30d1d6c12e
Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com> |
||
---|---|---|
assets | ||
.gitignore | ||
CONTRIBUTING.md | ||
DCO | ||
LICENSE | ||
README.md |
Gitea SonarQube PR Bot
Gitea SonarQube PR Bot is (obviously) a bot that receives messages from both SonarQube and Gitea to help developers being productive. The idea behind this project is the missing ALM integration of Gitea in SonarQube. Unfortunately, this won't be added in near future. Gitea SonarQube PR Bot aims to fill the gap between working on pull requests and being notified on quality changes. Luckily, both endpoints have a proper REST API to communicate with each others.
Workflow
Insights
- Bot activities
- extract data from SonarQube
- Read payload from hook post to receive project,branch/pr,quality-gate
- Reads "api/project_pull_requests" to get current issue counts and current state
- Load "api/issues/search" to get detailed information for unresolved issues
- Load "api/measures/component"
- comment PR in Gitea (/repos/{owner}/{repo}/issues/{index}/comments)
- stores mapping of repo+pr+comment-id in ?redis?
- updates status check (either failing/success)
- listen on "/sq-bot review" comments
-> updates comment (/repos/{owner}/{repo}/issues/comments/{id})
-> updates status check (either failing/success)
- extract data from SonarQube
Authentication
- Gitea
- User with token to access the REST API
- User needs "Read project" permissions with (??at least??) access to "Pull Requests"
- SonarQube
- User with token to access the REST API
- User needs "Browse on project" permissions
Bot configuration
- SonarQube
- Base URL
- Token
- Webhook Secret
- Gitea
- Base URL
- Token
- Webhook Secret
SonarQube configuration
- Add user with necessary permissions
- Create webhook pointing to the bot url (secure it with webhook secret)
Gitea configuration
- Add user with necessary permissions
- Create webhook on a project/organization pointing to the bot url (secure it with webhook secret)
Contributing
Expected workflow is: Fork -> Patch -> Push -> Pull Request
NOTES:
- Please read and follow the CONTRIBUTORS GUIDE.
License
This project is licensed under the MIT License. See the LICENSE file for the full license text.