|
12
|
Hello folks,
Recently, I stumbled across this code analysis tool https://lgtm.com/ and
is free for open source integration. It looks pretty good based on the
analysis results it gave for camel (
https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
neglected). However, I was wondering, does it make sense to enable it on
PRs? For me personally, it could help to some extent to catch potential
bugs that hard to spot by the human eye.
Regards,
Omar
|
|
My personal opinion about these tools is the same of the security scanners: I really don't like them :-)
--
Andrea Cosentino
----------------------------------
Apache Camel PMC Chair
Apache Karaf Committer
Apache Servicemix PMC Member
Email: [hidden email]
Twitter: @oscerd2
Github: oscerd
On Tuesday, December 17, 2019, 4:17:16 PM GMT+1, Omar Al-Safi < [hidden email]> wrote:
Hello folks,
Recently, I stumbled across this code analysis tool https://lgtm.com/ and
is free for open source integration. It looks pretty good based on the
analysis results it gave for camel (
https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
neglected). However, I was wondering, does it make sense to enable it on
PRs? For me personally, it could help to some extent to catch potential
bugs that hard to spot by the human eye.
Regards,
Omar
|
|
Well I was pretty skeptical about it. But by looking at the list, it looks
to me pretty good actually :).
On Tue, Dec 17, 2019 at 4:34 PM Andrea Cosentino
< [hidden email]> wrote:
> My personal opinion about these tools is the same of the security
> scanners: I really don't like them :-)
>
> --
> Andrea Cosentino
> ----------------------------------
> Apache Camel PMC Chair
> Apache Karaf Committer
> Apache Servicemix PMC Member
> Email: [hidden email]
> Twitter: @oscerd2
> Github: oscerd
>
>
>
>
>
>
> On Tuesday, December 17, 2019, 4:17:16 PM GMT+1, Omar Al-Safi <
> [hidden email]> wrote:
>
>
>
>
>
> Hello folks,
>
> Recently, I stumbled across this code analysis tool https://lgtm.com/ and
> is free for open source integration. It looks pretty good based on the
> analysis results it gave for camel (
> https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> neglected). However, I was wondering, does it make sense to enable it on
> PRs? For me personally, it could help to some extent to catch potential
> bugs that hard to spot by the human eye.
>
> Regards,
> Omar
>
|
|
Hi Omar,
if it's in a profile, why not, but I don't like such tool "forced" in
the default build.
Regards
JB
On 17/12/2019 16:17, Omar Al-Safi wrote:
> Hello folks,
>
> Recently, I stumbled across this code analysis tool https://lgtm.com/ and
> is free for open source integration. It looks pretty good based on the
> analysis results it gave for camel (
> https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> neglected). However, I was wondering, does it make sense to enable it on
> PRs? For me personally, it could help to some extent to catch potential
> bugs that hard to spot by the human eye.
>
> Regards,
> Omar
>
--
Jean-Baptiste Onofré
[hidden email]
http://blog.nanthrax.netTalend - http://www.talend.com
|
|
Agreed, we can easily create a profile for that.
In addition, we should quickly review them because some of the alerts are
actual bugs, like the second one at least.
We can filter the ones that coud be investigated:
https://lgtm.com/projects/g/apache/camel/alerts/?sort=name&dir=ASC&mode=list&tag=correctness%2Clogic%2CreliabilityLe mer. 18 déc. 2019 à 07:58, Jean-Baptiste Onofré < [hidden email]> a
écrit :
> Hi Omar,
>
> if it's in a profile, why not, but I don't like such tool "forced" in
> the default build.
>
> Regards
> JB
>
> On 17/12/2019 16:17, Omar Al-Safi wrote:
> > Hello folks,
> >
> > Recently, I stumbled across this code analysis tool https://lgtm.com/> and
> > is free for open source integration. It looks pretty good based on the
> > analysis results it gave for camel (
> > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > neglected). However, I was wondering, does it make sense to enable it on
> > PRs? For me personally, it could help to some extent to catch potential
> > bugs that hard to spot by the human eye.
> >
> > Regards,
> > Omar
> >
>
> --
> Jean-Baptiste Onofré
> [hidden email]
> http://blog.nanthrax.net> Talend - http://www.talend.com>
--
------------------------
Guillaume Nodet
|
|
You mean as a maven profile? If that is what you mean, sounds to me a good
idea as we did for the checkstyle. However I don't think it will be
possible with that tool since they do the analysis as service. Perhaps we
can look for another tool that we can integrate into maven.
Indeed, I will look at some of them today and tomorrow and commit the
fixes.
On Wed, Dec 18, 2019, 08:55 Guillaume Nodet < [hidden email]> wrote:
> Agreed, we can easily create a profile for that.
> In addition, we should quickly review them because some of the alerts are
> actual bugs, like the second one at least.
> We can filter the ones that coud be investigated:
>
>
> https://lgtm.com/projects/g/apache/camel/alerts/?sort=name&dir=ASC&mode=list&tag=correctness%2Clogic%2Creliability>
> Le mer. 18 déc. 2019 à 07:58, Jean-Baptiste Onofré < [hidden email]> a
> écrit :
>
> > Hi Omar,
> >
> > if it's in a profile, why not, but I don't like such tool "forced" in
> > the default build.
> >
> > Regards
> > JB
> >
> > On 17/12/2019 16:17, Omar Al-Safi wrote:
> > > Hello folks,
> > >
> > > Recently, I stumbled across this code analysis tool https://lgtm.com/> > and
> > > is free for open source integration. It looks pretty good based on the
> > > analysis results it gave for camel (
> > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> be
> > > neglected). However, I was wondering, does it make sense to enable it
> on
> > > PRs? For me personally, it could help to some extent to catch potential
> > > bugs that hard to spot by the human eye.
> > >
> > > Regards,
> > > Omar
> > >
> >
> > --
> > Jean-Baptiste Onofré
> > [hidden email]
> > http://blog.nanthrax.net> > Talend - http://www.talend.com> >
>
>
> --
> ------------------------
> Guillaume Nodet
>
|
|
Hi
Yeah this tools seems at first sight much improved over other tools we
have seen in the past, that gives a lot of false positives and noises.
On Wed, Dec 18, 2019 at 8:55 AM Guillaume Nodet < [hidden email]> wrote:
>
> Agreed, we can easily create a profile for that.
> In addition, we should quickly review them because some of the alerts are
> actual bugs, like the second one at least.
> We can filter the ones that coud be investigated:
>
> https://lgtm.com/projects/g/apache/camel/alerts/?sort=name&dir=ASC&mode=list&tag=correctness%2Clogic%2Creliability>
> Le mer. 18 déc. 2019 à 07:58, Jean-Baptiste Onofré < [hidden email]> a
> écrit :
>
> > Hi Omar,
> >
> > if it's in a profile, why not, but I don't like such tool "forced" in
> > the default build.
> >
> > Regards
> > JB
> >
> > On 17/12/2019 16:17, Omar Al-Safi wrote:
> > > Hello folks,
> > >
> > > Recently, I stumbled across this code analysis tool https://lgtm.com/> > and
> > > is free for open source integration. It looks pretty good based on the
> > > analysis results it gave for camel (
> > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > > neglected). However, I was wondering, does it make sense to enable it on
> > > PRs? For me personally, it could help to some extent to catch potential
> > > bugs that hard to spot by the human eye.
> > >
> > > Regards,
> > > Omar
> > >
> >
> > --
> > Jean-Baptiste Onofré
> > [hidden email]
> > http://blog.nanthrax.net> > Talend - http://www.talend.com> >
>
>
> --
> ------------------------
> Guillaume Nodet
--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
|
|
On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]> wrote:
>
> Hello folks,
>
> Recently, I stumbled across this code analysis tool https://lgtm.com/ and
> is free for open source integration. It looks pretty good based on the
> analysis results it gave for camel (
> https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> neglected). However, I was wondering, does it make sense to enable it on
> PRs? For me personally, it could help to some extent to catch potential
> bugs that hard to spot by the human eye.
>
For PRs then can it be limited to only the code from the PR?
The Camel code base is still massive and I dont want to have some slow
process for PRs
Instead of the tool just runs a general report once a week/month etc
then we can take a look at it from time to time.
> Regards,
> Omar
--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
|
|
That honestly I don't know about. We can give a try for one PR and see how
long it takes. If it takes some time, we just switch it off and rely on the
report it generates daily. We can also configure the type of code analysis
which can only limit to what we see that could help.
On Wed, Dec 18, 2019, 09:15 Claus Ibsen < [hidden email]> wrote:
> On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]> wrote:
> >
> > Hello folks,
> >
> > Recently, I stumbled across this code analysis tool https://lgtm.com/> and
> > is free for open source integration. It looks pretty good based on the
> > analysis results it gave for camel (
> > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > neglected). However, I was wondering, does it make sense to enable it on
> > PRs? For me personally, it could help to some extent to catch potential
> > bugs that hard to spot by the human eye.
> >
>
> For PRs then can it be limited to only the code from the PR?
> The Camel code base is still massive and I dont want to have some slow
> process for PRs
>
> Instead of the tool just runs a general report once a week/month etc
> then we can take a look at it from time to time.
>
>
> > Regards,
> > Omar
>
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2>
|
|
Do they require access to the github repo? In that case I do believe Infra
won't allow us to use it.
Il giorno mer 18 dic 2019 alle ore 09:22 Omar Al-Safi < [hidden email]> ha
scritto:
> That honestly I don't know about. We can give a try for one PR and see how
> long it takes. If it takes some time, we just switch it off and rely on the
> report it generates daily. We can also configure the type of code analysis
> which can only limit to what we see that could help.
>
> On Wed, Dec 18, 2019, 09:15 Claus Ibsen < [hidden email]> wrote:
>
> > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]> wrote:
> > >
> > > Hello folks,
> > >
> > > Recently, I stumbled across this code analysis tool https://lgtm.com/> > and
> > > is free for open source integration. It looks pretty good based on the
> > > analysis results it gave for camel (
> > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> be
> > > neglected). However, I was wondering, does it make sense to enable it
> on
> > > PRs? For me personally, it could help to some extent to catch potential
> > > bugs that hard to spot by the human eye.
> > >
> >
> > For PRs then can it be limited to only the code from the PR?
> > The Camel code base is still massive and I dont want to have some slow
> > process for PRs
> >
> > Instead of the tool just runs a general report once a week/month etc
> > then we can take a look at it from time to time.
> >
> >
> > > Regards,
> > > Omar
> >
> >
> >
> > --
> > Claus Ibsen
> > -----------------
> > http://davsclaus.com @davsclaus
> > Camel in Action 2: https://www.manning.com/ibsen2> >
>
|
|
On Wed, Dec 18, 2019 at 9:25 AM Andrea Cosentino < [hidden email]> wrote:
> Do they require access to the github repo? In that case I do believe Infra
> won't allow us to use it.
>
>
Was actually thinking about the same thing, here what they do require:
https://lgtm.com/help/lgtm/github-apps-integration> Il giorno mer 18 dic 2019 alle ore 09:22 Omar Al-Safi < [hidden email]>
> ha
> scritto:
>
> > That honestly I don't know about. We can give a try for one PR and see
> how
> > long it takes. If it takes some time, we just switch it off and rely on
> the
> > report it generates daily. We can also configure the type of code
> analysis
> > which can only limit to what we see that could help.
> >
> > On Wed, Dec 18, 2019, 09:15 Claus Ibsen < [hidden email]> wrote:
> >
> > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]>
> wrote:
> > > >
> > > > Hello folks,
> > > >
> > > > Recently, I stumbled across this code analysis tool
> https://lgtm.com/> > > and
> > > > is free for open source integration. It looks pretty good based on
> the
> > > > analysis results it gave for camel (
> > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> > be
> > > > neglected). However, I was wondering, does it make sense to enable it
> > on
> > > > PRs? For me personally, it could help to some extent to catch
> potential
> > > > bugs that hard to spot by the human eye.
> > > >
> > >
> > > For PRs then can it be limited to only the code from the PR?
> > > The Camel code base is still massive and I dont want to have some slow
> > > process for PRs
> > >
> > > Instead of the tool just runs a general report once a week/month etc
> > > then we can take a look at it from time to time.
> > >
> > >
> > > > Regards,
> > > > Omar
> > >
> > >
> > >
> > > --
> > > Claus Ibsen
> > > -----------------
> > > http://davsclaus.com @davsclaus
> > > Camel in Action 2: https://www.manning.com/ibsen2> > >
> >
>
|
|
It looks infra allows it due to lgtm new integration
https://issues.apache.org/jira/browse/INFRA-17226?focusedCommentId=16864457&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16864457On Wed, Dec 18, 2019 at 9:38 AM Luca Burgazzoli < [hidden email]>
wrote:
> On Wed, Dec 18, 2019 at 9:25 AM Andrea Cosentino < [hidden email]>
> wrote:
>
> > Do they require access to the github repo? In that case I do believe
> Infra
> > won't allow us to use it.
> >
> >
> Was actually thinking about the same thing, here what they do require:
> https://lgtm.com/help/lgtm/github-apps-integration>
>
> > Il giorno mer 18 dic 2019 alle ore 09:22 Omar Al-Safi < [hidden email]>
> > ha
> > scritto:
> >
> > > That honestly I don't know about. We can give a try for one PR and see
> > how
> > > long it takes. If it takes some time, we just switch it off and rely on
> > the
> > > report it generates daily. We can also configure the type of code
> > analysis
> > > which can only limit to what we see that could help.
> > >
> > > On Wed, Dec 18, 2019, 09:15 Claus Ibsen < [hidden email]> wrote:
> > >
> > > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]>
> > wrote:
> > > > >
> > > > > Hello folks,
> > > > >
> > > > > Recently, I stumbled across this code analysis tool
> > https://lgtm.com/> > > > and
> > > > > is free for open source integration. It looks pretty good based on
> > the
> > > > > analysis results it gave for camel (
> > > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it
> can
> > > be
> > > > > neglected). However, I was wondering, does it make sense to enable
> it
> > > on
> > > > > PRs? For me personally, it could help to some extent to catch
> > potential
> > > > > bugs that hard to spot by the human eye.
> > > > >
> > > >
> > > > For PRs then can it be limited to only the code from the PR?
> > > > The Camel code base is still massive and I dont want to have some
> slow
> > > > process for PRs
> > > >
> > > > Instead of the tool just runs a general report once a week/month etc
> > > > then we can take a look at it from time to time.
> > > >
> > > >
> > > > > Regards,
> > > > > Omar
> > > >
> > > >
> > > >
> > > > --
> > > > Claus Ibsen
> > > > -----------------
> > > > http://davsclaus.com @davsclaus
> > > > Camel in Action 2: https://www.manning.com/ibsen2> > > >
> > >
> >
>
|
|
Simpler way, we can just add a badge to the readme file (
https://lgtm.com/help/lgtm/adding-badges-to-project-readme-files), so from
time to time we can take a look at the reports instead of having for every
PR.
On Wed, Dec 18, 2019 at 9:45 AM Omar Al-Safi < [hidden email]> wrote:
> It looks infra allows it due to lgtm new integration
> https://issues.apache.org/jira/browse/INFRA-17226?focusedCommentId=16864457&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16864457>
>
> On Wed, Dec 18, 2019 at 9:38 AM Luca Burgazzoli < [hidden email]>
> wrote:
>
>> On Wed, Dec 18, 2019 at 9:25 AM Andrea Cosentino < [hidden email]>
>> wrote:
>>
>> > Do they require access to the github repo? In that case I do believe
>> Infra
>> > won't allow us to use it.
>> >
>> >
>> Was actually thinking about the same thing, here what they do require:
>> https://lgtm.com/help/lgtm/github-apps-integration>>
>>
>> > Il giorno mer 18 dic 2019 alle ore 09:22 Omar Al-Safi < [hidden email]
>> >
>> > ha
>> > scritto:
>> >
>> > > That honestly I don't know about. We can give a try for one PR and see
>> > how
>> > > long it takes. If it takes some time, we just switch it off and rely
>> on
>> > the
>> > > report it generates daily. We can also configure the type of code
>> > analysis
>> > > which can only limit to what we see that could help.
>> > >
>> > > On Wed, Dec 18, 2019, 09:15 Claus Ibsen < [hidden email]>
>> wrote:
>> > >
>> > > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]>
>> > wrote:
>> > > > >
>> > > > > Hello folks,
>> > > > >
>> > > > > Recently, I stumbled across this code analysis tool
>> > https://lgtm.com/>> > > > and
>> > > > > is free for open source integration. It looks pretty good based on
>> > the
>> > > > > analysis results it gave for camel (
>> > > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it
>> can
>> > > be
>> > > > > neglected). However, I was wondering, does it make sense to
>> enable it
>> > > on
>> > > > > PRs? For me personally, it could help to some extent to catch
>> > potential
>> > > > > bugs that hard to spot by the human eye.
>> > > > >
>> > > >
>> > > > For PRs then can it be limited to only the code from the PR?
>> > > > The Camel code base is still massive and I dont want to have some
>> slow
>> > > > process for PRs
>> > > >
>> > > > Instead of the tool just runs a general report once a week/month etc
>> > > > then we can take a look at it from time to time.
>> > > >
>> > > >
>> > > > > Regards,
>> > > > > Omar
>> > > >
>> > > >
>> > > >
>> > > > --
>> > > > Claus Ibsen
>> > > > -----------------
>> > > > http://davsclaus.com @davsclaus
>> > > > Camel in Action 2: https://www.manning.com/ibsen2>> > > >
>> > >
>> >
>>
>
|
|
Le mer. 18 déc. 2019 à 09:15, Claus Ibsen < [hidden email]> a écrit :
> On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]> wrote:
> >
> > Hello folks,
> >
> > Recently, I stumbled across this code analysis tool https://lgtm.com/> and
> > is free for open source integration. It looks pretty good based on the
> > analysis results it gave for camel (
> > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > neglected). However, I was wondering, does it make sense to enable it on
> > PRs? For me personally, it could help to some extent to catch potential
> > bugs that hard to spot by the human eye.
> >
>
> For PRs then can it be limited to only the code from the PR?
> The Camel code base is still massive and I dont want to have some slow
> process for PRs
>
Right, if that's limited to the code modified by the PR, that could be a
good thing to add the check.
Else, we'd have to wait until the current problems are actually solved
before enabling it on PRs.
Guillaume
> Instead of the tool just runs a general report once a week/month etc
> then we can take a look at it from time to time.
>
>
> > Regards,
> > Omar
>
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2>
--
------------------------
Guillaume Nodet
|
|
I have already addressed most of the errors reported and some of the
warnings, I will wait for the next report to be generated and look if we
still need to fix.
I am going to ask INFRA to enable it and test it and see its scope since I
have no idea about but when I was looking at
https://lgtm.com/projects/g/apache/incubator-druid/ci/, it looks it only
checks the PR content which is a good thing for us.
On Wed, Dec 18, 2019 at 1:45 PM Guillaume Nodet < [hidden email]> wrote:
> Le mer. 18 déc. 2019 à 09:15, Claus Ibsen < [hidden email]> a écrit
> :
>
> > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]> wrote:
> > >
> > > Hello folks,
> > >
> > > Recently, I stumbled across this code analysis tool https://lgtm.com/> > and
> > > is free for open source integration. It looks pretty good based on the
> > > analysis results it gave for camel (
> > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> be
> > > neglected). However, I was wondering, does it make sense to enable it
> on
> > > PRs? For me personally, it could help to some extent to catch potential
> > > bugs that hard to spot by the human eye.
> > >
> >
> > For PRs then can it be limited to only the code from the PR?
> > The Camel code base is still massive and I dont want to have some slow
> > process for PRs
> >
>
> Right, if that's limited to the code modified by the PR, that could be a
> good thing to add the check.
> Else, we'd have to wait until the current problems are actually solved
> before enabling it on PRs.
>
> Guillaume
>
>
> > Instead of the tool just runs a general report once a week/month etc
> > then we can take a look at it from time to time.
> >
> >
> > > Regards,
> > > Omar
> >
> >
> >
> > --
> > Claus Ibsen
> > -----------------
> > http://davsclaus.com @davsclaus
> > Camel in Action 2: https://www.manning.com/ibsen2> >
>
>
> --
> ------------------------
> Guillaume Nodet
>
|
|
Sorry to resume this old-ish conversation,
do you still see value in having LGTM running on each PR?
it takes A LOT of time and it seems reports are seldom taken into account
in regards to merging/not merging a PR.
On top of that is seems there are 300 error/warning in the findings not
addressed...
Wouldn't it be better to disable it and just run it on a one-off basis?
Regards,
Andrea.
On Wed, Dec 18, 2019 at 3:32 PM Omar Al-Safi < [hidden email]> wrote:
> I have already addressed most of the errors reported and some of the
> warnings, I will wait for the next report to be generated and look if we
> still need to fix.
> I am going to ask INFRA to enable it and test it and see its scope since I
> have no idea about but when I was looking at
> https://lgtm.com/projects/g/apache/incubator-druid/ci/, it looks it only
> checks the PR content which is a good thing for us.
>
> On Wed, Dec 18, 2019 at 1:45 PM Guillaume Nodet < [hidden email]> wrote:
>
> > Le mer. 18 déc. 2019 à 09:15, Claus Ibsen < [hidden email]> a
> écrit
> > :
> >
> > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]>
> wrote:
> > > >
> > > > Hello folks,
> > > >
> > > > Recently, I stumbled across this code analysis tool
> https://lgtm.com/> > > and
> > > > is free for open source integration. It looks pretty good based on
> the
> > > > analysis results it gave for camel (
> > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> > be
> > > > neglected). However, I was wondering, does it make sense to enable it
> > on
> > > > PRs? For me personally, it could help to some extent to catch
> potential
> > > > bugs that hard to spot by the human eye.
> > > >
> > >
> > > For PRs then can it be limited to only the code from the PR?
> > > The Camel code base is still massive and I dont want to have some slow
> > > process for PRs
> > >
> >
> > Right, if that's limited to the code modified by the PR, that could be a
> > good thing to add the check.
> > Else, we'd have to wait until the current problems are actually solved
> > before enabling it on PRs.
> >
> > Guillaume
> >
> >
> > > Instead of the tool just runs a general report once a week/month etc
> > > then we can take a look at it from time to time.
> > >
> > >
> > > > Regards,
> > > > Omar
> > >
> > >
> > >
> > > --
> > > Claus Ibsen
> > > -----------------
> > > http://davsclaus.com @davsclaus
> > > Camel in Action 2: https://www.manning.com/ibsen2> > >
> >
> >
> > --
> > ------------------------
> > Guillaume Nodet
> >
>
--
"In a world without walls and fences who needs Windows and Gates?"
< https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb>
Andrea Tarocchi
about.me/andrea.tarocchi
< https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb>
|
|
On Wed, Feb 26, 2020 at 12:53 AM Andrea Tarocchi
< [hidden email]> wrote:
>
> Sorry to resume this old-ish conversation,
>
> do you still see value in having LGTM running on each PR?
> it takes A LOT of time and it seems reports are seldom taken into account
> in regards to merging/not merging a PR.
> On top of that is seems there are 300 error/warning in the findings not
> addressed...
>
> Wouldn't it be better to disable it and just run it on a one-off basis?
>
+1
> Regards,
> Andrea.
>
> On Wed, Dec 18, 2019 at 3:32 PM Omar Al-Safi < [hidden email]> wrote:
>
> > I have already addressed most of the errors reported and some of the
> > warnings, I will wait for the next report to be generated and look if we
> > still need to fix.
> > I am going to ask INFRA to enable it and test it and see its scope since I
> > have no idea about but when I was looking at
> > https://lgtm.com/projects/g/apache/incubator-druid/ci/, it looks it only
> > checks the PR content which is a good thing for us.
> >
> > On Wed, Dec 18, 2019 at 1:45 PM Guillaume Nodet < [hidden email]> wrote:
> >
> > > Le mer. 18 déc. 2019 à 09:15, Claus Ibsen < [hidden email]> a
> > écrit
> > > :
> > >
> > > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]>
> > wrote:
> > > > >
> > > > > Hello folks,
> > > > >
> > > > > Recently, I stumbled across this code analysis tool
> > https://lgtm.com/> > > > and
> > > > > is free for open source integration. It looks pretty good based on
> > the
> > > > > analysis results it gave for camel (
> > > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> > > be
> > > > > neglected). However, I was wondering, does it make sense to enable it
> > > on
> > > > > PRs? For me personally, it could help to some extent to catch
> > potential
> > > > > bugs that hard to spot by the human eye.
> > > > >
> > > >
> > > > For PRs then can it be limited to only the code from the PR?
> > > > The Camel code base is still massive and I dont want to have some slow
> > > > process for PRs
> > > >
> > >
> > > Right, if that's limited to the code modified by the PR, that could be a
> > > good thing to add the check.
> > > Else, we'd have to wait until the current problems are actually solved
> > > before enabling it on PRs.
> > >
> > > Guillaume
> > >
> > >
> > > > Instead of the tool just runs a general report once a week/month etc
> > > > then we can take a look at it from time to time.
> > > >
> > > >
> > > > > Regards,
> > > > > Omar
> > > >
> > > >
> > > >
> > > > --
> > > > Claus Ibsen
> > > > -----------------
> > > > http://davsclaus.com @davsclaus
> > > > Camel in Action 2: https://www.manning.com/ibsen2> > > >
> > >
> > >
> > > --
> > > ------------------------
> > > Guillaume Nodet
> > >
> >
>
>
> --
> "In a world without walls and fences who needs Windows and Gates?"
> < https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb>
> Andrea Tarocchi
> about.me/andrea.tarocchi
> < https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb>
--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
|
|
+1
---
Luca Burgazzoli
On Wed, Feb 26, 2020 at 5:20 AM Claus Ibsen < [hidden email]> wrote:
> On Wed, Feb 26, 2020 at 12:53 AM Andrea Tarocchi
> < [hidden email]> wrote:
> >
> > Sorry to resume this old-ish conversation,
> >
> > do you still see value in having LGTM running on each PR?
> > it takes A LOT of time and it seems reports are seldom taken into account
> > in regards to merging/not merging a PR.
> > On top of that is seems there are 300 error/warning in the findings not
> > addressed...
> >
> > Wouldn't it be better to disable it and just run it on a one-off basis?
> >
>
> +1
>
> > Regards,
> > Andrea.
> >
> > On Wed, Dec 18, 2019 at 3:32 PM Omar Al-Safi < [hidden email]> wrote:
> >
> > > I have already addressed most of the errors reported and some of the
> > > warnings, I will wait for the next report to be generated and look if
> we
> > > still need to fix.
> > > I am going to ask INFRA to enable it and test it and see its scope
> since I
> > > have no idea about but when I was looking at
> > > https://lgtm.com/projects/g/apache/incubator-druid/ci/, it looks it
> only
> > > checks the PR content which is a good thing for us.
> > >
> > > On Wed, Dec 18, 2019 at 1:45 PM Guillaume Nodet < [hidden email]>
> wrote:
> > >
> > > > Le mer. 18 déc. 2019 à 09:15, Claus Ibsen < [hidden email]> a
> > > écrit
> > > > :
> > > >
> > > > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi < [hidden email]>
> > > wrote:
> > > > > >
> > > > > > Hello folks,
> > > > > >
> > > > > > Recently, I stumbled across this code analysis tool
> > > https://lgtm.com/> > > > > and
> > > > > > is free for open source integration. It looks pretty good based
> on
> > > the
> > > > > > analysis results it gave for camel (
> > > > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them
> it can
> > > > be
> > > > > > neglected). However, I was wondering, does it make sense to
> enable it
> > > > on
> > > > > > PRs? For me personally, it could help to some extent to catch
> > > potential
> > > > > > bugs that hard to spot by the human eye.
> > > > > >
> > > > >
> > > > > For PRs then can it be limited to only the code from the PR?
> > > > > The Camel code base is still massive and I dont want to have some
> slow
> > > > > process for PRs
> > > > >
> > > >
> > > > Right, if that's limited to the code modified by the PR, that could
> be a
> > > > good thing to add the check.
> > > > Else, we'd have to wait until the current problems are actually
> solved
> > > > before enabling it on PRs.
> > > >
> > > > Guillaume
> > > >
> > > >
> > > > > Instead of the tool just runs a general report once a week/month
> etc
> > > > > then we can take a look at it from time to time.
> > > > >
> > > > >
> > > > > > Regards,
> > > > > > Omar
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Claus Ibsen
> > > > > -----------------
> > > > > http://davsclaus.com @davsclaus
> > > > > Camel in Action 2: https://www.manning.com/ibsen2> > > > >
> > > >
> > > >
> > > > --
> > > > ------------------------
> > > > Guillaume Nodet
> > > >
> > >
> >
> >
> > --
> > "In a world without walls and fences who needs Windows and Gates?"
> > <
> https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb> >
> > Andrea Tarocchi
> > about.me/andrea.tarocchi
> > <
> https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb> >
>
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2>
|
|
+1
Thanks for the proposal.
Regards
JB
> Le 17 déc. 2019 à 16:17, Omar Al-Safi < [hidden email]> a écrit :
>
> Hello folks,
>
> Recently, I stumbled across this code analysis tool https://lgtm.com/ and
> is free for open source integration. It looks pretty good based on the
> analysis results it gave for camel (
> https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> neglected). However, I was wondering, does it make sense to enable it on
> PRs? For me personally, it could help to some extent to catch potential
> bugs that hard to spot by the human eye.
>
> Regards,
> Omar
|
|
+1 to remove it
Il mer 26 feb 2020, 07:57 Jean-Baptiste Onofre < [hidden email]> ha scritto:
> +1
>
> Thanks for the proposal.
>
> Regards
> JB
>
> > Le 17 déc. 2019 à 16:17, Omar Al-Safi < [hidden email]> a écrit :
> >
> > Hello folks,
> >
> > Recently, I stumbled across this code analysis tool https://lgtm.com/> and
> > is free for open source integration. It looks pretty good based on the
> > analysis results it gave for camel (
> > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > neglected). However, I was wondering, does it make sense to enable it on
> > PRs? For me personally, it could help to some extent to catch potential
> > bugs that hard to spot by the human eye.
> >
> > Regards,
> > Omar
>
>
|
12
|