如何只分析新添加的代码行?
How to analyse only new added lines of code?
我想在我的项目中使用 SonarQube。该项目很大,扫描整个文件需要很多时间。是否可以仅扫描上次提交中更改的文件,并仅根据更改的代码行提供报告?
我想检查添加或修改的行是否使项目质量最差,我不关心旧代码。
例如,如果 A 人创建了一个有 9 个错误的文件,然后提交了更改 - 报告和质量门应该显示 9 个错误。然后 B 编辑同一个文件,添加几行包含 2 个额外的错误,然后提交更改 - 报告应该显示最后的 2 个错误,并且应该在最后的更改上执行质量门(所以应该考虑最后的 2 个错误)
我能够将扫描范围缩小到仅在上次提交中更改的文件 - 但报告是基于整个文件生成的。我有一个想法,只剪切更改的代码行,将它们粘贴到新文件,然后 运行 对文件进行声纳扫描 - 但我几乎可以肯定 SonarQube 需要文件的整个上下文。
是否有可能以某种方式实现我的用例?
不,不可能。我看到了很多类似的问题。以下是其中两个的答案:
G Ann Campbell:
Analysis will always include all code. Why? Why take the time to
analyze all of it when only a file or two has been changed? Because
any given change can have far-reaching effects. I’ll give you two
examples:
I check in a change that deprecates a much-used method. Suddenly,
issues about the use of deprecated code should be raised all over the
project, but because I only analyzed that one file, no new issues were
raised.
I modify a much-used method to return null in some cases. Suddenly all
the methods that dereference the returned value without first
null-checking it are at risk of NullPointerExceptions. But only the
one file that I changed was analyzed, so none of those “Possible NPE”
issues are raised. Worse, they won’t be raised until after each
individual file happens to be touched.
And that’s why all files are included in each analysis.
I want sonar analysis on newly checkin code:
G Ann Campbell:
First, the SonarQube interface and default Quality Gate are designed to help you focus
on the New Code Period. You can’t keep analysis from picking up those
old issues, but you can decide to only pay attention to issues raised
on newly-changed code. That means you would essentially ignore the
issues on the left side of the project homepage with a white
background and focus instead on the New Code values over the yellow
background on the right. We call this Fixing the Leak, or
alternately Clean as You Code.
Second, if you have a commercial edition, then branch and PR analysis
are available to you. With Short-Lived Branch (SLB) and PR analysis
still covers all files, but all that’s reported in the UI is what’s
changed in the PR / SLB.
Ideally, you’ll combine both of these things to make sure your new
code stays clean.
在这件事上的立场在过去几年没有改变,所以不要指望它会改变。
我想在我的项目中使用 SonarQube。该项目很大,扫描整个文件需要很多时间。是否可以仅扫描上次提交中更改的文件,并仅根据更改的代码行提供报告? 我想检查添加或修改的行是否使项目质量最差,我不关心旧代码。
例如,如果 A 人创建了一个有 9 个错误的文件,然后提交了更改 - 报告和质量门应该显示 9 个错误。然后 B 编辑同一个文件,添加几行包含 2 个额外的错误,然后提交更改 - 报告应该显示最后的 2 个错误,并且应该在最后的更改上执行质量门(所以应该考虑最后的 2 个错误)
我能够将扫描范围缩小到仅在上次提交中更改的文件 - 但报告是基于整个文件生成的。我有一个想法,只剪切更改的代码行,将它们粘贴到新文件,然后 运行 对文件进行声纳扫描 - 但我几乎可以肯定 SonarQube 需要文件的整个上下文。
是否有可能以某种方式实现我的用例?
不,不可能。我看到了很多类似的问题。以下是其中两个的答案:
G Ann Campbell:
Analysis will always include all code. Why? Why take the time to analyze all of it when only a file or two has been changed? Because any given change can have far-reaching effects. I’ll give you two examples:
I check in a change that deprecates a much-used method. Suddenly, issues about the use of deprecated code should be raised all over the project, but because I only analyzed that one file, no new issues were raised.
I modify a much-used method to return null in some cases. Suddenly all the methods that dereference the returned value without first null-checking it are at risk of NullPointerExceptions. But only the one file that I changed was analyzed, so none of those “Possible NPE” issues are raised. Worse, they won’t be raised until after each individual file happens to be touched.
And that’s why all files are included in each analysis.
I want sonar analysis on newly checkin code:
G Ann Campbell:
First, the SonarQube interface and default Quality Gate are designed to help you focus on the New Code Period. You can’t keep analysis from picking up those old issues, but you can decide to only pay attention to issues raised on newly-changed code. That means you would essentially ignore the issues on the left side of the project homepage with a white background and focus instead on the New Code values over the yellow background on the right. We call this Fixing the Leak, or alternately Clean as You Code.
Second, if you have a commercial edition, then branch and PR analysis are available to you. With Short-Lived Branch (SLB) and PR analysis still covers all files, but all that’s reported in the UI is what’s changed in the PR / SLB.
Ideally, you’ll combine both of these things to make sure your new code stays clean.
在这件事上的立场在过去几年没有改变,所以不要指望它会改变。