deblan/gitea-sonarqube-bot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
3 commits 3 branches 5 tags 563 KiB
Go 95.5%
Makefile 1.8%
Dockerfile 1.3%
Smarty 1.3%
Go to file
justusbunsi 30d1d6c12e
Follow advisory: Add license, DCO and contributing 
Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>
2021-06-06 17:11:38 +02:00
assets Visualize workflow 2021-05-24 21:04:48 +02:00
.gitignore Initial commit 2021-05-24 21:03:41 +02:00
CONTRIBUTING.md Follow advisory: Add license, DCO and contributing 2021-06-06 17:11:38 +02:00
DCO Follow advisory: Add license, DCO and contributing 2021-06-06 17:11:38 +02:00
LICENSE Follow advisory: Add license, DCO and contributing 2021-06-06 17:11:38 +02:00
README.md Follow advisory: Add license, DCO and contributing 2021-06-06 17:11:38 +02:00

README.md

Gitea SonarQube PR Bot

Gitea SonarQube PR Bot is (obviously) a bot that receives messages from both SonarQube and Gitea to help developers being productive. The idea behind this project is the missing ALM integration of Gitea in SonarQube. Unfortunately, this won't be added in near future. Gitea SonarQube PR Bot aims to fill the gap between working on pull requests and being notified on quality changes. Luckily, both endpoints have a proper REST API to communicate with each others.

Workflow

Workflow

Insights

  • Bot activities
    • extract data from SonarQube
      • Read payload from hook post to receive project,branch/pr,quality-gate
      • Reads "api/project_pull_requests" to get current issue counts and current state
      • Load "api/issues/search" to get detailed information for unresolved issues
      • Load "api/measures/component"
    • comment PR in Gitea (/repos/{owner}/{repo}/issues/{index}/comments)
      • stores mapping of repo+pr+comment-id in ?redis?
    • updates status check (either failing/success)
    • listen on "/sq-bot review" comments
      -> updates comment (/repos/{owner}/{repo}/issues/comments/{id})
      -> updates status check (either failing/success)

Authentication

  • Gitea
    • User with token to access the REST API
    • User needs "Read project" permissions with (??at least??) access to "Pull Requests"
  • SonarQube
    • User with token to access the REST API
    • User needs "Browse on project" permissions

Bot configuration

  • SonarQube
    • Base URL
    • Token
    • Webhook Secret
  • Gitea
    • Base URL
    • Token
    • Webhook Secret

SonarQube configuration

  • Add user with necessary permissions
  • Create webhook pointing to the bot url (secure it with webhook secret)

Gitea configuration

  • Add user with necessary permissions
  • Create webhook on a project/organization pointing to the bot url (secure it with webhook secret)

Contributing

Expected workflow is: Fork -> Patch -> Push -> Pull Request

NOTES:

License

This project is licensed under the MIT License. See the LICENSE file for the full license text.