Skip to content

GHA-220 Add 'Rules updated' column to update-rule-metadata PR summary#123

Merged
nils-werner-sonarsource merged 7 commits intomasterfrom
ns/gha-220-pr-description-rules-updated
Mar 23, 2026
Merged

GHA-220 Add 'Rules updated' column to update-rule-metadata PR summary#123
nils-werner-sonarsource merged 7 commits intomasterfrom
ns/gha-220-pr-description-rules-updated

Conversation

@nils-werner-sonarsource
Copy link
Contributor

@nils-werner-sonarsource nils-werner-sonarsource commented Mar 20, 2026
edited
Loading

Summary

  • Adds a new Rules updated column to the PR summary table in the update-rule-metadata action
  • The column shows how many rule files (.html/.json, excluding sonarpedia.json) were actually changed in the PR per sonarpedia directory
  • The total row is updated to include the sum of updated rules across all sonarpedia directories

Test plan

  • Verify CI tests pass
  • Manually verify by triggering a rule metadata update on a downstream repo and checking the PR description contains both columns

🤖 Generated with Claude Code

@sonar-review-alpha
Copy link

sonar-review-alpha bot commented Mar 20, 2026
edited
Loading

Summary

This PR extracts the PR summary generation logic into a testable generate-summary.sh script and adds a new "Rules updated" column that counts how many rule files were actually changed per sonarpedia directory (via git diff), complementing the existing "Rules to update" count from the rule-api logs. The workflow gains a dedicated test job to validate the summary logic with unit tests covering flat, 2-level, and 3-level directory structures, deduplication, and edge cases.

What reviewers should know

Start here: Review generate-summary.sh first to understand the new logic. The script reads rule-api-logs.txt, parses directory paths now formatted as === PATH:... ===, counts rules from logs, then uses git diff --name-only HEAD to count unique changed files per directory (deduplicating .html and .json for the same rule ID).

Key decisions: The "Rules updated" count relies on git diff HEAD against staged changes, so it will vary depending on what's staged at summary-generation time. The script gracefully handles missing logs or zero-rule cases by outputting a simple fallback message.

Watch for: The path format in the logs changed from "meaningful" names (e.g., "security/java") to full literal paths (e.g., "=== PATH:frontend/java ==="), which simplifies parsing. This is why lines in action.yml extracting the dir name were replaced with the simpler echo "=== PATH:$dir ===" >> $log_file. The test file comprehensively covers directory depth variations (especially important for sonar-security's dotnet plugin style with 3+ levels) and rule deduplication.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Mar 20, 2026
edited by atlassian bot
Loading

GHA-220

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 20, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conclusion: There's a path-truncation bug that will cause the "Rules updated" count to silently show 0 for any analyzer with a sonarpedia directory more than two levels deep — which is the common case for Java-ecosystem analyzers.

🗣️ Give feedback

@nils-werner-sonarsource @claude
GHA-220 Add 'Rules updated' column to update-rule-metadata PR summary…
a2f8cff 
… table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@nils-werner-sonarsource nils-werner-sonarsource force-pushed the ns/gha-220-pr-description-rules-updated branch from f894adf to a2f8cff Compare March 23, 2026 07:53
sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 23, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conclusion: The "Rules updated" count will silently return 0 for any repo where sonarpedia directories are more than two levels deep — which is the common case for Java/analyzers repos. The root bug flagged in the previous review round is still present in this implementation.

🗣️ Give feedback

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 23, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

@nils-werner-sonarsource @claude
Fix test script path resolution and address SonarQube issues
df49c0f 
- Resolve SCRIPT to absolute path so it works after cd into temp dirs
- Add explicit return 0 to shell functions (S7682)
- Extract repeated literals into constants OLD_RULE_CONTENT and INITIAL_COMMIT_MSG (S1192)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 23, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

@nils-werner-sonarsource @claude
Temporarily point notify-slack to GHA-219 branch for testing
2bc3313 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 23, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conclusion: The core logic in generate-summary.sh is correct and well-tested across all directory depth variants. One blocking issue: the notify-slack reference must be reverted to @v1 before merge.

🗣️ Give feedback

@nils-werner-sonarsource @claude
Fix 'Rules updated' count to deduplicate by rule ID, not file count
fdf6888 
When a rule has both an .html and a .json file changed, it was previously
counted as 2 files. Now strips the extension and deduplicates by rule ID
before counting, so S1896.html + S1896.json = 1 rule updated.

Add a test case (Test 5) specifically covering this deduplication scenario.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 23, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conclusion: The deduplication logic and test coverage are solid. The quality gate is still failing with 2 new violations — those need to be resolved before merge. The Slack branch reference issue from the previous review also remains unfixed.

🗣️ Give feedback

@nils-werner-sonarsource @claude
Revert temporary notify-slack branch ref to @v1
4be4145 
The @ns/gha-219-slack-no-docker ref was used for integration testing.
Now that GHA-219 is being merged, switch to the stable @v1 tag.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 23, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

@nils-werner-sonarsource @claude
Extract NEW_RULE_CONTENT and UPDATED_JSON constants in test script
1bbe75e 
Avoids repeating the same string literals 4 times each, fixing
SonarQube Cloud S1192 issues on PR 123.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 23, 2026

SonarQube reviewer guide

Review in SonarQube

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 23, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SonarCloud false positives: The four MAJOR issues about missing explicit return statements (AZ0Z_SBhqViT6RaT21Af–Ai) are false positives — all four functions (assert_output_contains, run_test, init_git, run_script) already end with return 0. Similarly, the MINOR issues about '<rule>old</rule>' and 'initial' being used as literals (AZ0Z_SBhqViT6RaT21Aj–Ak) are false positives: OLD_RULE_CONTENT and INITIAL_COMMIT_MSG constants were already defined at lines 14–15 before this commit. All eight reported issues should be dismissed in SonarCloud.

🗣️ Give feedback

@nils-werner-sonarsource nils-werner-sonarsource merged commit cf5526f into master Mar 23, 2026
11 checks passed
@nils-werner-sonarsource nils-werner-sonarsource deleted the ns/gha-220-pr-description-rules-updated branch March 23, 2026 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

@yasen-pavlov-sonarsource yasen-pavlov-sonarsource yasen-pavlov-sonarsource approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nils-werner-sonarsource @yasen-pavlov-sonarsource