static code analysis: introduce automated scans via SonarCloud
This adds Travis and Docker configurations for automated scans, both for master branch and internal PRs. External PRs won't be checked due to security concerns (and Travis limitation related to that) - GH and SonarCloud tokens are not propagated to those. An organization and project must be created in SonarCloud for reporting, as well as a technical GH user with mraa repo commit permission, to set PR statuses in the "checks" section. Signed-off-by: Alex Tereschenko <alext.mkrs@gmail.com>
This commit is contained in:
Alex Tereschenko
@@ -23,6 +23,7 @@ env:
|
||||
- TARGET=java BUILDARCH=MOCK
|
||||
- TARGET=node4 BUILDARCH=MOCK
|
||||
- TARGET=node5 BUILDARCH=MOCK
|
||||
- TARGET=sonar-scan
|
||||
|
||||
matrix:
|
||||
exclude:
|
||||
@@ -32,6 +33,8 @@ matrix:
|
||||
env: TARGET=java JSONPLAT=ON
|
||||
- compiler: clang
|
||||
env: TARGET=java BUILDARCH=MOCK
|
||||
- compiler: clang
|
||||
env: TARGET=sonar-scan
|
||||
allow_failures:
|
||||
- compiler: gcc
|
||||
env: TARGET=node4 JSONPLAT=ON
|
||||
|
||||
Reference in New Issue
Block a user