Sonarqube server is live


#1

Hi everyone,

Just a quick post to let you know that the sonarqube server no longer requires direct database access to perform reports. As a result, we’re finally able to open up the reporting feature to everyone. Members of our github group will automatically get the ability to create projects and submit reports upon logging in via github.

What is SonarQube

SonarQube is a utility for providing code qaulity reports. These include picking up common programming errors and style issues. It can provide historic data on previous reports and help to identify potentially problematic areas of your code. It supports multiple languages and profiles, but I will talk about the simplest use case in this post: A Java Maven project.

Using Sonarqube

The container is set-up on its own subdomain (sonar.fossgalaxy.com) and can be easily integrated into maven projects (including ones built by the gitlab server).

Obtaining a security token

Once logged onto sonarqube, click on your name on the top right and go to “my account”, then click security. Create a token and store it somewhere safe (like an environment variable in your .bashrc)

echo "export SONARQUBE_KEY=keygoeshere" >> ~/.bashrc
source ~/.bashrc

Running sonarqube on your maven project

Go to your project on the disk and run the sonarqube maven plugin, supplying the key stored in your environment variable. You could also store the server url in an environment variable to if you so wished.

cd ~/Documents/my-project
# copy the below line exactly, it will use your key from the enviroment variable
mvn sonar:sonar -Dsonar.host.url=https://sonar.fossgalaxy.com -Dsonar.login=$SONARQUBE_KEY

Troubleshooting

You’re not authorized to execute any Sonarqube analysis

If you see an error like below:

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.2:sonar (default-cli) on project fireworks: You're not authorized to execute any SonarQube analysis. Please contact your SonarQube administrator. -> [Help 1]
  1. make sure that your environment variable is set correctly, you can do this by echoing it in your terminal echo $SONARQUBE_KEY
  2. make you you have logged into sonarqube at least once as accounts are created on first login
  3. make sure you are a member of the github organisation and [the “members” team]
    (https://github.com/orgs/unitycoders/teams/members) inside the organisation, as this is how access is controlled.

Extras

Non-required extras to make life easier.

Automatic running with gitlab-ci

If you are using gitlab-ci, you can automate the running of the sonarqube plugin as part of your build, see the example gitlab-ci.yml script which the bot uses. If you want to do this, make sure that your key and the sonarqube host are set as secure variables in your build.

important: Contact me (webpigeon) if your project is shared (has multiple gitlab admins). I will use a restricted account on the sonarqube server rather than you using a key that grants access to your account for added security (using a personal key is fine for private projects).

Bash alias

export SONARQUBE_KEY=keygoeshere
alias sonar="mvn sonar:sonar -Dsonar.host.url=https://sonar.fossgalaxy.com -Dsonar.login=$SONARQUBE_KEY"

Code coverage reports for maven

You can get unit test code coverage reports by adding the following to your POM

<build>
    <plugins>
<!-- other plugins go here -->
        <plugin>
            <groupId>org.jacoco</groupId>
            <artifactId>jacoco-maven-plugin</artifactId>
            <version>0.7.7.201606060606</version>
            <executions>
                <execution>
                    <id>jacoco-site</id>
                    <phase>jacoco-initialize</phase>
                    <goals>
                        <goal>prepare-agent</goal>
                    </goals>
                </execution>
                <execution>
                    <id>jacoco-site</id>
                    <phase>package</phase>
                    <goals>
                        <goal>report</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
<!-- other plugins go here -->
    </plugins>
</build>