Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(sage-monorepo): test new Sonar PR workflow #2596

Merged
merged 5 commits into from
Mar 25, 2024
Merged

chore(sage-monorepo): test new Sonar PR workflow #2596

merged 5 commits into from
Mar 25, 2024

Conversation

tschaffter
Copy link
Member

@tschaffter tschaffter commented Mar 25, 2024
edited
Loading

Related to #2590

Preview

Environment reviewer-based solution

This new approach requires a user from an environment reviewer list to review and approve the workflow before it can run. A benefit is that we can have a fine-grained control over this list compared to the list of users who can add labels to a PR (every users with Write permissions).

This approach requires the reviewer to approve ALL commits, compared to the label-based system that only needs the user to add the label once. Hence, a benefit of this approach is to save compute time.

Approaching the workflows takes more clicks (4-5) than when using a label.

Step 1

The "Sonar Scan" task requires an approval because the workflow needs access to a secret SONAR_TOKEN that could potentially be extracted by an ill-intentioned user.

image

Step 2

Click on "Details" for the "Sonar Scan" task. Note the orange clock icon that indicates that the workflow is waiting on a manual review.

Step 3

Click on "Review pending deployments"

image

Step 4

Approve the Sonar deployment.

image

Requires branches to be up-to-date

At least one check must be marked as Required in the branch protection to enable this feature.

image image

The Developer has two options to update their feature branch:

  • Option 1: Click on "Update with merge commit". If more local development is required, the user can then do git pull to pull the update to their local feature branch.
  • Option 2: Update the feature branch with main from their local development environment, then git push to push the changes to the remote.

@tschaffter tschaffter self-assigned this Mar 25, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Mar 25, 2024

Quality Gate Passed Quality Gate passed for 'openchallenges-app'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@tschaffter tschaffter marked this pull request as ready for review March 25, 2024 21:36
@tschaffter tschaffter merged commit c62ba70 into Sage-Bionetworks:main Mar 25, 2024
13 checks passed
@tschaffter tschaffter deleted the test-sonar-workflow branch March 25, 2024 21:36
@tschaffter tschaffter mentioned this pull request Mar 29, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rrchai rrchai Awaiting requested review from rrchai rrchai is a code owner

@vpchung vpchung Awaiting requested review from vpchung

Assignees

@tschaffter tschaffter

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tschaffter