hadoop-ozone-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doroszlai, Attila" <adorosz...@apache.org>
Subject suggestions for Sonar cleanup
Date Sat, 16 Nov 2019 10:04:21 GMT
Hi all,

Thank you everyone working on cleaning up issues reported by Sonar.

I would like to propose a few ideas/practices to make things smoother.
Some of these are based on what I see most people already doing.

1. To avoid duplicate work:
 * Add a comment in Sonar with the link to Jira you filed (or found)
for issues.  I think this is the single best way to make sure others
will not waste time on the same thing.
 * Mark Sonar issue as confirmed.
 * Assign Sonar issue if possible.  I think Sonar pre-assigned lots of
issues.  Anu, Bharat, Hanisha and Vivek have the most - please confirm
if those assignments can be ignored/cleared.

2. To get the most bang for our buck:
 * Prioritize by issue type and severity.  Currently we have 28
vulnerabilities, 54 security hotspots, 130 bugs, and 2.3K code smells.
46 blocker, 263 critical, 1.1K major, 800 minor, 226 info level
severities.  I think starting at the top of both of these lists would
make sense.
 * Try to address several issues in the same Jira, grouping issues by
type, file, severity, anything that makes sense for you.  Filing a
Jira and a PR for a one-liner change is too much work for everyone
involved: assignee, reviewers, CI.
 * Feel free to address all issues you notice in the code you are
fixing, even if missed by Sonar.

3. To make progress visible:
 * Resolve issues in Sonar as "fixed" after the patch is committed.
This can be easier if the Jira links back to the Sonar issues (one by
one or using the right filter)
 * Resolve issues in Sonar as "won't fix" or "false positive" if you
have reviewed them and judge that they does not need to be fixed
(ever).  One example of false positives: Sonar seems to miss
assertions made in other methods called from test cases.

4. For ease of use:
 * Use the "Bulk Change" feature in Sonar (right above the issue list)
if applicable.
 * Sonar has a plugin (sonarlint.org) to run the same checks locally
on-the-fly in your IDE (except Vim/Emacs ;) ).

Please let me know what you think, or if you have further suggestions.

Again, thanks for the progress so far, and keep it up. :)

-Attila

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-dev-help@hadoop.apache.org


Mime
View raw message