Ben Companjen (Oct 05 2023 at 19:19): Ben Companjen (Oct 05 2023 at 19:19):I'm here โ but don't expect me to hang around regularly. Just wanted to say that Sonarcloud estimates 244 days of work to clean up code smells, (potential) issues and vulnerabilities. And that doesn't include issues that it couldn't estimate... :exploding_head:
So, I'm all for https://github.com/IQSS/dataverse/pull/9847 to at least have a bit clearer view of what may be done.
Philip Durbin ๐ (Oct 05 2023 at 19:22):Yikes, that's a lot of days!
Ben Companjen (Oct 05 2023 at 20:00):Don't get discouraged! If I ever get bored I may try to help get that number down.
Philip Durbin ๐ (Oct 05 2023 at 20:01):Well, we had a little momentum in last August when I made that PR. I hope it isn't gone already. :sweat_smile:
Philip Durbin ๐ (Oct 05 2023 at 20:02):It's hard. We're pulled in a lot of directions.
Ben Companjen (Oct 05 2023 at 20:05):I'm running Sonar locally at the moment. My main question would be if running the sonar:sonar goal should be a separate job in an existing workflow, a separate step in the Maven workflow or part of the "Maven Code Coverage" step.
Oliver Bertuch (Oct 05 2023 at 20:06):I'd like to leave a note that I asked at the time if you (@Philip Durbin) wanted me to add the sonarcloud bits... :see_no_evil:
Philip Durbin ๐ (Oct 05 2023 at 20:07):@Oliver Bertuch sounds familiar. Sure! Please hack away at that PR!
Philip Durbin ๐ (Oct 05 2023 at 20:08):@Ben Companjen Oliver has added most of our GitHub Actions. I'm sure he has an idea of where best to put the Sonar stuff.
Philip Durbin ๐ (Oct 05 2023 at 20:11):Can we put a badge or shield or whatever for Sonar in the README? That was my approach with code coverage. Put the badge there, even though the number is low. I got some pushback on this. "We can't show 4% code coverage! It's embarrassing!" But look, now we're up to 20%. Still not great but better!
Oliver Bertuch (Oct 05 2023 at 20:11):Of course we can
Oliver Bertuch (Oct 05 2023 at 20:12):
Philip Durbin ๐ (Oct 05 2023 at 20:12):very nice
Ben Companjen (Oct 05 2023 at 20:14):Great! Code analysis with Sonar has been a topic of discussion for many years, but I was never in the position to make IQSS do it :halo:
I'm very happy to see that Oliver has pushed on :muscle:
Ben Companjen (Oct 05 2023 at 20:16):Proudly show how many opportunities for improvement there are! :smiling_face:
Ben Companjen (Oct 05 2023 at 20:54):https://sonarcloud.io/project/issues?resolved=false&id=bencomp_dataverse (245 days by now :sad: )
Philip Durbin ๐ (Oct 05 2023 at 20:58):From 244 to 245? Uh oh. Wrong direction!
Ben Companjen (Oct 05 2023 at 21:03):But some issues are ready to be fixed, e.g. by https://github.com/IQSS/dataverse/pull/9977 (and my open PRs from last year's Hacktoberfest)
Philip Durbin ๐ (Oct 05 2023 at 21:08):Sure. Have you seen the Sonar column at https://github.com/orgs/IQSS/projects/34 ? Sonar is one of many columns. Each column represents various priorities.
Sakshi Jain (Oct 06 2023 at 14:32):Hi all, I'm new to the repository but I can help take care of some of the code smells. :smile:
Oliver Bertuch (Oct 06 2023 at 14:34):Hi @Sakshi Jain, welcome! Please feel free to introduce yourself at #community > hello I'm new here :smiley_cat:
Philip Durbin ๐ (Oct 06 2023 at 14:50):Hmm, as I mentioned above, there's a column about code smells (with Sonar in the name) on our backlog board at https://github.com/orgs/IQSS/projects/34 but it's currently empty. Let me ask the person who managed that board if we can add a few items.
Screenshot-2023-10-06-at-10-48-03-Dataverse_Global_Backlog-IQSS.png
Philip Durbin ๐ (Oct 06 2023 at 14:58):Please sit tight. We will try to add some code smell issues to that Sonar column.
Philip Durbin ๐ (Oct 11 2023 at 20:54):#9977 has been merged! Thanks, @Sakshi Jain ! 
Sakshi Jain (Oct 12 2023 at 05:19):Awesome! :D
Sakshi Jain (Oct 12 2023 at 05:20):I'll keep an eye on the above mentioned column for any other sonar issues that I could help out with :big_smile:
Philip Durbin ๐ (Oct 12 2023 at 11:26):@Sakshi Jain sounds good, but until then, do you have any interest in fixing an actual bug that affects users? If so, we can talk in #community > Hacktoberfest 2023 where I can explain a few open issues and help you pick one.
Philip Durbin ๐ (Oct 26 2023 at 19:42):Two new Sonar issues just added: #10052 and #10053
Dimitri Szabo (Oct 31 2023 at 09:33):Hello, quick questions about https://sonarcloud.io/project/issues?open=AYtJamHsvi-7wrXUO5SC&id=IQSS_dataverse .
Can it create issues, even with a click on a button from authorized users to avoid spamming ?
If not, should we link the sonar issues (e.g. https://sonarcloud.io/project/issues?open=AYtJalkAvi-7wrXUO5Q0&id=IQSS_dataverse) in the issues when correcting so its already well explained ?
Philip Durbin ๐ (Oct 31 2023 at 11:02):Hmm, I think both are possible but I'm not sure.
Philip Durbin ๐ (Oct 31 2023 at 11:04):One thing we want to set up is an automated Sonar check on new pull requests to prevent new code smells, etc. from being added. The issue is #9846 but it hasn't been prioritized yet.
Philip Durbin ๐ (Oct 31 2023 at 11:44):In practice I linked to SonarCloud (and took screenshots) here: use try with resources in JsonUtil #9879
Philip Durbin ๐ (Oct 31 2023 at 11:44):So, yes, it would be helpful to automate this linking.
Last updated: Nov 01 2025 at 14:11 UTC