We have an Open Source project, Egeria GitHub - odpi/egeria: Open Metadata and Governance
Our ‘regular’ build pipeline is now via Github actions - we build with both maven and gradle (migrating to)
We do various builds triggered off a PR, and a few more (like updating snapshots) from merge
We still have a few ‘old’ pipelines on Azure DevOps, including a sonar build for sonarcloud (maven). This also captures code coverage from tests. It’s triggered off a merge
In the last year we’ve tried out GitHub’s ‘codeQL’ and integrated into our github actions/PR pipeline. This is nice as the dev gets results in-situ. However reviewing the backlog is unusable (just a list in github) and the detection of errors is not very good.
I’m wondering if we can get SonarCloud working in the same way? ie to insert PR-specific results
into the checks output / PR review.
I see automatic analysis isn’t supported for java, so this needs to be CI driven?
Ideally github action, but could be Azure devops too if we had to…!
Is it possible?