diff --git a/config/_default/menus/menus.en.yaml b/config/_default/menus/menus.en.yaml index 81bfdd64f9e52..2c2f497423b5a 100644 --- a/config/_default/menus/menus.en.yaml +++ b/config/_default/menus/menus.en.yaml @@ -2708,6 +2708,11 @@ main: parent: static_analysis identifier: static_analysis_github_actions weight: 103 + - name: GitHub Pull Requests + url: static_analysis/github_pull_requests + parent: static_analysis + identifier: static_analysis_github_prs + weight: 103 - name: Quality Gates url: quality_gates/ pre: ci diff --git a/content/en/static_analysis/_index.md b/content/en/static_analysis/_index.md index e48da7d6bac5a..fa8119cd1c6be 100644 --- a/content/en/static_analysis/_index.md +++ b/content/en/static_analysis/_index.md @@ -39,12 +39,17 @@ Using Static Analysis provides organizations with the following benefits: ## Integrations -### CI Providers +### CI providers {{< whatsnext desc="With Static Analysis, you can integrate feedback on code reviews for various languages in any CI platform provider of choice. See the documentation for information about the following integrations:">}} {{< nextlink href="continuous_integration/static_analysis/circleci_orbs" >}}CircleCI Orbs{{< /nextlink >}} {{< nextlink href="continuous_integration/static_analysis/github_actions" >}}GitHub Actions{{< /nextlink >}} {{< /whatsnext >}} +### Source code management +{{< whatsnext desc="During code reviews, source code management (SCM) integrations check for Static Analysis violations in pull requests for repos that have at least one ruleset applied. Violations are flagged with a comment on the relevant line of code. Certain violations also include suggested changes that can be applied directly in the UI of the SCM tool." >}} + {{< nextlink href="static_analysis/github_pull_requests" >}}GitHub Pull Requests{{< /nextlink >}} +{{< /whatsnext >}} + ### IDEs {{< whatsnext desc="With Static Analysis, you can get real-time feedback as you edit a file in your Integrated Development Environment (IDE). See the documentation for information about the following integrations:">}} {{< nextlink href="developers/ide_integrations/idea/" >}}Datadog Plugin for IntelliJ IDEA{{< /nextlink >}} diff --git a/content/en/static_analysis/github_pull_requests.md b/content/en/static_analysis/github_pull_requests.md new file mode 100644 index 0000000000000..e62a41207e2ab --- /dev/null +++ b/content/en/static_analysis/github_pull_requests.md @@ -0,0 +1,77 @@ +--- +title: GitHub Pull Requests +kind: documentation +description: Learn how to use Static Analysis in GitHub pull requests. +further_reading: +- link: "/integrations/github/" + tag: "Documentation" + text: "Learn about the GitHub integration" +- link: "/static_analysis/" + tag: "Documentation" + text: "Learn about Static Analysis" +--- + +## Overview + +Static Analysis can automatically flag rule violations in pull requests on GitHub. To configure the [GitHub integration][2] to include Static Analysis features, see [the setup instructions](#set-up-static-analysis-for-github-pull-requests). + +During code reviews on GitHub, the integration checks for Static Analysis violations in pull requests for repos that have at least one ruleset applied. Violations are flagged with a review comment on the relevant line of code. + +{{< img src="ci/static-analysis-pr-comment-example.png" alt="Example of a Static Analysis comment on a pull request" style="width:90%;" >}} + +The comment includes the name, ID, severity, category, and description of the violation. Certain violations also include suggested changes that can be applied directly in the GitHub UI. + +## Set up Static Analysis for GitHub pull requests + +### Enable Static Analysis on Datadog + +To use Datadog Static Analysis, add the appropriate configuration files to your repository, as described in the [setup instructions][1]. + +### Configure a GitHub App + +To use Static Analysis on GitHub, you can do one of the following: + +- Create a GitHub App in Datadog. +- Update an existing GitHub App, if you have already created one in Datadog. + +The permissions you grant to the GitHub App determine which [GitHub integration][2] features are available for setup. + +#### Create and install a GitHub App + +1. In Datadog, navigate to [**Integrations > GitHub Applications > Add New GitHub Application**][3]. +1. Fill out any required details, such as the GitHub organization name. +1. Under **Select Features**, check the **Static Analysis: Pull Request Review Comments** box. +1. Under **Edit Permissions**, verify that the **Pull Requests** permission is set to **Read & Write**. +1. Click **Create App in GitHub**. +1. Enter a name for your app, and submit it. +1. Click **Install GitHub App**. +1. Choose which repositories the app should be installed into, then click **Install & Authorize**. + +{{< img src="ci/static-analysis-install-github-app.png" alt="GitHub App installation screen" style="width:50%;" >}} + +#### Update an existing GitHub App + +1. In Datadog, navigate to [**Integrations > GitHub Applications**][5], and search for the GitHub App you want to use for Static Analysis. +{{< img src="ci/static-analysis-existing-github-app.png" alt="Example of a Static Analysis comment on a pull request" style="width:90%;" >}} +1. On the **Features** tab, look at the **Static Analysis: Pull Request Comments** section to determine whether your GitHub App needs additional permissions. If so, click **Update permissions in GitHub** to edit the app settings. +1. Under **Repository permissions**, set the **Pull Requests** access to **Read and write**. +{{< img src="ci/static-analysis-pr-read-write-permissions.png" alt="The dropdown for the pull request read and write permission" style="width:90%;" >}} +1. Under the **Subscribe to events** heading, check the **Pull request** box. +{{< img src="ci/static-analysis-pr-review-comment.png" alt="The checkbox for the pull request review comment permission" style="width:90%;" >}} + +### Enable Static Analysis PR comments for your repositories + +1. In Datadog, navigate to [**CI Settings** > **Static Analysis Settings**][4]. +1. Click the toggle switch next to a given repository to enable **GitHub Comments**. In the example below, comments are enabled for the `demo-static-analysis-gates` repository. + +{{< img src="ci/static-analysis-github-comments.png" alt="Example of a Static Analysis comment on a pull request" style="width:100%;" >}} + +## Further Reading + +{{< partial name="whats-next/whats-next.html" >}} + +[1]: /static_analysis#setup +[2]: /integrations/github/ +[3]: https://app.datadoghq.com/integrations/github/add +[4]: https://app.datadoghq.com/ci/settings/static-analysis +[5]: https://app.datadoghq.com/integrations/github/configuration \ No newline at end of file diff --git a/static/images/ci/static-analysis-existing-github-app.png b/static/images/ci/static-analysis-existing-github-app.png new file mode 100644 index 0000000000000..5497a44250a46 Binary files /dev/null and b/static/images/ci/static-analysis-existing-github-app.png differ diff --git a/static/images/ci/static-analysis-github-comments.png b/static/images/ci/static-analysis-github-comments.png new file mode 100644 index 0000000000000..143a9278915a3 Binary files /dev/null and b/static/images/ci/static-analysis-github-comments.png differ diff --git a/static/images/ci/static-analysis-install-github-app.png b/static/images/ci/static-analysis-install-github-app.png new file mode 100644 index 0000000000000..2a28df899d2f4 Binary files /dev/null and b/static/images/ci/static-analysis-install-github-app.png differ diff --git a/static/images/ci/static-analysis-pr-comment-example.png b/static/images/ci/static-analysis-pr-comment-example.png new file mode 100644 index 0000000000000..9938940a5a893 Binary files /dev/null and b/static/images/ci/static-analysis-pr-comment-example.png differ diff --git a/static/images/ci/static-analysis-pr-read-write-permissions.png b/static/images/ci/static-analysis-pr-read-write-permissions.png new file mode 100644 index 0000000000000..fbd0ca35f08e3 Binary files /dev/null and b/static/images/ci/static-analysis-pr-read-write-permissions.png differ diff --git a/static/images/ci/static-analysis-pr-review-comment.png b/static/images/ci/static-analysis-pr-review-comment.png new file mode 100644 index 0000000000000..0c4f16b247413 Binary files /dev/null and b/static/images/ci/static-analysis-pr-review-comment.png differ