Motivation
- Quality Risks are not handled early enough in the development process.
- Quality Risks are identified after Merge is done (too late for the developer)
- Quality Risks are not exposed in the developer’s tools
- SeaLights Pull Request Integration expose Quality Risks to the developer, as part of the Pull Request process
- Works on any Merge/Branch level
- Ability to define if Quality Risks block the Merge
Step 1 - Install GitHub App for Pull Request Analysis by Sealights
In order to benefit of the Pull Request Analysis, please install the Sealight's Github App as a prerequisite on your Organization account Github from the link below:
Please note that only users with Admin rights are allowed to install applications on a Github Account.
However, the application will not require any access to your source code, only:
However, the application will not require any access to your source code, only:
- Read access to metadata
- Read and write access to checks
You can allow access to all the repositories or only to a certain subset at your convenience. At least, make sure the repositories you want Sealights to analyze are white-listed.
Step 2 - Generate Build Session ID specific to the Pull Request Branch
In order to perform a Pull Request analysis, we need to generate a Build Session ID via specific parameters and using the prConfig flag instead the regular parameters.
For the success of the analysis, at least one build from the master branch has to be already scanned and analyzed via Sealights agents before the PR Build.
For the success of the analysis, at least one build from the master branch has to be already scanned and analyzed via Sealights agents before the PR Build.
Depending on the way you're managing your Pull Request, we have detailed three options for you below:
- Command Line Interface of the Java Agent (CLI)
- Sealights' Jenkins Plugin for Maven
- Integration with the Travis CI (.travis.yml)
PR Analysis via Default Agent usage (CLI)
prConfig usage
java -jar sl-build-scanner.jar -prConfig -latestCommit <arg> -pullRequestNumber <arg> -repoUrl <arg> -targetBranch <arg> -token <arg> | -tokenfile <arg> [-appname <arg>] [-pe <arg>] [-pi <arg>] [-proxy <arg>] [-enableNoneZeroErrorCode]
Parameter | Description |
---|---|
prConfig | Flag to indicate pull-request configuration mode |
latestCommit | The latest commit SHA |
pullRequestNumber | The pull request number |
repoUrl | The repository URL where pull request was created |
targetBranch | A branch the pull request is compared with |
For additional parameters, please refer to the SeaLights Java agent - command reference page.
Retrieving Pull Request parameters from GitHub.com
You can easily identify the relevant values to pass to the Build Scanner based on the illustration below.
PR Analysis vis Jenkins Automation Plugin for Maven
TBC
Sealights' PR Analysis Integration with TRAVIS-CI
The parameters necessary for the TRAVIS CI Integration are : TRAVIS_PULL_REQUEST, TRAVIS_REPO_SLUG, TRAVIS_PULL_REQUEST_SHA, TRAVIS_BRANCH
According to the Travis Official documentation, the TRAVIS CI Integration should use the following environment variables based on the mapping below:
Sealights' Parameter | Travis CI Env. Variable | Comment |
---|---|---|
latestCommit | TRAVIS_PULL_REQUEST_SHA, | |
pullRequestNumber | TRAVIS_PULL_REQUEST | |
repoUrl | TRAVIS_REPO_SLUG | You may need to prepend the base URL of your Github repository, like "https://github.com/$TRAVIS_REPO_SLUG" |
targetBranch | TRAVIS_BRANCH | You may need to prepend "origin/" to the branch exact matching. |
Sample YML configuration
language: java install: - wget https://agents.sealights.co/sealights-java/sealights-java-latest.zip - unzip sealights-java-latest.zip before_script: - export SL_PR_REPO="https://www.github.com/$TRAVIS_REPO_SLUG" - java -jar sl-build-scanner.jar -prConfig -appname "MyApp-Master" -latestCommit $TRAVIS_PULL_REQUEST_SHA -pullRequestNumber $TRAVIS_PULL_REQUEST -repoUrl $SL_PR_REPO -targetBranch origin/$TRAVIS_BRANCH -tokenfile sl_acc_token.txt -pi "*co.sealights.sample.*" -enableNoneZeroErrorCode script: # Sealights is predefined in the POM Profile - mvn clean test
Step 3 - View Results on GitHub's Pull Request page
At the completion of the analysis, Sealights' App will appear as part of the "Checks" of your Pull Request. Result will appear similar to the one below: