sourcegraph
diff --git a/‎README.md‎
Lines changed: 61 additions & 2 deletions b/‎README.md‎
Lines changed: 61 additions & 2 deletions
diff --git a/‎images/screenshot_dark.png‎
231 KB b/‎images/screenshot_dark.png‎
231 KB
diff --git a/‎images/screenshot_light.png‎
234 KB b/‎images/screenshot_light.png‎
234 KB
diff --git a/‎package.json‎
Lines changed: 85 additions & 9 deletions b/‎package.json‎
Lines changed: 85 additions & 9 deletions
diff --git a/‎src/api.ts‎
Lines changed: 132 additions & 0 deletions b/‎src/api.ts‎
Lines changed: 132 additions & 0 deletions
@@ -1,3 +1,62 @@
-# sonarqube (Sourcegraph extension)
+# [Sonarqube](https://www.sonarqube.org/) Sourcegraph extension
 
-.
+Show Sonarqube issues when browsing files on Sourcegraph.
+
+<p>
+<picture>
+<source srcset="https://raw.githubusercontent.com/sourcegraph/sourcegraph-sonarqube/main/images/screenshot_dark.png" media="(prefers-color-scheme: dark)">
+<source srcset="https://raw.githubusercontent.com/sourcegraph/sourcegraph-sonarqube/main/images/screenshot_light.png" media="(prefers-color-scheme: light)">
+<img src="https://raw.githubusercontent.com/sourcegraph/sourcegraph-sonarqube/main/images/screenshot_light.png" alt="Screenshot">
+</picture>
+</p>
+
+➡️ Try it out on [github.com/apache/struts](https://sourcegraph.com/github.com/apache/struts/-/blob/apps/rest-showcase/src/main/java/org/demo/rest/example/OrdersController.java)
+
+You can toggle decorations with the Sonarqube button in the action toolbar.
+Each decoration links to the issue on Sonarqube.
+
+## Configuration
+
+The extension can be configured through JSON in user, organization or global settings.
+
+```jsonc
+{
+  // Configure the extension to use a private Sonarqube instance.
+  // By default, Sonarcloud is used.
+  "sonarqube.instanceUrl": "https://sonarcloud.io/",
+  // An API token to the Sonarqube instance, if needed.
+  "sonarqube.apiToken": "...",
+
+  // The Sonarqube extension needs to map the repository on Sourcegraph to a project inside an organization on
+  // Sonarqube. The default settings work for most projects on Sonarcloud, but if you have a custom setup, you
+  // can configure the following settings.
+
+  // This regular expression is matched on the repository name. The values from the capture groups are
+  // available in the templates below.
+  "sonarqube.repositoryNamePattern": "(?:^|/)([^/]+)/([^/]+)$",
+  // This template is used to form the Sonarqube organization key.
+  // By default, the second-last part of the repository name (first capture group above) is used as-is.
+  // E.g. "apache" from "github.com/apache/struts".
+  "sonarqube.organizationKeyTemplate": "$1",
+  // This template is used to form the Sonarqube project key.
+  // By default, the second-last and last part of the repository name (first and second capture groups above)
+  // are joined by an underscore.
+  // E.g. "apache_struts" from "github.com/apache/struts".
+  "sonarqube.projectKeyTemplate": "$1_$2",
+
+  // CORS headers are necessary for the extension to fetch data, but Sonarqube does not send them by default.
+  // Here you can customize the URL to an HTTP proxy that adds CORS headers.
+  // By default Sourcegraph's CORS proxy is used.
+  "sonarqube.corsAnywhereUrl": "https://cors-anywhere.herokuapp.com"
+}
+```
+
+## Limitations
+
+The current commit viewed on Sourcegraph may not be analyzed on Sonarqube.
+If that is the case, the extension will fallback to the latest analysis available on Sonarqube on the default branch.
+This may result in decorations being off in some files if those files differ between the commit being viewed and the one analyzed on Sonarqube.
