[DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

oalsafi
Hello folks,

Recently, I stumbled across this code analysis tool https://lgtm.com/ and
is free for open source integration. It looks pretty good based on the
analysis results it gave for camel (
https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
neglected). However, I was wondering, does it make sense to enable it on
PRs? For me personally, it could help to some extent to catch potential
bugs that hard to spot by the human eye.

Regards,
Omar
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Andrea Cosentino-2
My personal opinion about these tools is the same of the security scanners: I really don't like them :-)

--
Andrea Cosentino 
----------------------------------
Apache Camel PMC Chair
Apache Karaf Committer
Apache Servicemix PMC Member
Email: [hidden email]
Twitter: @oscerd2
Github: oscerd






On Tuesday, December 17, 2019, 4:17:16 PM GMT+1, Omar Al-Safi <[hidden email]> wrote:





Hello folks,

Recently, I stumbled across this code analysis tool https://lgtm.com/ and
is free for open source integration. It looks pretty good based on the
analysis results it gave for camel (
https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
neglected). However, I was wondering, does it make sense to enable it on
PRs? For me personally, it could help to some extent to catch potential
bugs that hard to spot by the human eye.

Regards,
Omar
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Omar Al-Safi
Well I was pretty skeptical about it. But by looking at the list, it looks
to me pretty good actually :).

On Tue, Dec 17, 2019 at 4:34 PM Andrea Cosentino
<[hidden email]> wrote:

> My personal opinion about these tools is the same of the security
> scanners: I really don't like them :-)
>
> --
> Andrea Cosentino
> ----------------------------------
> Apache Camel PMC Chair
> Apache Karaf Committer
> Apache Servicemix PMC Member
> Email: [hidden email]
> Twitter: @oscerd2
> Github: oscerd
>
>
>
>
>
>
> On Tuesday, December 17, 2019, 4:17:16 PM GMT+1, Omar Al-Safi <
> [hidden email]> wrote:
>
>
>
>
>
> Hello folks,
>
> Recently, I stumbled across this code analysis tool https://lgtm.com/ and
> is free for open source integration. It looks pretty good based on the
> analysis results it gave for camel (
> https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> neglected). However, I was wondering, does it make sense to enable it on
> PRs? For me personally, it could help to some extent to catch potential
> bugs that hard to spot by the human eye.
>
> Regards,
> Omar
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

jbonofre
In reply to this post by oalsafi
Hi Omar,

if it's in a profile, why not, but I don't like such tool "forced" in
the default build.

Regards
JB

On 17/12/2019 16:17, Omar Al-Safi wrote:

> Hello folks,
>
> Recently, I stumbled across this code analysis tool https://lgtm.com/ and
> is free for open source integration. It looks pretty good based on the
> analysis results it gave for camel (
> https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> neglected). However, I was wondering, does it make sense to enable it on
> PRs? For me personally, it could help to some extent to catch potential
> bugs that hard to spot by the human eye.
>
> Regards,
> Omar
>

--
Jean-Baptiste Onofré
[hidden email]
http://blog.nanthrax.net
Talend - http://www.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Guillaume Nodet-2
Agreed, we can easily create a profile for that.
In addition, we should quickly review them because some of the alerts are
actual bugs, like the second one at least.
We can filter the ones that coud be investigated:

https://lgtm.com/projects/g/apache/camel/alerts/?sort=name&dir=ASC&mode=list&tag=correctness%2Clogic%2Creliability

Le mer. 18 déc. 2019 à 07:58, Jean-Baptiste Onofré <[hidden email]> a
écrit :

> Hi Omar,
>
> if it's in a profile, why not, but I don't like such tool "forced" in
> the default build.
>
> Regards
> JB
>
> On 17/12/2019 16:17, Omar Al-Safi wrote:
> > Hello folks,
> >
> > Recently, I stumbled across this code analysis tool https://lgtm.com/
> and
> > is free for open source integration. It looks pretty good based on the
> > analysis results it gave for camel (
> > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > neglected). However, I was wondering, does it make sense to enable it on
> > PRs? For me personally, it could help to some extent to catch potential
> > bugs that hard to spot by the human eye.
> >
> > Regards,
> > Omar
> >
>
> --
> Jean-Baptiste Onofré
> [hidden email]
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>


--
------------------------
Guillaume Nodet
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Omar Al-Safi
You mean as a maven profile? If that is what you mean, sounds to me a good
idea as we did for the checkstyle. However I don't think it will be
possible with that tool since they do the analysis as service. Perhaps we
can look for another tool that we can integrate into maven.
Indeed, I will look at some of them today and tomorrow and commit the
fixes.

On Wed, Dec 18, 2019, 08:55 Guillaume Nodet <[hidden email]> wrote:

> Agreed, we can easily create a profile for that.
> In addition, we should quickly review them because some of the alerts are
> actual bugs, like the second one at least.
> We can filter the ones that coud be investigated:
>
>
> https://lgtm.com/projects/g/apache/camel/alerts/?sort=name&dir=ASC&mode=list&tag=correctness%2Clogic%2Creliability
>
> Le mer. 18 déc. 2019 à 07:58, Jean-Baptiste Onofré <[hidden email]> a
> écrit :
>
> > Hi Omar,
> >
> > if it's in a profile, why not, but I don't like such tool "forced" in
> > the default build.
> >
> > Regards
> > JB
> >
> > On 17/12/2019 16:17, Omar Al-Safi wrote:
> > > Hello folks,
> > >
> > > Recently, I stumbled across this code analysis tool https://lgtm.com/
> > and
> > > is free for open source integration. It looks pretty good based on the
> > > analysis results it gave for camel (
> > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> be
> > > neglected). However, I was wondering, does it make sense to enable it
> on
> > > PRs? For me personally, it could help to some extent to catch potential
> > > bugs that hard to spot by the human eye.
> > >
> > > Regards,
> > > Omar
> > >
> >
> > --
> > Jean-Baptiste Onofré
> > [hidden email]
> > http://blog.nanthrax.net
> > Talend - http://www.talend.com
> >
>
>
> --
> ------------------------
> Guillaume Nodet
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Claus Ibsen-2
In reply to this post by Guillaume Nodet-2
Hi

Yeah this tools seems at first sight much improved over other tools we
have seen in the past, that gives a lot of false positives and noises.


On Wed, Dec 18, 2019 at 8:55 AM Guillaume Nodet <[hidden email]> wrote:

>
> Agreed, we can easily create a profile for that.
> In addition, we should quickly review them because some of the alerts are
> actual bugs, like the second one at least.
> We can filter the ones that coud be investigated:
>
> https://lgtm.com/projects/g/apache/camel/alerts/?sort=name&dir=ASC&mode=list&tag=correctness%2Clogic%2Creliability
>
> Le mer. 18 déc. 2019 à 07:58, Jean-Baptiste Onofré <[hidden email]> a
> écrit :
>
> > Hi Omar,
> >
> > if it's in a profile, why not, but I don't like such tool "forced" in
> > the default build.
> >
> > Regards
> > JB
> >
> > On 17/12/2019 16:17, Omar Al-Safi wrote:
> > > Hello folks,
> > >
> > > Recently, I stumbled across this code analysis tool https://lgtm.com/
> > and
> > > is free for open source integration. It looks pretty good based on the
> > > analysis results it gave for camel (
> > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > > neglected). However, I was wondering, does it make sense to enable it on
> > > PRs? For me personally, it could help to some extent to catch potential
> > > bugs that hard to spot by the human eye.
> > >
> > > Regards,
> > > Omar
> > >
> >
> > --
> > Jean-Baptiste Onofré
> > [hidden email]
> > http://blog.nanthrax.net
> > Talend - http://www.talend.com
> >
>
>
> --
> ------------------------
> Guillaume Nodet



--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Claus Ibsen-2
In reply to this post by oalsafi
On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]> wrote:

>
> Hello folks,
>
> Recently, I stumbled across this code analysis tool https://lgtm.com/ and
> is free for open source integration. It looks pretty good based on the
> analysis results it gave for camel (
> https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> neglected). However, I was wondering, does it make sense to enable it on
> PRs? For me personally, it could help to some extent to catch potential
> bugs that hard to spot by the human eye.
>

For PRs then can it be limited to only the code from the PR?
The Camel code base is still massive and I dont want to have some slow
process for PRs

Instead of the tool just runs a general report once a week/month etc
then we can take a look at it from time to time.


