I'm thinking of building a CI/CD pipeline with #GitHub Actions and #ArgoCD to deploy software with testing and quality assurance using #SonarQube. I pretend to study architecture again....

I don't know why it took me so long to realize I didn't really need to do anything special to update my #SonarQube instance. Before I was creating a new container for the upgrade process when I could have been doing it from the “main" container itself 🤦🏼‍♂️😅

#Docker #DockerSwarm #SysAdmin #Ubuntu #Linux #SystemsAdministrator

Mon après-midi a été passée à débugger la décoration des merge request par #Sonarqube dans #Gitlab. Mais quand ça fonctionne c'est satisfaisant.

Having recently tested #SonarQube I find my #black #isort #flake8 #mypy toolchain for #python does 98% of the code quality job, the rest being covered by code review. What do you think and what do you use ?

Finally, the #SonarQube plugin that some of my colleagues and I started to built will be developed as #OpenSource. The aim is to highlight #Java code patterns that have more energy efficient alternatives so that the #CarbonFootprint of #Software will be reduced.

https://github.com/aixigo/sonarqube-java-energyimpact-plugin

At the moment it provides only one "low hanging rule" of a research paper but it is already astonishing how much energy a #ArrayList consumes.

https://fosstodon.org/@schrieveslaach/109683343437764941

#MyGitHubStar Azure Active Directory Authentication for #SonarQube https://github.com/hkamel/sonar-auth-aad

A recent #Kotlin / #Compose #wtf was code coverage metrics.

(Before anyone starts, I don't live or die by the metric, but it is usually a decent indicator of whether bad changes will be automatically picked up by tests).

The combination of Kotlin and Compose causes problems for Jacoco (e.g. https://github.com/jacoco/jacoco/issues/1208) meaning industry-standard Java tooling like #SonarQube report low test coverage, and when you add tests the coverage figure doesn't change :(

Today, my colleagues and I were able to create a first #SonarQube plugin to recommend #EnergyEfficient #Java collection. At the moment it just contains a low hanging rule: do not use #ArrayList due to higher energy use.

Hope to release that project to the public soon. Unfortunately, my time budget at work is pretty low...

My @neovim plugin sonarlint.nvim provides #Java diagnostics via #SonarQube's #sonarlint for the first time (still experimental though).

Thanks to @mathias's nvim-jdtls that was quick to develop in #Neovim.

https://gitlab.com/schrieveslaach/sonarlint.nvim

Happy to see another talk about #sustainability at @JavaLandConf. Last year's talk inspired me to do this: https://fosstodon.org/@schrieveslaach/109683343437764941

Still working on a #Sonarqube plugin that helps #Java devs to write more energy efficient code.

RT @DotNetCodeIT
SonarQube is an open-source tool that helps developers continuously inspect the code quality of their projects. It provides code analysis, code coverage, and code duplication detection, along with…
https://medium.com/c-sharp-progarmming/sonarqube-analysis-via-docker-image-fbb664453d86

#Docker #Sonarqube #Code #Analysis

Yippee! My PR https://github.com/SonarSource/sonarlint-language-server/pull/187 got merged and with the next release #SonarLint provides a stdio channel so it can be used in @Neovim out of the box. I'll continue to make #SonarQube lints available in #Neovim.

I've tried #sonarcloud for my pyp-boy repository. It's a nicely simplified #sonarqube interface but the added value is still present with the hints and how-to fix helps.

Fixed all issues in a couple of minutes, yeay \o/

@hankg We use #Azure Pipelines. We like the fact that we can use our own build machines to speed up build times. Those are set up preinstalled #flutter tools to allow code coverage and #SonarQube analysis. We also enjoy the fact that contributors are authenticated through Azure AD. Finally, we can write all the scripts that we want wether it is in shell, powershell, node etc… It’s definitely more suited for big companies and this is what we are :-)

Configuring #SonarQube is a full time job 🥹

@ansible #docker #SonarQube I've written up some information about setting up SonarQube+Docker+PostgreSQL via Ansible https://blog.soebes.io/posts/2023/01/2023-01-21-ansible-sonarqube-setup/

Are you using #SonarQube?

Read this and be safe: https://www.legitsecurity.com/blog/exposing-secrets-via-sdlc-tools-the-sonarqube-case

After 3.5 years working as Platform Engineer at empathy.co I think it’s time to face a new challenge. If you know a remote job position opened that fits my small knowledge, please let me know! 🙏🏽❤️

I have a DevOps background with some expertise in #kubernetes #terraform #aws #gcp #argocd #nodejs #elasticsearch #backstage #atlantis #prometheus #grafana #k6 #kibana #sonarqube #nexus #jenkins #githubactions #helm and more.

I’m not in a hurry, I just want to find the best place for my new adventure.

There it was, the first time when #SonarQube detected `X is already declared in the upper scope` and it was of any use.

First time X was the same as the one from upper scope, so I could use it directly.

In all other cases it was just the name that was the same, but different content. And the name was short and correct.

#dev #codeanalysis #qualitygate

Lets see step by step how to install locally or in production SonarQube so that you can check your code for vulnerabilities, performance and maintainability #java #codequality #security #code #sonarqube #softwaredevelopment #softwarearchitecture #softwarearchitect https://jee.gr/how-to-install-locally-or-in-production-sonarqube-to-check-your-code-for-vulnerabilities-performance-and-maintainability/