+
+---
+
+SONARQUBE is a trademark belonging to SonarSource SA.
@@ -1,29 +1,102 @@
 {
-  "$schema": "https://raw.githubusercontent.com/sourcegraph/sourcegraph/master/shared/src/schema/extension.schema.json",
+  "$schema": "https://raw.githubusercontent.com/sourcegraph/sourcegraph/main/client/shared/src/schema/extension.schema.json",
   "name": "sonarqube",
-  "description": "",
+  "description": "Show Sonarqube issues when browsing files on Sourcegraph",
   "publisher": "sourcegraph",
+  "icon": "data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' viewBox='0 0 512 512'%3E%3Cdefs/%3E%3Crect width='512' height='512' fill='%23549dd0'/%3E%3Cdefs%3E%3Crect id='a' y='0' width='512' height='512'/%3E%3C/defs%3E%3CclipPath id='b'%3E%3Cuse xlink:href='%23a' overflow='visible'/%3E%3C/clipPath%3E%3Cpath d='M409 448h-22c0-179-148-325-330-325v-22c194 0 352 155 352 347' clip-path='url(%23b)' fill='%23fff'/%3E%3Cg%3E%3Cdefs%3E%3Crect id='c' y='0' width='512' height='512'/%3E%3C/defs%3E%3CclipPath id='d'%3E%3Cuse xlink:href='%23c' overflow='visible'/%3E%3C/clipPath%3E%3Cpath d='M424 329A335 335 0 00192 89l5-18a354 354 0 01245 253l-18 5z' clip-path='url(%23d)' fill='%23fff'/%3E%3C/g%3E%3Cg%3E%3Cdefs%3E%3Crect id='e' y='0' width='512' height='512'/%3E%3C/defs%3E%3CclipPath id='f'%3E%3Cuse xlink:href='%23e' overflow='visible'/%3E%3C/clipPath%3E%3Cpath d='M441 223c-27-60-74-113-132-148l8-12c60 36 109 91 138 154l-14 6z' clip-path='url(%23f)' fill='%23fff'/%3E%3C/g%3E%3C/svg%3E",
   "activationEvents": [
     "*"
   ],
-  "wip": true,
-  "categories": [],
-  "tags": [],
+  "wip": false,
+  "categories": [
+    "External services"
+  ],
+  "tags": [
+    "Sonarqube"
+  ],
   "contributes": {
-    "actions": [],
+    "actions": [
+      {
+        "id": "sonarqube.showIssuesOnCodeViews.toggle",
+        "command": "updateConfiguration",
+        "commandArguments": [
+          [
+            "sonarqube.showIssuesOnCodeViews"
+          ],
+          "${!(config.sonarqube.showIssuesOnCodeViews !== false)}",
+          null,
+          "json"
+        ],
+        "title": "${get(context, 'sonarqube.errorMessage') || (config.sonarqube.showIssuesOnCodeViews && \"Hide inline Sonarqube issues\" || \"Show inline Sonarqube issues\")}",
+        "category": "Sonarqube",
+        "actionItem": {
+          "description": "${get(context, 'sonarqube.errorMessage') || (config.sonarqube.showIssuesOnCodeViews && \"Hide inline Sonarqube issues\" || \"Show inline Sonarqube issues\")}",
+          "iconURL": "data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' viewBox='0 0 512 512'%3E%3Cdefs/%3E%3Crect width='512' height='512' fill='%23${get(context, 'sonarqube.errorMessage') && \"999\" || \"549dd0\"}'/%3E%3Cdefs%3E%3Crect id='a' y='0' width='512' height='512'/%3E%3C/defs%3E%3CclipPath id='b'%3E%3Cuse xlink:href='%23a' overflow='visible'/%3E%3C/clipPath%3E%3Cpath d='M409 448h-22c0-179-148-325-330-325v-22c194 0 352 155 352 347' clip-path='url(%23b)' fill='%23fff'/%3E%3Cg%3E%3Cdefs%3E%3Crect id='c' y='0' width='512' height='512'/%3E%3C/defs%3E%3CclipPath id='d'%3E%3Cuse xlink:href='%23c' overflow='visible'/%3E%3C/clipPath%3E%3Cpath d='M424 329A335 335 0 00192 89l5-18a354 354 0 01245 253l-18 5z' clip-path='url(%23d)' fill='%23fff'/%3E%3C/g%3E%3Cg%3E%3Cdefs%3E%3Crect id='e' y='0' width='512' height='512'/%3E%3C/defs%3E%3CclipPath id='f'%3E%3Cuse xlink:href='%23e' overflow='visible'/%3E%3C/clipPath%3E%3Cpath d='M441 223c-27-60-74-113-132-148l8-12c60 36 109 91 138 154l-14 6z' clip-path='url(%23f)' fill='%23fff'/%3E%3C/g%3E%3C/svg%3E",
