You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avro.apache.org by "Michael A. Smith" <mi...@smith-li.com> on 2018/11/07 15:01:02 UTC
Static Analysis
Now that the Yetus/Travis integration is running (yay), I hope it's not
premature to talk about static analysis tools, or as they're sometimes
called "automated code review".
Correct me if I have it wrong, but I believe our Yetus/Travis integration
is focused on running the handwritten test cases in each lang. Even if we
turn on a static analyzer, we'd have to pick through its output in Travis'
console. "Automated Code Review" tools provide line-based feedback in your
PR, and they return results much faster than unit tests. Many of the
companies that run these automated code review tools are free for open
source projects. Here are a few that I've worked with before, for
consideration:
- https://codeclimate.com/oss/
- https://codebeat.co/open-source/
- http://opensource.codacy.com/
- https://scrutinizer-ci.com/
They are all great, and I don't strongly care which one we use, but I think
isolating the static analysis from the unit test runner is worth doing so
we get feedback faster on little easy-to-fix things.
What do you think?
Re: Static Analysis
Posted by "Michael A. Smith" <mi...@smith-li.com>.
Yes, that’s basically what I want. I would also like to turn on other tools
like Sonar, Bandit and MyPy as well. Codeclimate is pretty good about
detecting the language in a multi language repository in my experience, but
I want to emphasize that what I really think would benefit this project is
a clear and fast user experience for getting feedback. If yetus supplies
that, great.
On Wed, Nov 7, 2018 at 16:22 Driesprong, Fokko <fo...@driesprong.frl> wrote:
> Hi Michael,
>
> Thanks for suggesting this. Also with Apache Yetus we can enable plugins
> like Spotbugs for Java, pylint for Python, hadolint for Docker,
> shellcheck for shellscripts and many more. Is this what you're looking for?
> I'm in favor of static analysis, but with so many languages in the
> repository, I'm not sure if it will work.
>
> Cheers, Fokko
>
> Op wo 7 nov. 2018 om 21:02 schreef Zoltan Farkas
> <zo...@yahoo.com.invalid>:
>
> > +1 for static analysis.
> >
> > here is what codacy looks like on the avro fork I use:
> > https://app.codacy.com/project/zolyfarkas/avro/dashboard
> >
> >
> > —Z
> >
> >
> > > On Nov 7, 2018, at 10:01 AM, Michael A. Smith <mi...@smith-li.com>
> > wrote:
> > >
> > > Now that the Yetus/Travis integration is running (yay), I hope it's not
> > > premature to talk about static analysis tools, or as they're sometimes
> > > called "automated code review".
> > >
> > > Correct me if I have it wrong, but I believe our Yetus/Travis
> integration
> > > is focused on running the handwritten test cases in each lang. Even if
> we
> > > turn on a static analyzer, we'd have to pick through its output in
> > Travis'
> > > console. "Automated Code Review" tools provide line-based feedback in
> > your
> > > PR, and they return results much faster than unit tests. Many of the
> > > companies that run these automated code review tools are free for open
> > > source projects. Here are a few that I've worked with before, for
> > > consideration:
> > >
> > > - https://codeclimate.com/oss/
> > > - https://codebeat.co/open-source/
> > > - http://opensource.codacy.com/
> > > - https://scrutinizer-ci.com/
> > >
> > > They are all great, and I don't strongly care which one we use, but I
> > think
> > > isolating the static analysis from the unit test runner is worth doing
> so
> > > we get feedback faster on little easy-to-fix things.
> > >
> > > What do you think?
> >
> >
>
Re: Static Analysis
Posted by "Driesprong, Fokko" <fo...@driesprong.frl>.
Hi Michael,
Thanks for suggesting this. Also with Apache Yetus we can enable plugins
like Spotbugs for Java, pylint for Python, hadolint for Docker,
shellcheck for shellscripts and many more. Is this what you're looking for?
I'm in favor of static analysis, but with so many languages in the
repository, I'm not sure if it will work.
Cheers, Fokko
Op wo 7 nov. 2018 om 21:02 schreef Zoltan Farkas
<zo...@yahoo.com.invalid>:
> +1 for static analysis.
>
> here is what codacy looks like on the avro fork I use:
> https://app.codacy.com/project/zolyfarkas/avro/dashboard
>
>
> —Z
>
>
> > On Nov 7, 2018, at 10:01 AM, Michael A. Smith <mi...@smith-li.com>
> wrote:
> >
> > Now that the Yetus/Travis integration is running (yay), I hope it's not
> > premature to talk about static analysis tools, or as they're sometimes
> > called "automated code review".
> >
> > Correct me if I have it wrong, but I believe our Yetus/Travis integration
> > is focused on running the handwritten test cases in each lang. Even if we
> > turn on a static analyzer, we'd have to pick through its output in
> Travis'
> > console. "Automated Code Review" tools provide line-based feedback in
> your
> > PR, and they return results much faster than unit tests. Many of the
> > companies that run these automated code review tools are free for open
> > source projects. Here are a few that I've worked with before, for
> > consideration:
> >
> > - https://codeclimate.com/oss/
> > - https://codebeat.co/open-source/
> > - http://opensource.codacy.com/
> > - https://scrutinizer-ci.com/
> >
> > They are all great, and I don't strongly care which one we use, but I
> think
> > isolating the static analysis from the unit test runner is worth doing so
> > we get feedback faster on little easy-to-fix things.
> >
> > What do you think?
>
>
Re: Static Analysis
Posted by Zoltan Farkas <zo...@yahoo.com.INVALID>.
+1 for static analysis.
here is what codacy looks like on the avro fork I use: https://app.codacy.com/project/zolyfarkas/avro/dashboard
—Z
> On Nov 7, 2018, at 10:01 AM, Michael A. Smith <mi...@smith-li.com> wrote:
>
> Now that the Yetus/Travis integration is running (yay), I hope it's not
> premature to talk about static analysis tools, or as they're sometimes
> called "automated code review".
>
> Correct me if I have it wrong, but I believe our Yetus/Travis integration
> is focused on running the handwritten test cases in each lang. Even if we
> turn on a static analyzer, we'd have to pick through its output in Travis'
> console. "Automated Code Review" tools provide line-based feedback in your
> PR, and they return results much faster than unit tests. Many of the
> companies that run these automated code review tools are free for open
> source projects. Here are a few that I've worked with before, for
> consideration:
>
> - https://codeclimate.com/oss/
> - https://codebeat.co/open-source/
> - http://opensource.codacy.com/
> - https://scrutinizer-ci.com/
>
> They are all great, and I don't strongly care which one we use, but I think
> isolating the static analysis from the unit test runner is worth doing so
> we get feedback faster on little easy-to-fix things.
>
> What do you think?