SeaLights Pull Request Integration exposes Quality Risks to the developer as part of the Pull Request process, to be displayed and handled before the code is merged into the main branch.
SeaLights GitHub App Installation
- In order to benefit of the Pull Request Analysis, first install the Sealight's Github App on your Github organization account from the following link: https://github.com/apps/sealights-pull-request-analysis
Only an organization owner can install the app
The application will not require any access to your source code
It only requires:
- Read access to metadata
- Read and write access to checks
- Select 'All repositories' or the specific list of repositories you want to receive the SeaLights Pull Request Analysis on
Configuring the pull request job
The pull request job needs to run the SeaLights build scan and test listener for the test stages you want the analysis on.
These results will be compared to the latest build you reported to SeaLights for the branch you are merging the Pull Request to.
The difference between the pull request job and standard jobs is in how the session ID is created using Pull Request specific parameters.
Generating a session ID
You create the Pull Request build session ID by using the SeaLights Java Build Scanner (See: Downloading the java agent files) with the prConfig option:
java -jar sl-build-scanner.jar -prConfig {-token <arg> | -tokenfile <arg>} -appname <arg> -targetBranch <arg> -latestCommit <arg> -pullRequestNumber <arg> -repoUrl <arg> [-pi <arg>] [-pe <arg>]
Parameter | Description |
---|---|
token | Access token generated from the SeaLights server |
tokenfile | Path to file containing the access token generated from the SeaLights server |
appname | The name of the app the Pull Request is being merged to (as provided to SeaLights) |
targetBranch | The name of the branch the Pull Request is being merged to (as provided to SeaLights) |
latestCommit | The latest commit SHA of the Pull Request branch |
pullRequestNumber | The Pull Request number that is being evaluated |
repoUrl | The repository URL of the Pull Request and merged branchs |
pi, packagesincluded | Comma-separated list of packages to include in scan Supports wildcards (* = any string, ? = any character). For example: 'com.example.* ,io.*.demo, com.?ello.world' |
pe,packagesexcluded | Comma-separated list of packages to exclude from scan Supports wildcards (* = any string, ? = any character). For example: 'com.example.* ,io.*.demo, com.?ello.world' |
proxy | Address of proxy to run connection through |
The packages included and excluded should be exactly the same as what was defined to SeaLights for the merged branch so that the compared results will be the same
Pull Request parameters explanation as seen in GitHub.com
You can easily identify the relevant values to pass to the Build Scanner based on the illustration below.
Sample of Sealights Pull Request Analysis Integration with TRAVIS-CI
Sealights PR Parameter | Travis CI Env. Variable | Comment |
---|---|---|
pullRequestNumber | TRAVIS_PULL_REQUEST | |
latestCommit | TRAVIS_PULL_REQUEST_SHA | |
repoUrl | TRAVIS_REPO_SLUG | You may need to prepend the base URL of your Github repository, like "https://github.com/$TRAVIS_REPO_SLUG" |
targetBranch | TRAVIS_BRANCH | This is the branch name itself and might need to have a prefix added (Like: "origin/") to match the branch that was provided to SeaLights when scanning the merged branch |
language: java install: - wget -nv https://agents.sealights.co/sealights-java/sealights-java-latest.zip - unzip sealights-java-latest.zip before_script: - export SL_PR_REPO="https://www.github.com/$TRAVIS_REPO_SLUG" - java -jar sl-build-scanner.jar -prConfig -appname "MyApp-Master" -latestCommit $TRAVIS_PULL_REQUEST_SHA -pullRequestNumber $TRAVIS_PULL_REQUEST -repoUrl $SL_PR_REPO -targetBranch origin/$TRAVIS_BRANCH -tokenfile sl_acc_token.txt -pi "*co.sealights.sample.*" script: # Sealights is predefined in the POM Profile under the profile 'sealights' - mvn clean test -Psealights
Sample of Results on GitHub's Pull Request page
At the completion of the analysis, Sealights' App will appear as part of the "Checks" of your Pull Request. Result will appear similar to the one below: