Merge pull request #164 from insideapp-oss/feat/improvments

Improvements & clean up

Author: zippy1978

.github/workflows/release-drafter.yml

@@ -1,26 +1,54 @@
-name: Publish release
+name: Release
 
 on:
-  release:
-    types: [published]
+  push:
+    tags:
+      - 0.*
 
 jobs:
   build:
-    name: Build and upload release
+
     runs-on: ubuntu-latest
+
     steps:
-      - uses: actions/[email protected]
+      - name: Checkout
+        uses: actions/[email protected]
+
+      - name: Retrieve tag name
+        uses: olegtarasov/[email protected]
+        id: tag_name
+
       - name: Set up JDK 1.11
         uses: actions/[email protected]
         with:
           distribution: 'adopt'
           java-version: '11'
           check-latest: true
           cache: 'maven'
-      - name: Build with Maven
+
+      - name: Set version
+        run: mvn versions:set -DnewVersion=$GIT_TAG_NAME
+
+      - name: Build
         run: mvn -B package --file pom.xml
-      - name: Upload release artifact
-        uses: shogo82148/[email protected]
+
+      - name: Analyze
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+          -Dsonar.login=$SONAR_TOKEN \
+          -Dsonar.host.url=https://sonarcloud.io \
+          -Dsonar.organization=insideapp-oss \
+          -Dsonar.projectKey=insideapp-oss_sonar-flutter
+
+      - name: Upload release
+        uses: svenstaro/upload-release-action@v2
         with:
-          upload_url: ${{ github.event.release.upload_url }}
-          asset_path: sonar-flutter-plugin/target/sonar-flutter-plugin-*.jar
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: ${{github.workspace}}/sonar-flutter-plugin/target/*.jar
+          tag: ${{ steps.tag_name.outputs.tag }}
+          overwrite: true
+          body: ${{steps.build_changelog.outputs.changelog}}
+          file_glob: true

.github/workflows/release.yml

@@ -1,6 +1,52 @@
 ## Please check the Github releases for newer changelogs!
 
----
+## develop
+
+#### Breaking
+
+- SonarQube API update to 7.9 for latest LTS support (9.9)
+- Removed `dartanalyzer` implementation that scans each file individual, this may affect projects running on a (pretty) old Dart SDK.
+  The replacement runs legacy `dartanalyzer .` instead which is much faster.
+- Renamed `sonar.flutter.analyzer.mode` to `sonar.dart.analyzer.mode` and reworked implementation.
+  - Available options `DETECT|DART|FLUTTER|MANUAL|DARTANALYZER`
+  - Defaults to automatic detection by parsing the `pubspec.yaml`.
+  - Uses `flutter analyze` when `environment.flutter` is configured in `pubspec.yaml`.
+  - Uses `dart analyze` when `environment.flutter` is NOT configured in `pubspec.yaml`.
+  - Allows to be configured for legacy `dartanalyzer` if required (`DARTANALYZER`)
+  - Allows to be configured for pre-existing analysis reports (`MANUAL`)
+- Renamed `sonar.dart.analysis.useExistingOptions` to `sonar.dart.analyzer.options.override`, now defaults to `true`
+- Renamed `sonar.dart.analysis.reportPath` to `sonar.dart.analyzer.report.path` - this is only evaluated when `sonar.dart.analyzer.mode`is set to `MANUAL`
+- Added `sonar.dart.analyzer.report.mode` option
+  - Available options `DETECT|MACHINE|LEGACY`
+  - Defaults to automatic detection by parsing the Dart SDK version and defaults to `--format=machine` for Dart when SDK >= 2.12
+  - Can be set to legacy mode when using pre-existing analysis report or an older Dart SDK
+
+#### Experimental
+
+- None.
+
+#### Enhancements
+
+- Add a `pubspec.yaml` sensor which adds the file to SonarQube and allow showing lints for this file
+- Add support for multi-module projects (`sonar.modules=mylib,mylib_generator,example`)
+- Added missing dart keywords and corrected some
+  - `try`
+  - `hide`
+  - `show`
+  - `late`
+  - `of`
+  - `continue`
+  - `covariant`
+  - `out`
+  - `do`
+  - `dynamic`
+  - `native`
+- Rules update
+- Better rules description
+
+#### Bug Fixes
+
+- None.
 
