|
|
||
|---|---|---|
| cmd/gitea-sonarqube-bot | ||
| config | ||
| contrib | ||
| docker/usr/local/bin | ||
| docs | ||
| internal | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitignore | ||
| CONTRIBUTING.md | ||
| DCO | ||
| Dockerfile | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| README.md | ||
Gitea SonarQube PR Bot
Gitea SonarQube PR Bot is a bot that receives messages from both SonarQube and Gitea to help developers being productive. The idea behind this project is the missing ALM integration of Gitea in SonarQube. Unfortunately, this won't be added in near future. Gitea SonarQube PR Bot aims to fill the gap between working on pull requests and being notified on quality changes. Luckily, both endpoints have a proper REST API to communicate with each others.
Workflow
Insights
- Bot activities
- extract data from SonarQube
- Read payload from hook post to receive project,branch/pr,quality-gate
- Load "api/measures/component"
- comment PR in Gitea (/repos/{owner}/{repo}/issues/{index}/comments)
- updates status check (either failing/success)
- listen on "/sq-bot review" comments
- comment PR in Gitea (/repos/{owner}/{repo}/issues/{index}/comments)
- updates status check (either failing/success)
- extract data from SonarQube
Setup
SonarQube
- Create a user and grant permissions to "Browse on project" for the desired project
- Create a token for this user that will be used by the bot.
- Create a webhook pointing to
https://<bot-url>/sonarqube. Consider securing it with a secret.
Gitea
- Create a user and grant permissions to "Read project" for the desired projects including access to "Pull Requests"
- Create a token for this user that will be used by the bot.
- Create a project/organization/system webhook pointing to
https://<bot-url>/gitea. Consider securing it with a secret.
Bot configuration
See config.example.yaml for a full configuration specification and description.
Contributing
Expected workflow is: Fork -> Patch -> Push -> Pull Request
NOTES:
- Please read and follow the CONTRIBUTORS GUIDE.
TODOs
- Validate configuration on startup
- Verify webhook secrets
- Only post status-check (Opt-in/out)
- Maybe drop
PRBOT_CONFIG_PATHenvironment variable in favor of--config path/to/config.yamlcli attribute - Configure SonarQube PR branch naming pattern for more flexibility (currently focused on Jenkins with Gitea Plugin)
- Configuration live reloading
- Caching of outgoing requests in case the target is not available
- Parsable logging for monitoring
- Official image for containerized hosting
- Helm chart for Kubernetes
Possible improvements
- Reuse existing posted comment for updates via SonarQube webhook or
/sq-botcomments
Therefore storing or dynamically retrieving the previous comment id and modify content (/repos/{owner}/{repo}/issues/comments/{id}) - Add more information to posted comment
- Read "api/project_pull_requests" to get current issue counts and current state
- Load "api/issues/search" to get detailed information for unresolved issues
- Maybe directly show issues via review comments
License
This project is licensed under the MIT License. See the LICENSE file for the full license text.