af38a31bbe
The current code base regarding API entrypoint is not testable as it directly connects to Gitea when creating the API endpoints. This prevented my from writing tests in the past for that part. As the SonarQube quality gate broke due to changes in the API entrypoint logic, tests are now required to satisfy the quality gate. Therefore, the instantiation of the API handlers is now decoupled from building the bot API endpoints and follows the same interface wrapper strategy as used for the Gitea API client. This makes it testable. Now, tests are written for the most parts of the API entrypoint. I've also noticed that there was much overhead within the tests for a non-implemented function `fetchDetails`. So I dropped that function for now. Signed-off-by: Steven Kriegler <sk.bunsenbrenner@gmail.com> |
||
---|---|---|
cmd/gitea-sonarqube-bot | ||
config | ||
contrib | ||
docker/usr/local/bin | ||
docs | ||
helm | ||
internal | ||
.dockerignore | ||
.editorconfig | ||
.gitignore | ||
CONTRIBUTING.md | ||
DCO | ||
Dockerfile | ||
go.mod | ||
go.sum | ||
LICENSE | ||
Makefile | ||
package-lock.json | ||
package.json | ||
README.md | ||
sonar-project.properties |
Gitea SonarQube Bot
Gitea SonarQube Bot is a bot that receives messages from both SonarQube and Gitea to help developers being productive. The idea behind this project is the missing ALM integration of Gitea in SonarQube. Unfortunately, this won't be added in near future. Gitea SonarQube Bot aims to fill the gap between working on pull requests and being notified on quality changes. Luckily, both endpoints have a proper REST API to communicate with each others.
Workflow
Insights
- Bot activities
- Extract data from SonarQube
- Read payload from hook post to receive project,branch/pr,quality-gate
- Load "api/measures/component"
- Comment PR in Gitea (/repos/{owner}/{repo}/issues/{index}/comments)
- Updates status check (either failing/success)
- Listen on "/sq-bot review" comments
- Comment PR in Gitea (/repos/{owner}/{repo}/issues/{index}/comments)
- Updates status check (either failing/success)
- Extract data from SonarQube
Requirements
This bot is designed to perform SonarQube/SonarCloud API requests specific for pull requests. This feature is available in the Community edition via Sonarqube Community Branch Plugin or natively in SonarQube Developer edition and above.
Bot configuration
See config.example.yaml for a full configuration specification and description.
Installation
Docker
Create a directory config
and place your config.yaml inside it. Open a terminal next to this directory
and execute the following (replace $TAG
first):
docker run --rm -it -p 9000:3000 -v "$(pwd)/config/:/home/bot/config/" justusbunsi/gitea-sonarqube-bot:$TAG
Helm Chart
See Helm Chart README for detailed instructions.
Setup
SonarQube
- Create a user and grant permissions to "Browse on project" for the desired project
- Create a token for this user that will be used by the bot
- Create a webhook pointing to
https://<bot-url>/hooks/sonarqube
- Consider securing it with a secret
Gitea
- Create a user and grant permissions to "Read project" for the desired projects including access to "Pull Requests"
- Create a token for this user that will be used by the bot
- Create a project/organization/system webhook pointing to
https://<bot-url>/hooks/gitea
- Consider securing the webhook with a secret
CI system
Some CI systems may emulate a merge and therefore produce another, not yet existing commit hash that is promoted to SonarQube.
This would cause the bot to fail to set the commit status in Gitea because the webhook sent by SonarQube contains that commit hash.
To mitigate that situation, the bot will look inside the properties
object for the key sonar.analysis.sqbot
. If available, this
key can contain the actual commit hash to use for updating the status in Gitea.
See SonarQube docs for details.
Contributing
Expected workflow is: Fork -> Patch -> Push -> Pull Request
NOTES:
- Please read and follow the CONTRIBUTORS GUIDE.
License
This project is licensed under the MIT License. See the LICENSE file for the full license text.
Screenshots
Bot name and avatar depend on user configuration.