From e99f8faad3c73478fa35df06db92e33df415f21f Mon Sep 17 00:00:00 2001 From: tiulpin Date: Thu, 26 Jan 2023 18:33:32 +0100 Subject: [PATCH] :memo: Promote Cloud in the docs more --- README.md | 36 ++++++++++++++++++++---------------- src/@orb.yml | 2 +- src/commands/scan.yml | 3 +++ vsts/README.md | 23 +++++++++++++++++++++-- 4 files changed, 45 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 96c88ee9..7e9bfab5 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,26 @@ We recommend that you have a separate workflow file for Qodana because [different jobs run in parallel](https://help.github.com/en/actions/getting-started-with-github-actions/core-concepts-for-github-actions#job) . +### Qodana Cloud + +To send the results to Qodana Cloud, all you need to do is to specify the `QODANA_TOKEN` environment variable in the build configuration. + +1. In the GitHub UI, create the `QODANA_TOKEN` [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) and + save the [project token](https://www.jetbrains.com/help/qodana/cloud-projects.html#cloud-manage-projects) as its value. +2. In the GitHub workflow file, + add `QODANA_TOKEN` variable to the `env` section of the `Qodana Scan` step: + +```yaml + - name: 'Qodana Scan' + uses: JetBrains/qodana-action@v2022.3.2 + env: + QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }} +``` + +After the token is set for analysis, all Qodana job results will be uploaded to your Qodana Cloud project. + +![Qodana Cloud](https://user-images.githubusercontent.com/13538286/214899046-572649db-fe62-49b2-a368-b5d07737c1c1.gif) + ### GitHub code scanning You can set @@ -149,22 +169,6 @@ failThreshold: Based on this, you will be able to detect only new problems in pull requests that fall beyond the baseline. At the same time, pull requests with **new** problems exceeding the `fail-threshold` limit will be blocked, and the workflow will fail. -### GitHub Pages - -If you wish to study [Qodana reports](https://www.jetbrains.com/help/qodana/html-report.html) directly on GitHub, you -can host them on your [GitHub Pages](https://docs.github.com/en/pages) repository using this example workflow: - -```yaml - - name: Deploy to GitHub Pages - uses: peaceiris/actions-gh-pages@v3 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - publish_dir: ${{ runner.temp }}/qodana/results/report - destination_dir: ./ -``` - -> Hosting multiple Qodana reports in a single GitHub Pages repository is not supported. - ### Get a Qodana badge You can set up a Qodana workflow badge in your repository. To do it, follow these steps: diff --git a/src/@orb.yml b/src/@orb.yml index 51a51e9b..26aa6456 100755 --- a/src/@orb.yml +++ b/src/@orb.yml @@ -9,5 +9,5 @@ description: > # This information will be displayed in the orb registry and is not mandatory. display: - home_url: "https://jetbrains.com/qodana" + home_url: "https://www.jetbrains.com/help/qodana/circleci.html" source_url: "https://github.com/JetBrains/qodana-action" diff --git a/src/commands/scan.yml b/src/commands/scan.yml index 0a15bb76..205f2b84 100644 --- a/src/commands/scan.yml +++ b/src/commands/scan.yml @@ -3,6 +3,9 @@ description: > It runs Qodana `scan` command and reports the results. Note that most options can be configured via qodana.yaml (https://www.jetbrains.com/help/qodana/qodana-yaml.html) file. + To send reports from CircleCI to Qodana Cloud, all you need to do + is to set `QODANA_TOKEN` environment variable in your project settings. + To learn more, see https://www.jetbrains.com/help/qodana/circleci.html parameters: args: type: string diff --git a/vsts/README.md b/vsts/README.md index 6085f0a8..1b60f76d 100644 --- a/vsts/README.md +++ b/vsts/README.md @@ -1,5 +1,5 @@ [![GitHub Discussions](https://img.shields.io/github/discussions/jetbrains/qodana)][jb:discussions] -[![Twitter Follow](https://img.shields.io/twitter/follow/Qodana?style=social&logo=twitter)][jb:twitter] +[![Twitter Follow](https://img.shields.io/badge/follow-%40Qodana-1DA1F2?logo=twitter&style=social)][jb:twitter] **Qodana** is a code quality monitoring tool that identifies and suggests fixes for bugs, security vulnerabilities, duplications, and imperfections. @@ -50,7 +50,26 @@ steps: Triggering this job depends on [what type of repository you are using in Azure Pipelines](https://docs.microsoft.com/en-us/azure/devops/pipelines/build/triggers?view=azure-devops#classic-build-pipelines-and-yaml-pipelines). -The task can be run on any OS and x86_64/arm64 CPUs, but it requires the agent to have Docker installed. And since most of Qodana Docker images are Linux-based, the docker daemon must run Linux containers. +The task can be run on any OS and x86_64/arm64 CPUs, but it requires the agent to have Docker installed. And since most of Qodana Docker images are Linux-based, the docker daemon must be able to run Linux containers. + +### Qodana Cloud + +To send the results to Qodana Cloud, all you need to do is to specify the `QODANA_TOKEN` environment variable in the build configuration. + +1. In the Azure Pipelines UI, create the `QODANA_TOKEN` [secret variable](https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-secret-variables?view=azure-devops&tabs=yaml%2Cbash#secret-variable-in-the-ui) and + save the [project token](https://www.jetbrains.com/help/qodana/cloud-projects.html#cloud-manage-projects) as its value. +2. In the Azure pipeline file, + add `QODANA_TOKEN` variable to the `env` section of the `QodanaScan` task: + +```yaml + - task: QodanaScan@2022 + env: + QODANA_TOKEN: $(QODANA_TOKEN) +``` + +After the token is set for analysis, all Qodana Scan job results will be uploaded to your Qodana Cloud project. + +![Qodana Cloud](https://user-images.githubusercontent.com/13538286/214899046-572649db-fe62-49b2-a368-b5d07737c1c1.gif) ### SARIF SAST Scans Tab