 ## 0.3.2
 

.mvn/wrapper/MavenWrapperDownloader.java

@@ -0,0 +1,113 @@
+# Contributing
+
+This documentation is a guide for plugin developers / contributors.
+
+## Requirements
+
+- Java JDK 11+
+- Maven 3.8 or later
+- A local SonarQube instance for local testing
+
+## Main commands
+
+#### Add missing license headers on source files
+
+```bash
+$ mvn license:format
+```
+
+#### Local plugin deployment
+
+In order to start the plugin, SONARQUBE_HOME environment variable must be set
+
+If variable is already set, use:
+```bash
+$ mvn install
+```
+
+If variable is not set, it can be set inline:
+```bash
+$ SONARQUBE_HOME=~/path/to/sonarqube mvn install
+```
+
+When started locally SonarQube UI is available at http://localhost:9000
+
+#### Packaging
+
+```bash
+$ mvn package
+```
+
+## Updating rules
+
+The plugin rules are based on external linters such as dartanalyzer.
+
+When a new version of the linter (with new rules) is released, the matching repositoryRule repository must be updated as well in order to include the new rules.
+
+This update is mostly automatic with the execution of a Groovy script.
+
+### dartanalyzer update
+
+Use the following command to update the SwiftLint rules file:
+
+```bash
+$ mvn groovy:execute -Dsource=scripts/updateDartAnalyzerRules.groovy
+```
+
+### Filling rules information
+
+Eventhough updating rule repository file is mostly automatic, some data related to rules cannot be automatically computed.
+
+This is the case for :
+- severity (blocker, critical, major, minor, info)
+- type (code smell, bug, vulnerability)
+- debt (remediation effort estimate, optional)
+
+At the end of a rule update script, rules are scanned, and you are asked to fill missing information:
+
+```console
+Missing information on rule always_use_package_imports
+Avoid relative imports for files in lib/.
+
+Severity? (1 = BLOCKER, 2 = CRITICAL, 3 = MAJOR, 4 = MINOR, 5 = INFO)
+3
+MAJOR
+Type? (1 = CODE_SMELL, 2 = BUG, 3 = VULNERABILITY, 4 = SECURITY_HOTSPOT)
+1
+CODE_SMELL
+Remediation time? (in minutes)
+5
+5min
+```
+> **Warning**
+> By default, rules manually processed are limited to 20 (defined in the `scripts.max-manual`property of the `pom.xml`) per run.
+> If there are more than 20 rules to fill manually, launch the script again to process next rules.
+
+## Releasing
+
+### Snapshots
+
+Every push to `develop` branch updates the matching snapshot release.
+
+For example: if project version is set to `0.1-SNAPSHOT` on`develop`. A `0.1-SNAPSHOT` will be released (or release will be updated if it already exists) as soon as the `maven.yml` GitHub actions workflow finishes.
+
+### Stable
+
+A new stable release is pushed on GitHub, on every new tag creation (performed by the `release.yml` GitHub Actions workflow).
+
+The steps to issue a new stable release are:
+1. Merge `develop` branch to `main`branch (do not squash in order to keep commit history).
+2. Create a new tag from `main` branch with a naming matching the release number. Example:
+```bash
+$ git tag -a 0.1.0
+```
+3. Push the new tag with:
+```bash
+$ git push --tags
+```
+
+Once released, remember to update the project version on the `develop`branch to a new snapshot number:
+```bash
+$ mvn versions:set -DnewVersion=0.2-SNAPSHOT
+``` 
+