Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Motivation

  • Quality Risks are not handled early enough in the development process.
    • Quality Risks are identified after Merge is done (too late for the developer)
    • Quality Risks are not exposed in the developer’s tools
  • SeaLights Pull Request Integration expose Quality Risks to the developer, as part of the Pull Request process
    • Works on any Merge/Branch level
    • Ability to define if Quality Risks block the Merge

Step 1 - Install GitHub App for Pull Request Analysis by Sealights 

In order to benefit of the Pull Request Analysis, please install the Sealight's Github App as a prerequisite on your Organization account Github from the link below:
Please note that only users with Admin rights are allowed to install applications on a Github Account.
However, the application will not require any access to your source code, only:
  • Read access to metadata
  • Read and write access to checks

You can allow access to all the repositories or only to a certain subset at your convenience. At least, make sure the repositories you want Sealights to analyze are white-listed.

Step 2 - Generate Build Session ID specific to the Pull Request Branch

In order to perform a Pull Request analysis, we need to generate a Build Session ID via specific parameters and using the prConfig flag instead the regular parameters.
For the success of the analysis, at least one build from the master branch has to be already scanned and analyzed via Sealights agents before the PR Build.
Depending on the way you're managing your Pull Request, we have detailed three options for you below:
  • Command Line Interface of the Java  Agent (CLI)
  • Sealights' Jenkins Plugin for Maven 
  • Integration with the Travis CI (.travis.yml)

PR Analysis via Default Agent usage (CLI)

prConfig usage
java -jar sl-build-scanner.jar -prConfig -latestCommit <arg> -pullRequestNumber <arg> -repoUrl <arg> -targetBranch <arg> -token <arg> | -tokenfile <arg> [-appname <arg>] [-pe <arg>] [-pi <arg>] [-proxy <arg>] [-enableNoneZeroErrorCode]
Parameter
Description
prConfig Flag to indicate pull-request configuration mode
latestCommitThe latest commit SHA
pullRequestNumberThe pull request number
repoUrl The repository URL where pull request was created
targetBranchA branch the pull request is compared with

For additional parameters, please refer to the SeaLights Java agent - command reference page.

Retrieving Pull Request parameters from GitHub.com

You can easily identify the relevant values to pass to the Build Scanner based on the illustration below.


PR Analysis vis Jenkins Automation Plugin for Maven

TBC

Sealights' PR Analysis Integration with TRAVIS-CI

The parameters necessary for the TRAVIS CI Integration are : TRAVIS_PULL_REQUEST, TRAVIS_REPO_SLUG, TRAVIS_PULL_REQUEST_SHA, TRAVIS_BRANCH
According to the Travis Official documentation, the TRAVIS CI Integration should use the following environment variables based on the mapping below:
Sealights' Parameter
Travis CI Env. Variable
Comment
latestCommitTRAVIS_PULL_REQUEST_SHA,
pullRequestNumberTRAVIS_PULL_REQUEST
repoUrl TRAVIS_REPO_SLUGYou may need to prepend the base URL of your Github repository, like "https://github.com/$TRAVIS_REPO_SLUG"
targetBranchTRAVIS_BRANCHYou may need to prepend "origin/" to the branch exact matching.
Sample YML configuration
language: java

install:
  - wget https://agents.sealights.co/sealights-java/sealights-java-latest.zip
  - unzip sealights-java-latest.zip

before_script:
  - export SL_PR_REPO="https://www.github.com/$TRAVIS_REPO_SLUG"
  - java -jar sl-build-scanner.jar -prConfig -appname "MyApp-Master" -latestCommit $TRAVIS_PULL_REQUEST_SHA -pullRequestNumber $TRAVIS_PULL_REQUEST -repoUrl $SL_PR_REPO -targetBranch origin/$TRAVIS_BRANCH -tokenfile sl_acc_token.txt -pi "*co.sealights.sample.*" -enableNoneZeroErrorCode

script:                   # Sealights is predefined in the POM Profile
  - mvn clean test  

Step 3 - View Results on GitHub's Pull Request page

At the completion of the analysis, Sealights' App will appear as part of the "Checks" of your Pull Request. Result will appear similar to the one below:

  • No labels