-
Notifications
You must be signed in to change notification settings - Fork 0
Github Add Ons
I went through the marketplace on Github to see what I could find that was useful.
Since I am using CircleCI as my CI runner it was only natural to add this to my Github. Below is what the app does for you on Github.
See the status of your CircleCI workflows under the Pull Request Checks tab in the GitHub UI. With checks enabled, users will now be able to go to the Checks tab in GitHub to view the full hierarchy and status of CircleCI builds.
This is great because it will check to see if your PR even builds. Not to mention Circle CI runs on their site every time you check in code.
Dependabot is owned by Github. This is great for Maven builds as it looks through your pom.xml and sees what needs to be updated and then submits a pull request to update to the latest version. This helps with Security but make sure your project still builds properly. Good thing I have CircleCI to check it.
Bellow is part of the description Dependabot says about itslef.
Dependabot helps you keep your dependencies secure and up to date. It works with most popular languages - you can see full details of the languages we support here.
Each day:
- Dependabot will scan your dependency files, looking for outdated requirements.
- If any of your dependencies are out of date Dependabot will open pull requests to bump each one, including changelog links and release notes.
- You check the linked changelog and release notes, and hit merge.
I mostly added slack so I could see a running dialog of my commits and other things. It is a nice integration. With Zapier you can even do digest.
Sonar Cloud is brought to you by the same people who make SonarQube and SonarLint. I use the lint in my IDE to help keep my code clean and this is no exception. Sonar Cloud goes over your code and analyzies your code quality. This is free for all public projects.
SonarCloud is the leading product for Continuous Code Quality online, totally free for open-source projects. It supports all major programming languages, including Java, JavaScript, TypeScript, C#, C/C++ and many more. If your code is closed source, SonarCloud also offers a paid plan to run private analyses.
This SonarCloud GitHub application makes it simpler than ever to onboard new code repositories in SonarCloud, get your pull requests decorated with detected quality issues, and invite your team members to collaborate.
This looks through your code to find vulnerabilities and then submits issues tickets into your repo. This allows you to be aware and track issues.
Snyk also tracks and looks at vulnerabilities but it will add pull request if they can be fixed and runs inside Github Checks so you can see if you are introducing a new vulnerability.
A developer-first solution that automates finding & fixing vulnerabilities in your dependencies
Codefactor reviews your code for best practices. If you don't have a code reviewer for you at least you can try an automated one and one that runs inside Github Checks.