-
-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add LGTM.com / DeepSource.io configuration files #909
Conversation
The YAML configuration file for the LGTM static analysis tool can be either lgtm.yml or .lgtm.yml: https://help.semmle.com/lgtm-enterprise/user/help/lgtm.yml-configuration-file.html There is no need to integrate the LGTM tool in CI, as LGTM appears to be running on all repositories it has been run on once. The results currently appear here: https://lgtm.com/projects/g/zarr-developers/zarr-python
The TOML configuration file is .deepsource.toml: https://deepsource.io/docs/concepts/#deepsourcetoml-file DeepSource.io analysis must be enabled by a repository owner. It doesn't look like it is possible to run DeepSource.io on each PR, rather the monitored branch is analysed periodically, after commits are pushed.
The TOML configuration file for the DeepSource.io static analysis platform is As far as I can see, it is not possible to silence a class of alerts in the configuration file. Repository owners need to silence each alert individually from the user interface: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Only other thought that comes to mind is whether or not to add README badges.
It's perhaps a bit early for the badges:
|
Because Semmle has joined GitHub, LGTM.com will be deprecated and replaced by GitHub code scanning. The next step for LGTM.com: GitHub code scanning! As far as I can understand, in simple cases such as this one, automated pull requests will be created to help us migrate:
|
Thanks for keeping us uptodate, @DimitriPapadopoulos. See #1127 |
* Create codeql-analysis.yml see: - https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/ - #909 (comment) * Re-implement tempfile.mktemp using NamedTemporaryFile Adds zarr.tests.util.mktemp which can be used from all tests. The NamedTemporaryFile is immediately closed and only the path returned.
* Create codeql-analysis.yml see: - https://github.blog/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning/ - zarr-developers/zarr-python#909 (comment) * Re-implement tempfile.mktemp using NamedTemporaryFile Adds zarr.tests.util.mktemp which can be used from all tests. The NamedTemporaryFile is immediately closed and only the path returned.
The YAML configuration file for the LGTM static analysis tool can be either
lgtm.yml
or.lgtm.yml
:https://help.semmle.com/lgtm-enterprise/user/help/lgtm.yml-configuration-file.html
There is no need to integrate the LGTM tool in CI, as LGTM appears to be running on all repositories it has been run on once. The results currently appear here:
https://lgtm.com/projects/g/zarr-developers/zarr-python
The configuration file does not currently try to shut up any of the alerts:
__call__()
method identified as non-callable github/codeql#7287),See also #902 (comment).
TODO: