You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@fineract.apache.org by VICTOR MANUEL ROMERO RODRIGUEZ <vi...@fintecheando.mx> on 2021/10/20 04:58:33 UTC
SonarQube Analysis Results
Hello Fineract Community,
Today the SonarQube at SonarCloud is publishing the results of the
Fineract's Source Code Analysis.
https://sonarcloud.io/dashboard?id=apache_fineract
The results will give us visibility about the improvements that can be done
for improving the QA.
Now working also in the Fineract-CN repositories and I will let you know
the results.
Regards
Victor
Re: SonarQube Analysis Results
Posted by Giorgio Zoppi <gi...@gmail.com>.
Great job!
It would be nice using the scanner during the build to post coverage.
https://medium.com/backend-habit/generate-codecoverage-report-with-jacoco-and-sonarqube-ed15c4045885
:)
Re: SonarQube Analysis Results
Posted by VICTOR MANUEL ROMERO RODRIGUEZ <vi...@fintecheando.mx>.
Hello James.
We use the automated tools for having insights about the potential issues.
The projects that we had last year pushed us to do improvements because the
technical teams use SonarQube, Nexus, Sonatype, etc, etc and they marked
the SonarQube as findings. There were false positives of course but we had
to give a technical explanation about them.
i.e. I have opened a ticket about some findings
https://issues.apache.org/jira/browse/FINERACT-1415 and the PR is here
https://github.com/apache/fineract/pull/1908 (not the fixes have been
applied)
Awasum, thanks for the tip, I will try Sonarlint.
[image: image.png]
Regards
El mié, 20 oct 2021 a las 6:32, James Dailey (<ja...@gmail.com>)
escribió:
> Yes. Good to have another measure. Thanks Victor!
>
> I would not be discouraged and please take the total days w a big grain of
> salt. These automated tools are kinda mindless (sic).
>
> Curious if the six blocker issues found are critical and already raised on
> Jira in some way? (That would be a good data point.)
>
> Maybe version 1.6 can reduce this debt estimate by 25% ? Is that a good
> target?
>
>
>
>
>
>
> On Tue, Oct 19, 2021, 10:47 PM Awasum Yannick <aw...@apache.org> wrote:
>
>> Thanks very much for this valuable work Victor.
>>
>> This will help the Fineract code bases to improve in quality over time.
>>
>> Woow, we have about 360 days of tech debt... Weeeew...
>>
>> This will probably also be added as a point in Fineract 1.x roadmap been
>> discussed on the other thread.
>>
>> On Wed, Oct 20, 2021, 05:58 VICTOR MANUEL ROMERO RODRIGUEZ <
>> victor.romero@fintecheando.mx> wrote:
>>
>>> Hello Fineract Community,
>>>
>>> Today the SonarQube at SonarCloud is publishing the results of the
>>> Fineract's Source Code Analysis.
>>>
>>> https://sonarcloud.io/dashboard?id=apache_fineract
>>>
>>> The results will give us visibility about the improvements that can be
>>> done for improving the QA.
>>>
>>> Now working also in the Fineract-CN repositories and I will let you know
>>> the results.
>>>
>>> Regards
>>>
>>> Victor
>>>
>>
Re: SonarQube Analysis Results
Posted by Giorgio Zoppi <gi...@gmail.com>.
My apologies Victor, it was my fault.
Il giorno mer 20 ott 2021 alle ore 17:57 VICTOR MANUEL ROMERO RODRIGUEZ <
victor.romero@fintecheando.mx> ha scritto:
> Hello Awasum,
>
> Yes, they have an entry, it was requested to Apache Infra team, but I mean
> to add the configurations required in the .yml and in the build
> configuration files for reporting the analysis result to SonarCloud for
> each Fineract-CN repository.
>
> Regards.
>
> Victor
>
> El mié, 20 oct 2021 a las 10:48, Awasum Yannick (<aw...@apache.org>)
> escribió:
>
>> Hi Victor,
>>
>> I searched SonaQube and found that most Apache projects already have
>> defined keys or ids which we can reuse when referencing Fineract CN repos:
>> https://sonarcloud.io/organizations/apache/projects?search=fineract
>>
>>
>> On Wed, Oct 20, 2021 at 2:18 PM Awasum Yannick <aw...@apache.org> wrote:
>>
>>>
>>>
>>> On Wed, Oct 20, 2021 at 12:32 PM James Dailey <ja...@gmail.com>
>>> wrote:
>>>
>>>> Yes. Good to have another measure. Thanks Victor!
>>>>
>>>> I would not be discouraged and please take the total days w a big grain
>>>> of salt. These automated tools are kinda mindless (sic).
>>>>
>>>
>>> I was thinking more along the lines of if the estimate is this long,
>>> then in an open source project where all the contributors are volunteers,
>>> it will probably take longer than a year to get compliant with SonarQube.
>>>
>>> Some of those code smells and bug reports might be false positives.
>>>
>>>>
>>>> Curious if the six blocker issues found are critical and already raised
>>>> on Jira in some way? (That would be a good data point.)
>>>>
>>>> Maybe version 1.6 can reduce this debt estimate by 25% ? Is that a
>>>> good target?
>>>>
>>>
>>> Depends alot on the volunteers available. Even just a 5% technical debt
>>> reduction per month is a good goal given the community rate of code
>>> contributions.
>>>
>>> The good thing is that with SonarQube in place, we can check and make
>>> sure new code doesn't increase the technical debt.
>>>
>>> Recently at work, we started using SonarLint (https://www.sonarlint.org/)
>>> to aid us in writing higher quality code. SonarLint is actually the
>>> lighter, IDE specific version of SonarQube, It will find faults or errors
>>> as you code before it even reaches the compile stage or CI tools. It would
>>> be a good idea to test it on a Fineract repo and follow most of the
>>> recommendations.
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Oct 19, 2021, 10:47 PM Awasum Yannick <aw...@apache.org>
>>>> wrote:
>>>>
>>>>> Thanks very much for this valuable work Victor.
>>>>>
>>>>> This will help the Fineract code bases to improve in quality over time.
>>>>>
>>>>> Woow, we have about 360 days of tech debt... Weeeew...
>>>>>
>>>>> This will probably also be added as a point in Fineract 1.x roadmap
>>>>> been discussed on the other thread.
>>>>>
>>>>> On Wed, Oct 20, 2021, 05:58 VICTOR MANUEL ROMERO RODRIGUEZ <
>>>>> victor.romero@fintecheando.mx> wrote:
>>>>>
>>>>>> Hello Fineract Community,
>>>>>>
>>>>>> Today the SonarQube at SonarCloud is publishing the results of the
>>>>>> Fineract's Source Code Analysis.
>>>>>>
>>>>>> https://sonarcloud.io/dashboard?id=apache_fineract
>>>>>>
>>>>>> The results will give us visibility about the improvements that can
>>>>>> be done for improving the QA.
>>>>>>
>>>>>> Now working also in the Fineract-CN repositories and I will let you
>>>>>> know the results.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Victor
>>>>>>
>>>>>
--
Life is a chess game - Anonymous.
Re: SonarQube Analysis Results
Posted by VICTOR MANUEL ROMERO RODRIGUEZ <vi...@fintecheando.mx>.
Hello Awasum,
Yes, they have an entry, it was requested to Apache Infra team, but I mean
to add the configurations required in the .yml and in the build
configuration files for reporting the analysis result to SonarCloud for
each Fineract-CN repository.
Regards.
Victor
El mié, 20 oct 2021 a las 10:48, Awasum Yannick (<aw...@apache.org>)
escribió:
> Hi Victor,
>
> I searched SonaQube and found that most Apache projects already have
> defined keys or ids which we can reuse when referencing Fineract CN repos:
> https://sonarcloud.io/organizations/apache/projects?search=fineract
>
>
> On Wed, Oct 20, 2021 at 2:18 PM Awasum Yannick <aw...@apache.org> wrote:
>
>>
>>
>> On Wed, Oct 20, 2021 at 12:32 PM James Dailey <ja...@gmail.com>
>> wrote:
>>
>>> Yes. Good to have another measure. Thanks Victor!
>>>
>>> I would not be discouraged and please take the total days w a big grain
>>> of salt. These automated tools are kinda mindless (sic).
>>>
>>
>> I was thinking more along the lines of if the estimate is this long, then
>> in an open source project where all the contributors are volunteers, it
>> will probably take longer than a year to get compliant with SonarQube.
>>
>> Some of those code smells and bug reports might be false positives.
>>
>>>
>>> Curious if the six blocker issues found are critical and already raised
>>> on Jira in some way? (That would be a good data point.)
>>>
>>> Maybe version 1.6 can reduce this debt estimate by 25% ? Is that a good
>>> target?
>>>
>>
>> Depends alot on the volunteers available. Even just a 5% technical debt
>> reduction per month is a good goal given the community rate of code
>> contributions.
>>
>> The good thing is that with SonarQube in place, we can check and make
>> sure new code doesn't increase the technical debt.
>>
>> Recently at work, we started using SonarLint (https://www.sonarlint.org/)
>> to aid us in writing higher quality code. SonarLint is actually the
>> lighter, IDE specific version of SonarQube, It will find faults or errors
>> as you code before it even reaches the compile stage or CI tools. It would
>> be a good idea to test it on a Fineract repo and follow most of the
>> recommendations.
>>
>>
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Oct 19, 2021, 10:47 PM Awasum Yannick <aw...@apache.org> wrote:
>>>
>>>> Thanks very much for this valuable work Victor.
>>>>
>>>> This will help the Fineract code bases to improve in quality over time.
>>>>
>>>> Woow, we have about 360 days of tech debt... Weeeew...
>>>>
>>>> This will probably also be added as a point in Fineract 1.x roadmap
>>>> been discussed on the other thread.
>>>>
>>>> On Wed, Oct 20, 2021, 05:58 VICTOR MANUEL ROMERO RODRIGUEZ <
>>>> victor.romero@fintecheando.mx> wrote:
>>>>
>>>>> Hello Fineract Community,
>>>>>
>>>>> Today the SonarQube at SonarCloud is publishing the results of the
>>>>> Fineract's Source Code Analysis.
>>>>>
>>>>> https://sonarcloud.io/dashboard?id=apache_fineract
>>>>>
>>>>> The results will give us visibility about the improvements that can be
>>>>> done for improving the QA.
>>>>>
>>>>> Now working also in the Fineract-CN repositories and I will let you
>>>>> know the results.
>>>>>
>>>>> Regards
>>>>>
>>>>> Victor
>>>>>
>>>>
Re: SonarQube Analysis Results
Posted by Awasum Yannick <aw...@apache.org>.
Hi Victor,
I searched SonaQube and found that most Apache projects already have
defined keys or ids which we can reuse when referencing Fineract CN repos:
https://sonarcloud.io/organizations/apache/projects?search=fineract
On Wed, Oct 20, 2021 at 2:18 PM Awasum Yannick <aw...@apache.org> wrote:
>
>
> On Wed, Oct 20, 2021 at 12:32 PM James Dailey <ja...@gmail.com>
> wrote:
>
>> Yes. Good to have another measure. Thanks Victor!
>>
>> I would not be discouraged and please take the total days w a big grain
>> of salt. These automated tools are kinda mindless (sic).
>>
>
> I was thinking more along the lines of if the estimate is this long, then
> in an open source project where all the contributors are volunteers, it
> will probably take longer than a year to get compliant with SonarQube.
>
> Some of those code smells and bug reports might be false positives.
>
>>
>> Curious if the six blocker issues found are critical and already raised
>> on Jira in some way? (That would be a good data point.)
>>
>> Maybe version 1.6 can reduce this debt estimate by 25% ? Is that a good
>> target?
>>
>
> Depends alot on the volunteers available. Even just a 5% technical debt
> reduction per month is a good goal given the community rate of code
> contributions.
>
> The good thing is that with SonarQube in place, we can check and make sure
> new code doesn't increase the technical debt.
>
> Recently at work, we started using SonarLint (https://www.sonarlint.org/)
> to aid us in writing higher quality code. SonarLint is actually the
> lighter, IDE specific version of SonarQube, It will find faults or errors
> as you code before it even reaches the compile stage or CI tools. It would
> be a good idea to test it on a Fineract repo and follow most of the
> recommendations.
>
>
>>
>>
>>
>>
>>
>> On Tue, Oct 19, 2021, 10:47 PM Awasum Yannick <aw...@apache.org> wrote:
>>
>>> Thanks very much for this valuable work Victor.
>>>
>>> This will help the Fineract code bases to improve in quality over time.
>>>
>>> Woow, we have about 360 days of tech debt... Weeeew...
>>>
>>> This will probably also be added as a point in Fineract 1.x roadmap been
>>> discussed on the other thread.
>>>
>>> On Wed, Oct 20, 2021, 05:58 VICTOR MANUEL ROMERO RODRIGUEZ <
>>> victor.romero@fintecheando.mx> wrote:
>>>
>>>> Hello Fineract Community,
>>>>
>>>> Today the SonarQube at SonarCloud is publishing the results of the
>>>> Fineract's Source Code Analysis.
>>>>
>>>> https://sonarcloud.io/dashboard?id=apache_fineract
>>>>
>>>> The results will give us visibility about the improvements that can be
>>>> done for improving the QA.
>>>>
>>>> Now working also in the Fineract-CN repositories and I will let you
>>>> know the results.
>>>>
>>>> Regards
>>>>
>>>> Victor
>>>>
>>>
Re: SonarQube Analysis Results
Posted by Awasum Yannick <aw...@apache.org>.
On Wed, Oct 20, 2021 at 12:32 PM James Dailey <ja...@gmail.com>
wrote:
> Yes. Good to have another measure. Thanks Victor!
>
> I would not be discouraged and please take the total days w a big grain of
> salt. These automated tools are kinda mindless (sic).
>
I was thinking more along the lines of if the estimate is this long, then
in an open source project where all the contributors are volunteers, it
will probably take longer than a year to get compliant with SonarQube.
Some of those code smells and bug reports might be false positives.
>
> Curious if the six blocker issues found are critical and already raised on
> Jira in some way? (That would be a good data point.)
>
> Maybe version 1.6 can reduce this debt estimate by 25% ? Is that a good
> target?
>
Depends alot on the volunteers available. Even just a 5% technical debt
reduction per month is a good goal given the community rate of code
contributions.
The good thing is that with SonarQube in place, we can check and make sure
new code doesn't increase the technical debt.
Recently at work, we started using SonarLint (https://www.sonarlint.org/)
to aid us in writing higher quality code. SonarLint is actually the
lighter, IDE specific version of SonarQube, It will find faults or errors
as you code before it even reaches the compile stage or CI tools. It would
be a good idea to test it on a Fineract repo and follow most of the
recommendations.
>
>
>
>
>
> On Tue, Oct 19, 2021, 10:47 PM Awasum Yannick <aw...@apache.org> wrote:
>
>> Thanks very much for this valuable work Victor.
>>
>> This will help the Fineract code bases to improve in quality over time.
>>
>> Woow, we have about 360 days of tech debt... Weeeew...
>>
>> This will probably also be added as a point in Fineract 1.x roadmap been
>> discussed on the other thread.
>>
>> On Wed, Oct 20, 2021, 05:58 VICTOR MANUEL ROMERO RODRIGUEZ <
>> victor.romero@fintecheando.mx> wrote:
>>
>>> Hello Fineract Community,
>>>
>>> Today the SonarQube at SonarCloud is publishing the results of the
>>> Fineract's Source Code Analysis.
>>>
>>> https://sonarcloud.io/dashboard?id=apache_fineract
>>>
>>> The results will give us visibility about the improvements that can be
>>> done for improving the QA.
>>>
>>> Now working also in the Fineract-CN repositories and I will let you know
>>> the results.
>>>
>>> Regards
>>>
>>> Victor
>>>
>>
Re: SonarQube Analysis Results
Posted by James Dailey <ja...@gmail.com>.
Yes. Good to have another measure. Thanks Victor!
I would not be discouraged and please take the total days w a big grain of
salt. These automated tools are kinda mindless (sic).
Curious if the six blocker issues found are critical and already raised on
Jira in some way? (That would be a good data point.)
Maybe version 1.6 can reduce this debt estimate by 25% ? Is that a good
target?
On Tue, Oct 19, 2021, 10:47 PM Awasum Yannick <aw...@apache.org> wrote:
> Thanks very much for this valuable work Victor.
>
> This will help the Fineract code bases to improve in quality over time.
>
> Woow, we have about 360 days of tech debt... Weeeew...
>
> This will probably also be added as a point in Fineract 1.x roadmap been
> discussed on the other thread.
>
> On Wed, Oct 20, 2021, 05:58 VICTOR MANUEL ROMERO RODRIGUEZ <
> victor.romero@fintecheando.mx> wrote:
>
>> Hello Fineract Community,
>>
>> Today the SonarQube at SonarCloud is publishing the results of the
>> Fineract's Source Code Analysis.
>>
>> https://sonarcloud.io/dashboard?id=apache_fineract
>>
>> The results will give us visibility about the improvements that can be
>> done for improving the QA.
>>
>> Now working also in the Fineract-CN repositories and I will let you know
>> the results.
>>
>> Regards
>>
>> Victor
>>
>
Re: SonarQube Analysis Results
Posted by Awasum Yannick <aw...@apache.org>.
Thanks very much for this valuable work Victor.
This will help the Fineract code bases to improve in quality over time.
Woow, we have about 360 days of tech debt... Weeeew...
This will probably also be added as a point in Fineract 1.x roadmap been
discussed on the other thread.
On Wed, Oct 20, 2021, 05:58 VICTOR MANUEL ROMERO RODRIGUEZ <
victor.romero@fintecheando.mx> wrote:
> Hello Fineract Community,
>
> Today the SonarQube at SonarCloud is publishing the results of the
> Fineract's Source Code Analysis.
>
> https://sonarcloud.io/dashboard?id=apache_fineract
>
> The results will give us visibility about the improvements that can be
> done for improving the QA.
>
> Now working also in the Fineract-CN repositories and I will let you know
> the results.
>
> Regards
>
> Victor
>