> Regards,
> Omar



--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Omar Al-Safi
That honestly I don't know about. We can give a try for one PR and see how
long it takes. If it takes some time, we just switch it off and rely on the
report it generates daily. We can also configure the type of code analysis
which can only limit to what we see that could help.

On Wed, Dec 18, 2019, 09:15 Claus Ibsen <[hidden email]> wrote:

> On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]> wrote:
> >
> > Hello folks,
> >
> > Recently, I stumbled across this code analysis tool https://lgtm.com/
> and
> > is free for open source integration. It looks pretty good based on the
> > analysis results it gave for camel (
> > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > neglected). However, I was wondering, does it make sense to enable it on
> > PRs? For me personally, it could help to some extent to catch potential
> > bugs that hard to spot by the human eye.
> >
>
> For PRs then can it be limited to only the code from the PR?
> The Camel code base is still massive and I dont want to have some slow
> process for PRs
>
> Instead of the tool just runs a general report once a week/month etc
> then we can take a look at it from time to time.
>
>
> > Regards,
> > Omar
>
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Andrea Cosentino-3
Do they require access to the github repo? In that case I do believe Infra
won't allow us to use it.

Il giorno mer 18 dic 2019 alle ore 09:22 Omar Al-Safi <[hidden email]> ha
scritto:

> That honestly I don't know about. We can give a try for one PR and see how
> long it takes. If it takes some time, we just switch it off and rely on the
> report it generates daily. We can also configure the type of code analysis
> which can only limit to what we see that could help.
>
> On Wed, Dec 18, 2019, 09:15 Claus Ibsen <[hidden email]> wrote:
>
> > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]> wrote:
> > >
> > > Hello folks,
> > >
> > > Recently, I stumbled across this code analysis tool https://lgtm.com/
> > and
> > > is free for open source integration. It looks pretty good based on the
> > > analysis results it gave for camel (
> > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> be
> > > neglected). However, I was wondering, does it make sense to enable it
> on
> > > PRs? For me personally, it could help to some extent to catch potential
> > > bugs that hard to spot by the human eye.
> > >
> >
> > For PRs then can it be limited to only the code from the PR?
> > The Camel code base is still massive and I dont want to have some slow
> > process for PRs
> >
> > Instead of the tool just runs a general report once a week/month etc
> > then we can take a look at it from time to time.
> >
> >
> > > Regards,
> > > Omar
> >
> >
> >
> > --
> > Claus Ibsen
> > -----------------
> > http://davsclaus.com @davsclaus
> > Camel in Action 2: https://www.manning.com/ibsen2
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

lburgazzoli
On Wed, Dec 18, 2019 at 9:25 AM Andrea Cosentino <[hidden email]> wrote:

> Do they require access to the github repo? In that case I do believe Infra
> won't allow us to use it.
>
>
Was actually thinking about the same thing, here what they do require:
https://lgtm.com/help/lgtm/github-apps-integration


