Skip to content

Commit

Permalink
BUILD-6086: Release pipeline to push to test project
Browse files Browse the repository at this point in the history
Signed-off-by: Jayadeep Kinavoor Madam <[email protected]>
  • Loading branch information
jayadeep-km-sonarsource committed Aug 29, 2024
1 parent c475603 commit a32868e
Show file tree
Hide file tree
Showing 3 changed files with 239 additions and 0 deletions.
76 changes: 76 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
name: sonar-release
# This workflow is triggered when publishing a new github release
on:
release:
types:
- published

env:
PYTHONUNBUFFERED: 1

jobs:
release:
permissions:
id-token: write
contents: write
uses: SonarSource/gh-action_release/.github/workflows/main.yaml@v5
with:
publishToBinaries: false
mavenCentralSync: false
slackChannel: squad-ide-visualstudio

deploy_to_microsoft_marketplace:
permissions:
id-token: write
contents: write
runs-on: windows-latest
name: Deploy to Visual Studio marketplace
# TODO: Uncomment this once releasability checks are confirmed to be working
# needs: release
env:
RELEASE_TAG: ${{ github.event.release.tag_name }}
steps:
- uses: actions/checkout@v3
- name: Get vault secrets
id: secrets
uses: SonarSource/vault-action-wrapper@v3
with:
secrets: |
development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
development/kv/data/visualstudio VSCE_TOKEN | VCSE_TOKEN
- name: Setup JFrog
uses: SonarSource/jfrog-setup-wrapper@907e87c3d2081a98d2ab8cb03284ee6711f1ee83 # tag=3.2.3
with:
jfrogAccessToken: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}

- name: Create local directory
id: local_repo
shell: bash
run: echo "dir=$(mktemp -d repo.XXXXXXXX)" >> $GITHUB_OUTPUT

- name: Get the version
id: get_version
shell: bash
run: |
IFS=. read -r major minor patch build <<< "$RELEASE_TAG"
echo "build=${build}" >> $GITHUB_OUTPUT
echo "version=${major}.${minor}.${patch}" >> $GITHUB_OUTPUT
- name: Download Artifacts
uses: SonarSource/gh-action_release/download-build@master
with:
build-number: ${{ steps.get_version.outputs.build }}
local-repo-dir: ${{ steps.local_repo.outputs.dir }}
# TODO: Change this to sonarsource-public-releases once releasability checks are confirmed to be working
remote-repo: sonarsource-public-builds
flat-download: true
download-checksums: false

- name: Publish extension to Marketplace
uses: cezarypiatek/[email protected]
with:
extension-file: ${{ steps.local_repo.outputs.dir }}\SonarLint.VSIX-${{env.RELEASE_TAG}}-2022.vsix
# TODO: Rename VS2022Test to VS20202 when doing actual release
publish-manifest-file: MarketPlaceFiles\VS2022Test\manifest-2022.json
personal-access-code: ${{ fromJSON(steps.secrets.outputs.vault).VCSE_TOKEN }}
13 changes: 13 additions & 0 deletions MarketPlaceFiles/VS2022Test/manifest-2022.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"$schema": "http://json.schemastore.org/vsix-publish",
"categories": [ "Coding", "Programming Languages", "Security" ],
"identity": {
"internalName": "SonarLintforVisualStudio2022Test"
},
"overview": "overview-2022.md",
"priceCategory": "free",
"publisher": "SonarSource",
"private": true,
"qna": false,
"repo": "https://github.com/SonarSource/sonarlint-visualstudio"
}
150 changes: 150 additions & 0 deletions MarketPlaceFiles/VS2022Test/overview-2022.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
## **SonarLint: Your first line of defense for quality and secure code**

SonarLint helps you detect and fix Bugs, Code Smells, and Security Vulnerabilities in-IDE.

It supports C#, VB.NET, C, C++, JS, and TS. The extension highlights coding flaws on the fly and provides clear guidance to fix issues before code is committed.

## **What is SonarLint**

SonarLint is a **_Free_** and **_Open Source_** IDE extension that identifies and helps you fix Code Quality and Code Security issues as you code. Analogous to a spell checker, SonarLint squiggles flaws and provides real-time feedback and clear remediation guidance so you can deliver clean code from the get-go.

SonarLint for Visual Studio is more than your average linting tool.



* Scans code written in C#, VB.NET, C, C++, Javascript, TypeScript.
* Open source JavaScript, TypeScript, C# & VB.NET code analyzers.
* C and C++ support for Application, Dynamic Library and Static Library types of MSBuild (.vcxproj) projects
* Deep code analysis algorithms using pattern matching and dataflow analysis
* Hundreds of language-specific static code analysis rules, and growing
* In-context help and remediation guidance with detailed examples

Highlights issues in your code, tells you why they are harmful, and how they should be fixed


SonarLint provides Visual Studio developers a comprehensive in-IDE solution for improving the quality and security of the code they deliver.

[Learn More](https://www.sonarsource.com/products/sonarlint/features/visual-studio/)


![sonarlint-warnings](https://raw.githubusercontent.com/wiki/SonarSource/sonarlint-visualstudio/images/Marketplace/squiggly.png)

## **Get Started with SonarLint**

After you download SonarLint, simply open a project, start coding and SonarLint will start analyzing your issues.

You can also check out the [SonarLint documentation here](https://docs.sonarsource.com/sonarlint/visual-studio/).

![sonarlint-installation](https://raw.githubusercontent.com/wiki/SonarSource/sonarlint-visualstudio/images/Marketplace/2022-install.PNG)


## **Why SonarLint**

With unparalleled support for C#, VB.NET, C, C++, JavaScript, and TypeScript, SonarLint performs on-the-fly smart analysis to ensure that the code you deliver is always high quality and secure.



* **Instant feedback on coding issues**

SonarLint provides immediate feedback on Bugs, Code Smells, and Security Vulnerabilities as you code.

* **Hundreds of language-specific rules with clear guidance**

SonarLint provides you with all the information on why the highlighted issue is problematic and how to fix it. With clear remediation guidance and plenty of detailed examples, addressing issues is simple and intuitive.


Check out the language specific rules:


<table>
<tr>
<td>
C#
</td>
<td><a href="https://rules.sonarsource.com/csharp">View Rules</a>
</td>
</tr>
<tr>
<td>VB.NET
</td>
<td><a href="https://rules.sonarsource.com/vbnet">View Rules</a>
</td>
</tr>
<tr>
<td>JavaScript
</td>
<td><a href="https://rules.sonarsource.com/javascript">View Rules</a>
</td>
</tr>
<tr>
<td>TypeScript
</td>
<td><a href="https://rules.sonarsource.com/typescript">View Rules</a>
</td>
</tr>
<tr>
<td>C++
</td>
<td><a href="https://rules.sonarsource.com/cpp">View Rules</a>
</td>
</tr>
<tr>
<td>C
</td>
<td><a href="https://rules.sonarsource.com/c">View Rules</a>
</td>
</tr>
</table>




* **Fast and Precise Analysis**

High precision analysis means fewer false positives and false negatives, providing consistent, reliable results.

* **Helps you grow in your development journey**

Aside from detecting issues and providing useful cues to fix the issues, the insights provided by SonarLint support better code ownership so that as a developer you will begin to recognize those mistakes and remember to prevent them in the future.



## **SonarLint for Teams**

SonarLint works great as a standalone tool but you can take it to the next level by connecting it with [SonarQube](https://www.sonarqube.org/) or [SonarCloud](https://sonarcloud.io/). SonarQube and SonarCloud analyze Pull Requests and branches in your DevOps platform (BitBucket, GitHub, Microsoft Azure, GitLab) and perform non-disruptive code quality and security checks to reliably track your codebase health.

The 'connected mode' configuration ties SonarLint's continuous Code Quality and Code Security analysis from IDE to the entire CI/CD workflow and back again to your IDE.



* **Common expectations for Code Quality and Code Security**

Applied rules and analysis settings from SonarQube/SonarCloud are extended to SonarLint so that teams can coalesce on a shared definition of code health.

* **More rule coverage**

When paired with SonarQube or SonarCloud, you can benefit from additional rules for security vulnerabilities and security hotspots in IDE to identify issues earlier.

* **Smart notifications for improved quality and delivery**

'Connected mode' sends smart alerts to individuals/teams when new issues are discovered. With everyone in the loop, issues can be addressed promptly, improving the overall software quality and delivery.



## **Connect with our Community**

Have questions or need to report issues or provide suggestions? Stay connected with us on the [SonarSource Community Forum](https://community.sonarsource.com/).


## **Our strong open source commitment**

Since 2007 to present, SonarSource has invested in working closely with our community to provide code quality and security tooling that directly empower developers to deliver better software.

Check out the [source code on GitHub](https://github.com/SonarSource/sonarlint-visualstudio) or view our [issue tracker.](https://github.com/SonarSource/sonarlint-visualstudio/issues) If you are interested in contributing, visit our [contributing page](https://github.com/SonarSource/sonarlint-visualstudio/blob/master/CONTRIBUTING.md).


## **License**

Copyright 2016-2024 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0

0 comments on commit a32868e

Please sign in to comment.