but perhaps not sustainable) to see if analyse with GitHub Action could be OK (because not supported officially).

[axel3rd]

see if analyse with GitHub Action could be OK (because not supported officially).

Really not supported https://github.com/peio42/uvpp/runs/1489280883?check_suite_focus=true#step:7:133 😢

[axel3rd]

Scanner inside container is definitively dead ... it execute Probing compiler: [/usr/lib/llvm-10/bin/clang, -x, c++, --std, c++17, -v, -dM, -E, -] to have define info ... compiler is not inside container => 🖕.

I will try manually with scanner

[axel3rd]

I will try manually with scanner

@peio42 : It is ok 👍, now: https://sonarcloud.io/dashboard?branch=codeAnalysis&id=org.blutch%3Auvpp (branch sample ... when master will be analysed it will be better)

TODO:

• I need to analyse why PullRequest decoration is not done (perhaps because all is done manually)
• Badge icon should be added into README
• We need check if Google Test can provide a coverage report supported by SonarCloud (https://docs.sonarqube.org/latest/analysis/coverage/)
• Adding samples could be great but lambda problem again:
  

  uvpp/Makefile

  Line 8 in 1cd98ff

  # Lambda build error in examples SRCS: = test/main.cpp $(wildcard test/test-*.cpp) $(wildcard examples/*.cpp)

• Not sure of my update into Makefile because only make in ci-tests.yml seems not work
  

  uvpp/Makefile

  Lines 12 to 15 in 1cd98ff

  	test: build
  	./test/main
  	build: $(OBJS)

  
  

  uvpp/.github/workflows/ci-tests.yml

  Line 25 in 1cd98ff

  run: ./build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir bw_out make build

[axel3rd]

I need to analyse why PullRequest decoration is not done (perhaps because all is done manually)

@peio42 : You should Enable summary comment in project settings: https://sonarcloud.io/project/settings?category=pull_request&id=org.blutch%3Auvpp

[peio42]

[image: image.png] It is by default... Le sam. 5 déc. 2020 à 18:13, Alix Lourme <notifications@github.com> a écrit :

…

I need to analyse why PullRequest decoration is not done (perhaps because all is done manually) @peio42 <https://github.com/peio42> : You should *Enable summary comment* in project settings: https://sonarcloud.io/project/settings?category=pull_request&id=org.blutch%3Auvpp — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#3 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKVMZSIRBBOASRBTLKK2H3TSTJS4XANCNFSM4UGT7WJQ> .

[axel3rd]

It is by default...

So perhaps to be complicated with scanner executed manually ... to see in the future