> Il giorno mer 18 dic 2019 alle ore 09:22 Omar Al-Safi <[hidden email]>
> ha
> scritto:
>
> > That honestly I don't know about. We can give a try for one PR and see
> how
> > long it takes. If it takes some time, we just switch it off and rely on
> the
> > report it generates daily. We can also configure the type of code
> analysis
> > which can only limit to what we see that could help.
> >
> > On Wed, Dec 18, 2019, 09:15 Claus Ibsen <[hidden email]> wrote:
> >
> > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]>
> wrote:
> > > >
> > > > Hello folks,
> > > >
> > > > Recently, I stumbled across this code analysis tool
> https://lgtm.com/
> > > and
> > > > is free for open source integration. It looks pretty good based on
> the
> > > > analysis results it gave for camel (
> > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> > be
> > > > neglected). However, I was wondering, does it make sense to enable it
> > on
> > > > PRs? For me personally, it could help to some extent to catch
> potential
> > > > bugs that hard to spot by the human eye.
> > > >
> > >
> > > For PRs then can it be limited to only the code from the PR?
> > > The Camel code base is still massive and I dont want to have some slow
> > > process for PRs
> > >
> > > Instead of the tool just runs a general report once a week/month etc
> > > then we can take a look at it from time to time.
> > >
> > >
> > > > Regards,
> > > > Omar
> > >
> > >
> > >
> > > --
> > > Claus Ibsen
> > > -----------------
> > > http://davsclaus.com @davsclaus
> > > Camel in Action 2: https://www.manning.com/ibsen2
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Omar Al-Safi
It looks infra allows it due to lgtm new integration
https://issues.apache.org/jira/browse/INFRA-17226?focusedCommentId=16864457&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16864457


On Wed, Dec 18, 2019 at 9:38 AM Luca Burgazzoli <[hidden email]>
wrote:

> On Wed, Dec 18, 2019 at 9:25 AM Andrea Cosentino <[hidden email]>
> wrote:
>
> > Do they require access to the github repo? In that case I do believe
> Infra
> > won't allow us to use it.
> >
> >
> Was actually thinking about the same thing, here what they do require:
> https://lgtm.com/help/lgtm/github-apps-integration
>
>
> > Il giorno mer 18 dic 2019 alle ore 09:22 Omar Al-Safi <[hidden email]>
> > ha
> > scritto:
> >
> > > That honestly I don't know about. We can give a try for one PR and see
> > how
> > > long it takes. If it takes some time, we just switch it off and rely on
> > the
> > > report it generates daily. We can also configure the type of code
> > analysis
> > > which can only limit to what we see that could help.
> > >
> > > On Wed, Dec 18, 2019, 09:15 Claus Ibsen <[hidden email]> wrote:
> > >
> > > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]>
> > wrote:
> > > > >
> > > > > Hello folks,
> > > > >
> > > > > Recently, I stumbled across this code analysis tool
> > https://lgtm.com/
> > > > and
> > > > > is free for open source integration. It looks pretty good based on
> > the
> > > > > analysis results it gave for camel (
> > > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it
> can
> > > be
> > > > > neglected). However, I was wondering, does it make sense to enable
> it
> > > on
> > > > > PRs? For me personally, it could help to some extent to catch
> > potential
> > > > > bugs that hard to spot by the human eye.
> > > > >
> > > >
> > > > For PRs then can it be limited to only the code from the PR?
> > > > The Camel code base is still massive and I dont want to have some
> slow
> > > > process for PRs
> > > >
> > > > Instead of the tool just runs a general report once a week/month etc
> > > > then we can take a look at it from time to time.
> > > >
> > > >
> > > > > Regards,
> > > > > Omar
> > > >
> > > >
> > > >
> > > > --
> > > > Claus Ibsen
> > > > -----------------
> > > > http://davsclaus.com @davsclaus
> > > > Camel in Action 2: https://www.manning.com/ibsen2
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Omar Al-Safi
Simpler way, we can just add a badge to the readme file (
https://lgtm.com/help/lgtm/adding-badges-to-project-readme-files), so from
time to time we can take a look at the reports instead of having for every
PR.

On Wed, Dec 18, 2019 at 9:45 AM Omar Al-Safi <[hidden email]> wrote:

> It looks infra allows it due to lgtm new integration
> https://issues.apache.org/jira/browse/INFRA-17226?focusedCommentId=16864457&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16864457
>
>
> On Wed, Dec 18, 2019 at 9:38 AM Luca Burgazzoli <[hidden email]>
> wrote:
>
>> On Wed, Dec 18, 2019 at 9:25 AM Andrea Cosentino <[hidden email]>
>> wrote:
>>
>> > Do they require access to the github repo? In that case I do believe
>> Infra
>> > won't allow us to use it.
>> >
>> >
>> Was actually thinking about the same thing, here what they do require:
>> https://lgtm.com/help/lgtm/github-apps-integration
>>
>>
>> > Il giorno mer 18 dic 2019 alle ore 09:22 Omar Al-Safi <[hidden email]
>> >
>> > ha
>> > scritto:
>> >
>> > > That honestly I don't know about. We can give a try for one PR and see
>> > how
>> > > long it takes. If it takes some time, we just switch it off and rely
>> on
>> > the
>> > > report it generates daily. We can also configure the type of code
>> > analysis
>> > > which can only limit to what we see that could help.
>> > >
>> > > On Wed, Dec 18, 2019, 09:15 Claus Ibsen <[hidden email]>
>> wrote:
>> > >
>> > > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]>
>> > wrote:
>> > > > >
>> > > > > Hello folks,
>> > > > >
>> > > > > Recently, I stumbled across this code analysis tool
>> > https://lgtm.com/
>> > > > and
>> > > > > is free for open source integration. It looks pretty good based on
>> > the
>> > > > > analysis results it gave for camel (
>> > > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it
>> can
>> > > be
>> > > > > neglected). However, I was wondering, does it make sense to
>> enable it
>> > > on
>> > > > > PRs? For me personally, it could help to some extent to catch
>> > potential
>> > > > > bugs that hard to spot by the human eye.
>> > > > >
>> > > >
>> > > > For PRs then can it be limited to only the code from the PR?
>> > > > The Camel code base is still massive and I dont want to have some
>> slow
>> > > > process for PRs
>> > > >
>> > > > Instead of the tool just runs a general report once a week/month etc
>> > > > then we can take a look at it from time to time.
>> > > >
>> > > >
>> > > > > Regards,
>> > > > > Omar
>> > > >
>> > > >
>> > > >
>> > > > --
>> > > > Claus Ibsen
>> > > > -----------------
>> > > > http://davsclaus.com @davsclaus
>> > > > Camel in Action 2: https://www.manning.com/ibsen2
>> > > >
>> > >
>> >
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Guillaume Nodet-2
In reply to this post by Claus Ibsen-2
Le mer. 18 déc. 2019 à 09:15, Claus Ibsen <[hidden email]> a écrit :

> On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]> wrote:
> >
> > Hello folks,
> >
> > Recently, I stumbled across this code analysis tool https://lgtm.com/
> and
> > is free for open source integration. It looks pretty good based on the
> > analysis results it gave for camel (
> > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > neglected). However, I was wondering, does it make sense to enable it on
> > PRs? For me personally, it could help to some extent to catch potential
> > bugs that hard to spot by the human eye.
> >
>
> For PRs then can it be limited to only the code from the PR?
> The Camel code base is still massive and I dont want to have some slow
> process for PRs
>

Right, if that's limited to the code modified by the PR, that could be a
good thing to add the check.
Else, we'd have to wait until the current problems are actually solved
before enabling it on PRs.

Guillaume


> Instead of the tool just runs a general report once a week/month etc
> then we can take a look at it from time to time.
>
>
> > Regards,
> > Omar
>
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
>


--
------------------------
Guillaume Nodet
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Omar Al-Safi
I have already addressed most of the errors reported and some of the
warnings, I will wait for the next report to be generated and look if we
still need to fix.
I am going to ask INFRA to enable it and test it and see its scope since I
have no idea about but when I was looking at
https://lgtm.com/projects/g/apache/incubator-druid/ci/, it looks it only
checks the PR content which is a good thing for us.

On Wed, Dec 18, 2019 at 1:45 PM Guillaume Nodet <[hidden email]> wrote:

> Le mer. 18 déc. 2019 à 09:15, Claus Ibsen <[hidden email]> a écrit
> :
>
> > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]> wrote:
> > >
> > > Hello folks,
> > >
> > > Recently, I stumbled across this code analysis tool https://lgtm.com/
> > and
> > > is free for open source integration. It looks pretty good based on the
> > > analysis results it gave for camel (
> > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> be
> > > neglected). However, I was wondering, does it make sense to enable it
> on
> > > PRs? For me personally, it could help to some extent to catch potential
> > > bugs that hard to spot by the human eye.
> > >
> >
> > For PRs then can it be limited to only the code from the PR?
> > The Camel code base is still massive and I dont want to have some slow
> > process for PRs
> >
>
> Right, if that's limited to the code modified by the PR, that could be a
> good thing to add the check.
> Else, we'd have to wait until the current problems are actually solved
> before enabling it on PRs.
>
> Guillaume
>
>
> > Instead of the tool just runs a general report once a week/month etc
> > then we can take a look at it from time to time.
> >
> >
> > > Regards,
> > > Omar
> >
> >
> >
> > --
> > Claus Ibsen
> > -----------------
> > http://davsclaus.com @davsclaus
> > Camel in Action 2: https://www.manning.com/ibsen2
> >
>
>
> --
> ------------------------
> Guillaume Nodet
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

valdar
Sorry to resume this old-ish conversation,

do you still see value in having LGTM running on each PR?
it takes A LOT of time and it seems reports are seldom taken into account
in regards to merging/not merging a PR.
On top of that is seems there are 300 error/warning in the findings not
addressed...

Wouldn't it be better to disable it and just run it on a one-off basis?

Regards,
Andrea.

On Wed, Dec 18, 2019 at 3:32 PM Omar Al-Safi <[hidden email]> wrote:

> I have already addressed most of the errors reported and some of the
> warnings, I will wait for the next report to be generated and look if we
> still need to fix.
> I am going to ask INFRA to enable it and test it and see its scope since I
> have no idea about but when I was looking at
> https://lgtm.com/projects/g/apache/incubator-druid/ci/, it looks it only
> checks the PR content which is a good thing for us.
>
> On Wed, Dec 18, 2019 at 1:45 PM Guillaume Nodet <[hidden email]> wrote:
>
> > Le mer. 18 déc. 2019 à 09:15, Claus Ibsen <[hidden email]> a
> écrit
> > :
> >
> > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]>
> wrote:
> > > >
> > > > Hello folks,
> > > >
> > > > Recently, I stumbled across this code analysis tool
> https://lgtm.com/
> > > and
> > > > is free for open source integration. It looks pretty good based on
> the
> > > > analysis results it gave for camel (
> > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> > be
> > > > neglected). However, I was wondering, does it make sense to enable it
> > on
> > > > PRs? For me personally, it could help to some extent to catch
> potential
> > > > bugs that hard to spot by the human eye.
> > > >
> > >
> > > For PRs then can it be limited to only the code from the PR?
> > > The Camel code base is still massive and I dont want to have some slow
> > > process for PRs
> > >
> >
> > Right, if that's limited to the code modified by the PR, that could be a
> > good thing to add the check.
> > Else, we'd have to wait until the current problems are actually solved
> > before enabling it on PRs.
> >
> > Guillaume
> >
> >
> > > Instead of the tool just runs a general report once a week/month etc
> > > then we can take a look at it from time to time.
> > >
> > >
> > > > Regards,
> > > > Omar
> > >
> > >
> > >
> > > --
> > > Claus Ibsen
> > > -----------------
> > > http://davsclaus.com @davsclaus
> > > Camel in Action 2: https://www.manning.com/ibsen2
> > >
> >
> >
> > --
> > ------------------------
> > Guillaume Nodet
> >
>


--
"In a world without walls and fences who needs Windows and Gates?"
<https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb>
Andrea Tarocchi
about.me/andrea.tarocchi
<https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Claus Ibsen-2
On Wed, Feb 26, 2020 at 12:53 AM Andrea Tarocchi
<[hidden email]> wrote:

>
> Sorry to resume this old-ish conversation,
>
> do you still see value in having LGTM running on each PR?
> it takes A LOT of time and it seems reports are seldom taken into account
> in regards to merging/not merging a PR.
> On top of that is seems there are 300 error/warning in the findings not
> addressed...
>
> Wouldn't it be better to disable it and just run it on a one-off basis?
>

+1

> Regards,
> Andrea.
>
> On Wed, Dec 18, 2019 at 3:32 PM Omar Al-Safi <[hidden email]> wrote:
>
> > I have already addressed most of the errors reported and some of the
> > warnings, I will wait for the next report to be generated and look if we
> > still need to fix.
> > I am going to ask INFRA to enable it and test it and see its scope since I
> > have no idea about but when I was looking at
> > https://lgtm.com/projects/g/apache/incubator-druid/ci/, it looks it only
> > checks the PR content which is a good thing for us.
> >
> > On Wed, Dec 18, 2019 at 1:45 PM Guillaume Nodet <[hidden email]> wrote:
> >
> > > Le mer. 18 déc. 2019 à 09:15, Claus Ibsen <[hidden email]> a
> > écrit
> > > :
> > >
> > > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]>
> > wrote:
> > > > >
> > > > > Hello folks,
> > > > >
> > > > > Recently, I stumbled across this code analysis tool
> > https://lgtm.com/
> > > > and
> > > > > is free for open source integration. It looks pretty good based on
> > the
> > > > > analysis results it gave for camel (
> > > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can
> > > be
> > > > > neglected). However, I was wondering, does it make sense to enable it
> > > on
> > > > > PRs? For me personally, it could help to some extent to catch
> > potential
> > > > > bugs that hard to spot by the human eye.
> > > > >
> > > >
> > > > For PRs then can it be limited to only the code from the PR?
> > > > The Camel code base is still massive and I dont want to have some slow
> > > > process for PRs
> > > >
> > >
> > > Right, if that's limited to the code modified by the PR, that could be a
> > > good thing to add the check.
> > > Else, we'd have to wait until the current problems are actually solved
> > > before enabling it on PRs.
> > >
> > > Guillaume
> > >
> > >
> > > > Instead of the tool just runs a general report once a week/month etc
> > > > then we can take a look at it from time to time.
> > > >
> > > >
> > > > > Regards,
> > > > > Omar
> > > >
> > > >
> > > >
> > > > --
> > > > Claus Ibsen
> > > > -----------------
> > > > http://davsclaus.com @davsclaus
> > > > Camel in Action 2: https://www.manning.com/ibsen2
> > > >
> > >
> > >
> > > --
> > > ------------------------
> > > Guillaume Nodet
> > >
> >
>
>
> --
> "In a world without walls and fences who needs Windows and Gates?"
> <https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb>
> Andrea Tarocchi
> about.me/andrea.tarocchi
> <https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb>



--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

lburgazzoli
+1

---
Luca Burgazzoli


On Wed, Feb 26, 2020 at 5:20 AM Claus Ibsen <[hidden email]> wrote:

> On Wed, Feb 26, 2020 at 12:53 AM Andrea Tarocchi
> <[hidden email]> wrote:
> >
> > Sorry to resume this old-ish conversation,
> >
> > do you still see value in having LGTM running on each PR?
> > it takes A LOT of time and it seems reports are seldom taken into account
> > in regards to merging/not merging a PR.
> > On top of that is seems there are 300 error/warning in the findings not
> > addressed...
> >
> > Wouldn't it be better to disable it and just run it on a one-off basis?
> >
>
> +1
>
> > Regards,
> > Andrea.
> >
> > On Wed, Dec 18, 2019 at 3:32 PM Omar Al-Safi <[hidden email]> wrote:
> >
> > > I have already addressed most of the errors reported and some of the
> > > warnings, I will wait for the next report to be generated and look if
> we
> > > still need to fix.
> > > I am going to ask INFRA to enable it and test it and see its scope
> since I
> > > have no idea about but when I was looking at
> > > https://lgtm.com/projects/g/apache/incubator-druid/ci/, it looks it
> only
> > > checks the PR content which is a good thing for us.
> > >
> > > On Wed, Dec 18, 2019 at 1:45 PM Guillaume Nodet <[hidden email]>
> wrote:
> > >
> > > > Le mer. 18 déc. 2019 à 09:15, Claus Ibsen <[hidden email]> a
> > > écrit
> > > > :
> > > >
> > > > > On Tue, Dec 17, 2019 at 4:17 PM Omar Al-Safi <[hidden email]>
> > > wrote:
> > > > > >
> > > > > > Hello folks,
> > > > > >
> > > > > > Recently, I stumbled across this code analysis tool
> > > https://lgtm.com/
> > > > > and
> > > > > > is free for open source integration. It looks pretty good based
> on
> > > the
> > > > > > analysis results it gave for camel (
> > > > > > https://lgtm.com/projects/g/apache/camel/) (sure some of them
> it can
> > > > be
> > > > > > neglected). However, I was wondering, does it make sense to
> enable it
> > > > on
> > > > > > PRs? For me personally, it could help to some extent to catch
> > > potential
> > > > > > bugs that hard to spot by the human eye.
> > > > > >
> > > > >
> > > > > For PRs then can it be limited to only the code from the PR?
> > > > > The Camel code base is still massive and I dont want to have some
> slow
> > > > > process for PRs
> > > > >
> > > >
> > > > Right, if that's limited to the code modified by the PR, that could
> be a
> > > > good thing to add the check.
> > > > Else, we'd have to wait until the current problems are actually
> solved
> > > > before enabling it on PRs.
> > > >
> > > > Guillaume
> > > >
> > > >
> > > > > Instead of the tool just runs a general report once a week/month
> etc
> > > > > then we can take a look at it from time to time.
> > > > >
> > > > >
> > > > > > Regards,
> > > > > > Omar
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Claus Ibsen
> > > > > -----------------
> > > > > http://davsclaus.com @davsclaus
> > > > > Camel in Action 2: https://www.manning.com/ibsen2
> > > > >
> > > >
> > > >
> > > > --
> > > > ------------------------
> > > > Guillaume Nodet
> > > >
> > >
> >
> >
> > --
> > "In a world without walls and fences who needs Windows and Gates?"
> > <
> https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb
> >
> > Andrea Tarocchi
> > about.me/andrea.tarocchi
> > <
> https://about.me/andrea.tarocchi?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=edit_panel&utm_content=thumb
> >
>
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
>
Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

jbonofre
In reply to this post by oalsafi
+1

Thanks for the proposal.

Regards
JB

> Le 17 déc. 2019 à 16:17, Omar Al-Safi <[hidden email]> a écrit :
>
> Hello folks,
>
> Recently, I stumbled across this code analysis tool https://lgtm.com/ and
> is free for open source integration. It looks pretty good based on the
> analysis results it gave for camel (
> https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> neglected). However, I was wondering, does it make sense to enable it on
> PRs? For me personally, it could help to some extent to catch potential
> bugs that hard to spot by the human eye.
>
> Regards,
> Omar

Reply | Threaded
Open this post in threaded view
|

Re: [DISCUESS] Integrating code analysis tool lgtm.com into the pipeline

Andrea Cosentino-3
+1 to remove it

Il mer 26 feb 2020, 07:57 Jean-Baptiste Onofre <[hidden email]> ha scritto:

> +1
>
> Thanks for the proposal.
>
> Regards
> JB
>
> > Le 17 déc. 2019 à 16:17, Omar Al-Safi <[hidden email]> a écrit :
> >
> > Hello folks,
> >
> > Recently, I stumbled across this code analysis tool https://lgtm.com/
> and
> > is free for open source integration. It looks pretty good based on the
> > analysis results it gave for camel (
> > https://lgtm.com/projects/g/apache/camel/) (sure some of them it can be
> > neglected). However, I was wondering, does it make sense to enable it on
> > PRs? For me personally, it could help to some extent to catch potential
> > bugs that hard to spot by the human eye.
> >
> > Regards,
> > Omar
>
>
12