+          "pressed": "config.sonarqube.showIssuesOnCodeViews"
+        }
+      }
+    ],
     "menus": {
-      "editor/title": [],
+      "editor/title": [
+        {
+          "action": "sonarqube.showIssuesOnCodeViews.toggle",
+          "when": "resource"
+        }
+      ],
       "commandPalette": []
     },
-    "configuration": {}
+    "configuration": {
+      "type": "object",
+      "properties": {
+        "sonarqube.showIssuesOnCodeViews": {
+          "description": "Whether to show Sonarqube issues inline on code views.",
+          "type": "boolean",
+          "default": true
+        },
+        "sonarqube.instanceUrl": {
+          "description": "The URL to the Sonarqube instance.",
+          "type": "string",
+          "default": "https://sonarcloud.io/"
+        },
+        "sonarqube.apiToken": {
+          "description": "The API authentication token for the Sonarqube instance, if needed.",
+          "type": "string"
+        },
+        "sonarqube.corsAnywhereUrl": {
+          "description": "The URL to a CORS proxy.",
+          "type": "string",
+          "default": "https://cors-anywhere.herokuapp.com"
+        },
+        "sonarqube.repositoryNamePattern": {
+          "description": "Regular expression with that is matched on the repository name to extract the capture groups for organization and project key templates.",
+          "type": "string",
+          "format": "regex",
+          "default": "(?:^|/)([^/]+)/([^/]+)$"
+        },
+        "sonarqube.organizationKeyTemplate": {
+          "description": "Replace string to build the organization key from the repository name pattern, using $n references for capture groups. By default just uses the first capture group",
+          "type": "string",
+          "default": "$1"
+        },
+        "sonarqube.projectKeyTemplate": {
+          "description": "Replace string to build the project key from the repository name pattern, using $n references for capture groups.",
+          "type": "string",
+          "default": "$1_$2"
+        }
+      }
+    }
   },
   "version": "0.0.0-DEVELOPMENT",
   "license": "Apache-2.0",
   "main": "dist/sonarqube.js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/sourcegraph/sourcegraph-sonarqube"
+  },
   "scripts": {
     "eslint": "eslint 'src/**/*.ts'",
     "typecheck": "tsc -p tsconfig.json",
-    "build": "parcel build --out-file dist/sonarqube.js src/sonarqube.ts",
+    "build": "parcel build --out-file dist/sonarqube.js src/sonarqube.ts --no-minify",
     "symlink-package": "mkdirp dist && lnfs ./package.json ./dist/package.json",
     "serve": "yarn run symlink-package && parcel serve --no-hmr --out-file dist/sonarqube.js src/sonarqube.ts",
     "watch:typecheck": "tsc -p tsconfig.json -w",
@@ -45,5 +118,8 @@
     "parcel-bundler": "^1.12.4",
     "sourcegraph": "^24.7.0",
     "typescript": "^4.0.3"
+  },
+  "dependencies": {
+    "rxjs": "^6.6.3"
   }
 }
@@ -0,0 +1,132 @@
+export interface ApiOptions {
+    sonarqubeApiUrl: URL
+
+    /** API authentication token */
+    apiToken?: string
+}
+
+interface FetchIssuesOptions extends ApiOptions {
+    componentKeys: string[]
+    branch?: string
+}
+
+type Qualifier = 'FIL' | 'UTS' | 'DIR' | 'TRK' | 'BRC'
+
+interface Component {
+    organization: string
+    key: string
+    name: string
+    qualifier: Qualifier
+    language: string
+    project: string
+}
+
+export type IssueType = 'BUG' | 'VULNERABILITY' | 'CODE_SMELL'
+
