add sourcecode analysis #457
Labels
Comments
|
It's a good idea. |
|
Unfortunately, SonarQube will not run on foreign Pull requests (see details here) - sorry for that...
So we either ignore the pipeline error on external Pull requests or we update the script: >-
if [ "${SONAR_TOKEN}" != "" ]; then
cd pf4j && mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
else
cd pf4j && mvn -B verify
fiNote: above code is untested |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would like to suggest using SonarQube to keep code quality up. SonarQube is a code analyzer to point out bugs, potential security issues and code smells. SonarCloud is free to use for opensource projects and is easy to connect. I took the liberty to connect my pf4j fork to the SonarQ cloud: https://sonarcloud.io/dashboard?id=wolframhaussig_pf4j
Here is the PR for the change to support SonarQube: https://github.com/wolframhaussig/pf4j/pull/1/files . You can get started by going to the projects settings -> integrations -> SonarQube
The text was updated successfully, but these errors were encountered: