Versions Compared

Old Version 6

changes.mady.by.user Marc Amouyal

Saved on

compared with

New Version 7

changes.mady.by.user Jason Wides

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents


SeaLights Pull Request Integration expose exposes Quality Risks to the developer , as part of the Pull Request process, to be handled early enough in the development process.
This capability helps your organization to mitigate risk by identifying Quality Risks for the developer before the Merge is done

  • Works on any Merge/Branch level
  • Ability to define if Quality Risks block the Merge

Below, a simple 3 steps plan for deployment of this functionality for your benefit.

...

displayed and handled before the code is merged into the main branch.


SeaLights GitHub App Installation

  • In order to benefit of the Pull Request Analysis,

...

  • first install the Sealight's Github App 

...

  • on your

...

  • Github organization account

...

  • from the following link

...

  • :

...

...


Please note that only users with Admin rights are allowed to install applications on a Github Account.
However, the
Note

Only an organization owner can install the app



Info

The application will not require any access to your source code

,

It only requires:

  • Read access to metadata
  • Read and write access to checks
You can allow access to all the repositories or only to a certain subset at your convenience. At least, make sure the
  • Select 'All repositories' or the specific list of repositories you want

...

  • to receive the SeaLights Pull Request Analysis on

Step 2 - Generate Build Session ID specific to the Pull Request Branch

In order to perform a Pull Request analysis, we need to generate a Build Session ID via specific parameters and using the prConfig flag instead the regular parameters.
For the success of the analysis, at least one build from the master branch has to be already scanned and analyzed via Sealights agents before the PR Build.
Depending on the way you're managing your Pull Request, we have detailed three options for you below:
  • Command Line Interface of the Java  Agent (CLI)
  • Sealights' Jenkins Plugin for Maven 
  • Integration with the Travis CI (.travis.yml)

...

Configuring the pull request job

The pull request job needs to run the SeaLights build scan and test listener for the test stages you want the analysis on.
These results will be compared to the latest build you reported to SeaLights for the branch you are merging the Pull Request to.

Pull Request parameters explanation as seen in GitHub.com

You can easily identify the relevant values to pass to the Build Scanner based on the illustration below.

Image Added


Generating a session ID

The difference between the pull request job and standard jobs is in how you create the session ID.
You create the Pull Request build session ID by using the SeaLights Java Build Scanner (See: Downloading the java agent files) with the prConfig option:


Code Block
languagebash
titleprConfig usage
java -jar sl-build-scanner.jar -prConfig {-latestCommittoken <arg> | -pullRequestNumbertokenfile <arg>} -repoUrlappname <arg> -targetBranch <arg> -token <arg> | -tokenfile latestCommit <arg> [-appnamepullRequestNumber <arg>] [-perepoUrl <arg>] [-pi <arg>] [-proxype <arg>] [-enableNoneZeroErrorCode]



Flag to indicate pull-request configuration mode
Parameter
Description
prConfig 
token
Access token generated from the SeaLights server
tokenfile
Path to file containing the access token generated from the SeaLights server
appname
The name of the app the Pull Request is being merged to (as provided to SeaLights)
targetBranchThe name of the branch the Pull Request is being merged to (as provided to SeaLights)
latestCommit
The latest commit SHA of the Pull Request branch
pullRequestNumber
The pull request numberPull Request number that is being evaluated
repoUrl 
The repository URL where pull request was created
targetBranchA branch the pull request is compared with

For additional parameters, please refer to the SeaLights Java agent - command reference page.

Retrieving Pull Request parameters from GitHub.com

You can easily identify the relevant values to pass to the Build Scanner based on the illustration below.

Image Removed

Pull Request Analysis vis Jenkins Automation Plugin for Maven

TBC

...

of the Pull Request and merged branchs 
pi, packagesincluded

Comma-separated list of packages to include in scan

Supports wildcards (* = any string, ? = any character). For example: 'com.example.* ,io.*.demo, com.?ello.world'

pe,packagesexcluded

Comma-separated list of packages to exclude from scan

Supports wildcards (* = any string, ? = any character). For example: 'com.example.* ,io.*.demo, com.?ello.world'

proxy
Address of proxy to run connection through


Info

The packages included and excluded should be exactly the same as what was defined to SeaLights for the merged branch so that the compared results will be the same

Sample of Sealights Pull Request Analysis Integration with TRAVIS-CI

According You can use the following parameters from TRAVIS-CI to be passed to the prConfig comman line: See Travis Official documentation, the TRAVIS CI Integration should use the following environment variables based on the mapping below:Sealights'  for more detail)


Sealights Parameter
Travis CI Env. Variable
Comment
latestCommitTRAVIS_PULL_REQUEST_SHA,
pullRequestNumberTRAVIS_PULL_REQUEST
repoUrl TRAVIS_REPO_SLUGYou may need to prepend the base URL of your Github repository, like "https://github.com/$TRAVIS_REPO_SLUG"
targetBranchTRAVIS_BRANCHYou may need to prepend This is the branch name itself and might need to have a prefix added (Like: "origin/") to match the branch exact matching.that was provided to SeaLights when scanning the merged branch


Code Block
languagepy
titleSample YML configuration
linenumberstrue
language: java

install:
  - wget https://agents.sealights.co/sealights-java/sealights-java-latest.zip
  - unzip sealights-java-latest.zip

before_script:
  - export SL_PR_REPO="https://www.github.com/$TRAVIS_REPO_SLUG"
  - java -jar sl-build-scanner.jar -prConfig -appname "MyApp-Master" -latestCommit $TRAVIS_PULL_REQUEST_SHA -pullRequestNumber $TRAVIS_PULL_REQUEST -repoUrl $SL_PR_REPO -targetBranch origin/$TRAVIS_BRANCH -tokenfile sl_acc_token.txt -pi "*co.sealights.sample.*" -enableNoneZeroErrorCode

script:                   # Sealights is predefined in the POM Profile under the profile 'sealights'
  - mvn clean test

...

-Psealights

Sample of Results on GitHub's Pull Request page

At the completion of the analysis, Sealights' App will appear as part of the "Checks" of your Pull Request. Result will appear similar to the one below:

...