+export type Severity = 'MINOR' | 'MAJOR' | 'CRITICAL' | 'BLOCKER'
+
+export interface Issue {
+    key: string
+    rule: string
+    severity: Severity
+    component: string
+    project: string
+    line: number
+    hash: string
+    textRange: {
+        startLine: number
+        endLine: number
+        startOffset: number
+        endOffset: number
+    }
+    flows: []
+    status: string
+    message: string
+    effort: string
+    debt: string
+    tags: string[]
+    creationDate: string
+    updateDate: string
+    type: IssueType
+    organization: string
+    fromHotspot: false
+}
+
+async function fetchApi(path: string, searchParameters: URLSearchParams, options: ApiOptions): Promise<any> {
+    const url = new URL(path, options.sonarqubeApiUrl)
+    url.search = searchParameters.toString()
+    const headers = new Headers()
+    if (options.apiToken) {
+        headers.set('Authorization', 'Basic ' + btoa(options.apiToken + ':'))
+    }
+    const response = await fetch(url.href, { headers })
+    if (!response.ok) {
+        if (response.headers.get('Content-Type')?.includes('json')) {
+            const { errors } = (await response.json()) as { errors: { msg: string }[] }
+            if (errors.length === 1) {
+                throw new Error(errors[0].msg)
+            }
+            throw new AggregateError(
+                errors.map(error => new Error(error.msg)),
+                errors.map(error => error.msg).join('\n')
+            )
+        }
+        throw new Error(response.statusText)
+    }
+    const result = await response.json()
+    return result
+}
+
+export async function searchComponents(
+    options: ApiOptions & { query: string; organization: string }
+): Promise<Component[]> {
+    const searchParameters = new URLSearchParams()
+    searchParameters.set('organization', options.organization)
+    searchParameters.set('qualifiers', 'FIL,UTS')
+    searchParameters.set('q', options.query)
+    const result = await fetchApi('api/components/search', searchParameters, options)
+    return result.components
+}
+
+export async function searchIssues(options: FetchIssuesOptions): Promise<Issue[]> {
+    const searchParameters = new URLSearchParams()
+    // Comma-separated list of component keys. Retrieve issues associated to a specific list of components (and all
+    // its descendants). A component can be a project, directory or file.
+    searchParameters.set('componentKeys', options.componentKeys.join(','))
+    if (options.branch) {
+        searchParameters.set('branch', options.branch)
+    }
+    const result = await fetchApi('api/issues/search', searchParameters, options)
+    return result.issues
+}
+
+export interface Branch {
+    name: string
+    isMain: boolean
+    /** Long-lived or short-lived */
+    type: 'LONG' | 'SHORT'
+    status: {
+        qualityGateStatus: 'ERROR' | 'OK'
+        bugs?: number
+        vulnerabilities?: number
+        codeSmells?: number
+    }
+    analysisDate: string
+    commit: {
+        sha: string
+        author: {
+            name: string
+            login: string
+            avatar: string
+        }
+        date: string
+        message: string
+    }
+}
+
+export async function listBranches(options: { project: string } & ApiOptions): Promise<Branch[]> {
+    const searchParameters = new URLSearchParams()
+    searchParameters.set('project', options.project)
+    const result = await fetchApi('api/project_branches/list', searchParameters, options)
+    return result.branches
+}