Just a quick post to let you know that the sonarqube server no longer requires direct database access to perform reports. As a result, we're finally able to open up the reporting feature to everyone. Members of our github group will automatically get the ability to create projects and submit reports upon logging in via github.
What is SonarQube
SonarQube is a utility for providing code qaulity reports. These include picking up common programming errors and style issues. It can provide historic data on previous reports and help to identify potentially problematic areas of your code. It supports multiple languages and profiles, but I will talk about the simplest use case in this post: A Java Maven project.
The container is set-up on its own subdomain (sonar.fossgalaxy.com) and can be easily integrated into maven projects (including ones built by the gitlab server).
Obtaining a security token
Once logged onto sonarqube, click on your name on the top right and go to "my account", then click security. Create a token and store it somewhere safe (like an environment variable in your
echo "export SONARQUBE_KEY=keygoeshere" >> ~/.bashrc
Running sonarqube on your maven project
Go to your project on the disk and run the sonarqube maven plugin, supplying the key stored in your environment variable. You could also store the server url in an environment variable to if you so wished.
# copy the below line exactly, it will use your key from the enviroment variable
mvn sonar:sonar -Dsonar.host.url=https://sonar.fossgalaxy.com -Dsonar.login=$SONARQUBE_KEY
You're not authorized to execute any Sonarqube analysis
If you see an error like below:
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.2:sonar (default-cli) on project fireworks: You're not authorized to execute any SonarQube analysis. Please contact your SonarQube administrator. -> [Help 1]
- make sure that your environment variable is set correctly, you can do this by echoing it in your terminal
- make you you have logged into sonarqube at least once as accounts are created on first login
- make sure you are a member of the github organisation and the "members" team inside the organisation, as this is how access is controlled.
Non-required extras to make life easier.
Automatic running with gitlab-ci
If you are using gitlab-ci, you can automate the running of the sonarqube plugin as part of your build, see the example gitlab-ci.yml script which the bot uses. If you want to do this, make sure that your key and the sonarqube host are set as secure variables in your build.
important: Contact me (webpigeon) if your project is shared (has multiple gitlab admins). I will use a restricted account on the sonarqube server rather than you using a key that grants access to your account for added security (using a personal key is fine for private projects).
alias sonar="mvn sonar:sonar -Dsonar.host.url=https://sonar.fossgalaxy.com -Dsonar.login=$SONARQUBE_KEY"
Code coverage reports for maven
You can get unit test code coverage reports by adding the following to your POM
<!-- other plugins go here -->
<!-- other plugins go here -->