diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000000..e19e66417e --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,76 @@ +name: sonar-release +# This workflow is triggered when publishing a new github release +on: + release: + types: + - published + +env: + PYTHONUNBUFFERED: 1 + +jobs: + release: + permissions: + id-token: write + contents: write + uses: SonarSource/gh-action_release/.github/workflows/main.yaml@v5 + with: + publishToBinaries: false + mavenCentralSync: false + slackChannel: squad-ide-visualstudio + + deploy_to_microsoft_marketplace: + permissions: + id-token: write + contents: write + runs-on: windows-latest + name: Deploy to Visual Studio marketplace + # TODO: Uncomment this once releasability checks are confirmed to be working + # needs: release + env: + RELEASE_TAG: ${{ github.event.release.tag_name }} + steps: + - uses: actions/checkout@v3 + - name: Get vault secrets + id: secrets + uses: SonarSource/vault-action-wrapper@v3 + with: + secrets: | + development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN; + development/kv/data/visualstudio VSCE_TOKEN | VCSE_TOKEN + + - name: Setup JFrog + uses: SonarSource/jfrog-setup-wrapper@907e87c3d2081a98d2ab8cb03284ee6711f1ee83 # tag=3.2.3 + with: + jfrogAccessToken: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }} + + - name: Create local directory + id: local_repo + shell: bash + run: echo "dir=$(mktemp -d repo.XXXXXXXX)" >> $GITHUB_OUTPUT + + - name: Get the version + id: get_version + shell: bash + run: | + IFS=. read -r major minor patch build <<< "$RELEASE_TAG" + echo "build=${build}" >> $GITHUB_OUTPUT + echo "version=${major}.${minor}.${patch}" >> $GITHUB_OUTPUT + + - name: Download Artifacts + uses: SonarSource/gh-action_release/download-build@master + with: + build-number: ${{ steps.get_version.outputs.build }} + local-repo-dir: ${{ steps.local_repo.outputs.dir }} + # TODO: Change this to sonarsource-public-releases once releasability checks are confirmed to be working + remote-repo: sonarsource-public-builds + flat-download: true + download-checksums: false + + - name: Publish extension to Marketplace + uses: cezarypiatek/VsixPublisherAction@1.1 + with: + extension-file: ${{ steps.local_repo.outputs.dir }}\SonarLint.VSIX-${{env.RELEASE_TAG}}-2022.vsix + # TODO: Rename VS2022Test to VS20202 when doing actual release + publish-manifest-file: MarketPlaceFiles\VS2022Test\manifest-2022.json + personal-access-code: ${{ fromJSON(steps.secrets.outputs.vault).VCSE_TOKEN }} diff --git a/MarketPlaceFiles/VS2022Test/manifest-2022.json b/MarketPlaceFiles/VS2022Test/manifest-2022.json new file mode 100644 index 0000000000..dfbb31eed5 --- /dev/null +++ b/MarketPlaceFiles/VS2022Test/manifest-2022.json @@ -0,0 +1,13 @@ +{ + "$schema": "http://json.schemastore.org/vsix-publish", + "categories": [ "Coding", "Programming Languages", "Security" ], + "identity": { + "internalName": "SonarLintforVisualStudio2022Test" + }, + "overview": "overview-2022.md", + "priceCategory": "free", + "publisher": "SonarSource", + "private": true, + "qna": false, + "repo": "https://github.com/SonarSource/sonarlint-visualstudio" +} diff --git a/MarketPlaceFiles/VS2022Test/overview-2022.md b/MarketPlaceFiles/VS2022Test/overview-2022.md new file mode 100644 index 0000000000..d6df5d9e8e --- /dev/null +++ b/MarketPlaceFiles/VS2022Test/overview-2022.md @@ -0,0 +1,150 @@ +## **SonarLint: Your first line of defense for quality and secure code** + +SonarLint helps you detect and fix Bugs, Code Smells, and Security Vulnerabilities in-IDE. + +It supports C#, VB.NET, C, C++, JS, and TS. The extension highlights coding flaws on the fly and provides clear guidance to fix issues before code is committed. + +## **What is SonarLint** + +SonarLint is a **_Free_** and **_Open Source_** IDE extension that identifies and helps you fix Code Quality and Code Security issues as you code. Analogous to a spell checker, SonarLint squiggles flaws and provides real-time feedback and clear remediation guidance so you can deliver clean code from the get-go. + +SonarLint for Visual Studio is more than your average linting tool. + + + +* Scans code written in C#, VB.NET, C, C++, Javascript, TypeScript. +* Open source JavaScript, TypeScript, C# & VB.NET code analyzers. +* C and C++ support for Application, Dynamic Library and Static Library types of MSBuild (.vcxproj) projects +* Deep code analysis algorithms using pattern matching and dataflow analysis +* Hundreds of language-specific static code analysis rules, and growing +* In-context help and remediation guidance with detailed examples + + Highlights issues in your code, tells you why they are harmful, and how they should be fixed + + +SonarLint provides Visual Studio developers a comprehensive in-IDE solution for improving the quality and security of the code they deliver. + +[Learn More](https://www.sonarsource.com/products/sonarlint/features/visual-studio/) + + +![sonarlint-warnings](https://raw.githubusercontent.com/wiki/SonarSource/sonarlint-visualstudio/images/Marketplace/squiggly.png) + +## **Get Started with SonarLint** + +After you download SonarLint, simply open a project, start coding and SonarLint will start analyzing your issues. + +You can also check out the [SonarLint documentation here](https://docs.sonarsource.com/sonarlint/visual-studio/). + +![sonarlint-installation](https://raw.githubusercontent.com/wiki/SonarSource/sonarlint-visualstudio/images/Marketplace/2022-install.PNG) + + +## **Why SonarLint** + +With unparalleled support for C#, VB.NET, C, C++, JavaScript, and TypeScript, SonarLint performs on-the-fly smart analysis to ensure that the code you deliver is always high quality and secure. + + + +* **Instant feedback on coding issues** + + SonarLint provides immediate feedback on Bugs, Code Smells, and Security Vulnerabilities as you code. + +* **Hundreds of language-specific rules with clear guidance** + + SonarLint provides you with all the information on why the highlighted issue is problematic and how to fix it. With clear remediation guidance and plenty of detailed examples, addressing issues is simple and intuitive. + + + Check out the language specific rules: + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+C# + View Rules +
VB.NET + View Rules +
JavaScript + View Rules +
TypeScript + View Rules +
C++ + View Rules +
C + View Rules +
+ + + + +* **Fast and Precise Analysis** + + High precision analysis means fewer false positives and false negatives, providing consistent, reliable results. + +* **Helps you grow in your development journey** + + Aside from detecting issues and providing useful cues to fix the issues, the insights provided by SonarLint support better code ownership so that as a developer you will begin to recognize those mistakes and remember to prevent them in the future. + + + +## **SonarLint for Teams** + +SonarLint works great as a standalone tool but you can take it to the next level by connecting it with [SonarQube](https://www.sonarqube.org/) or [SonarCloud](https://sonarcloud.io/). SonarQube and SonarCloud analyze Pull Requests and branches in your DevOps platform (BitBucket, GitHub, Microsoft Azure, GitLab) and perform non-disruptive code quality and security checks to reliably track your codebase health. + +The 'connected mode' configuration ties SonarLint's continuous Code Quality and Code Security analysis from IDE to the entire CI/CD workflow and back again to your IDE. + + + +* **Common expectations for Code Quality and Code Security** + + Applied rules and analysis settings from SonarQube/SonarCloud are extended to SonarLint so that teams can coalesce on a shared definition of code health. + +* **More rule coverage** + + When paired with SonarQube or SonarCloud, you can benefit from additional rules for security vulnerabilities and security hotspots in IDE to identify issues earlier. + +* **Smart notifications for improved quality and delivery** + + 'Connected mode' sends smart alerts to individuals/teams when new issues are discovered. With everyone in the loop, issues can be addressed promptly, improving the overall software quality and delivery. + + + +## **Connect with our Community** + +Have questions or need to report issues or provide suggestions? Stay connected with us on the [SonarSource Community Forum](https://community.sonarsource.com/). + + +## **Our strong open source commitment** + +Since 2007 to present, SonarSource has invested in working closely with our community to provide code quality and security tooling that directly empower developers to deliver better software. + +Check out the [source code on GitHub](https://github.com/SonarSource/sonarlint-visualstudio) or view our [issue tracker.](https://github.com/SonarSource/sonarlint-visualstudio/issues) If you are interested in contributing, visit our [contributing page](https://github.com/SonarSource/sonarlint-visualstudio/blob/master/CONTRIBUTING.md). + + +## **License** + +Copyright 2016-2024 SonarSource. + +Licensed under the GNU Lesser General Public License, Version 3.0 \ No newline at end of file