Coder Social home page Coder Social logo

sonarqube-scans-testing's Introduction

Token for sonarqube analysis

  • First generate a sonarqube token to make a project analyzable
SONARQUBE_TOKEN: sqp_ab3d5a0eb6afe219462f3876b146ab9d6d6602c8
  • Replace the places mentioned as SONARQUBE_TOKEN with the actual token in the following guide

Utilizing the Sonar Scanner for gradle for performing analysis

  1. Set up the build.gradle file
plugins {
  id "org.sonarqube" version "4.2.1.3168"
}
  1. Execute the following code in the cmd
./gradlew sonar
  -Dsonar.projectKey=sonarqube-ballerina-testing
  -Dsonar.host.url=http://localhost:9000
  -Dsonar.token=SONARQUBE_TOKEN
  1. Alternatively you can set those in as a gradle task
sonar {
    properties {
        property("sonar.projectKey", "sonarqube-ballerina-testing")
        property("sonar.host.url", "http://localhost:9000")
    }
}
  • then run the following command
gradlew sonar -Dsonar.token=SONARQUBE_TOKEN
  • OR
set SONAR_TOKEN=SONARQUBE_TOKEN
gradlew sonar

Notes regarding the gradle application plugin

  1. This plugin automatically sets up the sonar properties required to do a proper analysis of code and send the results to the sonarQube server

  2. This plugin is required to perform analysis on compiled languages

  3. Once executed, sonar scanner temporarily creates an analysis log in the .scannerwork directory that contains details of the scanners that are already coming ready with it, these analysers are the ones responsible for generating the reports that are then sent to sonarQube

Utilizing the Sonar Scanner for performing analysis

  1. Download the Sonar Scanner

  2. Create a sonar-project.properties file in the root directory so that the scan will be triggered for the entire project

sonar.projectKey=sonarqube-ballerina-testing
sonar.sources=.
sonar.host.url=http://localhost:9000
sonar.login=SONARQUBE_TOKEN

Procedure for invoking scans for various language source files

For Java/Kotlin/Scala source files:

  1. Set up the Java/Kotlin/Scala plugins
plugins {
  // For Java
  id "application"
  // For Kotlin
  id "org.jetbrains.kotlin.jvm" version "1.9.10"
  // For Scala
  id 'scala'
}
  1. Set up the Java/Kotlin/Scala dependencies
dependencies {
    // For Running Kotlin files
    implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"

    // For Running Scala files
    implementation 'org.scala-lang:scala3-library_3:3.0.1'
}
  1. Set up the sourceSets property (Specific to Scala)
sourceSets {
    main {
        scala {
            srcDirs = ['src/main/scala']
        }
        java {
            srcDirs = ['src/main/java']
        }
    }
}

  1. Set up Sonar Scanner for Gradle

  2. Execute the gradle sonar command

gradlew sonar
  1. No further actions are required, and analysis results will be visible in SonarQube

For Golang source files:

  1. Perform the sonar scan through any sonar-scanner CLI

  2. The analysis will be taken care of automatically without any further steps

Inclusion of test and coverage reports for Go:

  1. Provide the following in the sonar-project.properties file:
#sonar.tests=.
# Remove go tests files from being in sonar scans directly
sonar.exclusions=**/*_test.go

# Explicitly add go test files to be included in the sonar.test instead
sonar.test.inclusions=**/*_test.go

# Providing absolutely path for generated coverage report required before scans
 sonar.go.coverage.reportPaths="C:\\Users\\Tharana Wanigaratne\\Desktop\\BalWorkFile\\SonarQube-scans-testing\\test-go-project\\coverage.out"

# Providing absolutely path for generated test report required before scans
 sonar.go.tests.reportPaths="C:\\Users\\Tharana Wanigaratne\\Desktop\\BalWorkFile\\SonarQube-scans-testing\\test-go-project\\test-report.json"
  1. navigate into the go project
cd test-go-project
  1. Create a coverage report using the following command
go test -coverprofile=coverage.out
  1. Create a test report using the following command
go test -json > test-report.json

For JS/Python source files:

  1. Perform the sonar scan through any sonar-scanner CLI

  2. The analysis will be taken care of automatically without any further steps

Debugging a SonarQube Project

Initiating the debug from the scanner side:

From sonar scanner cli (Suitable for non compiled languages)

  1. set the following sonar env variable with the debug option:
set SONAR_SCANNER_OPTS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=8000"
  1. Run the sonar-scanner
sonar-scanner

From sonar scanner for gradle (Suitable for compiled languages)

  1. Execute the following command
gradlew sonar -Dorg.gradle.debug=true --no-daemon -Dorg.gradle.debug.port=8000

Setting up debug points in the plugins:

  1. Create a breakpoint in the required java project class file with a java remote debug configuration set up

  2. Click the debug icon, to start debugging

Initiating a debug for the scanner:

For sonar scanner cli:

  1. Clone the relevant sonar scanner version from here

  2. set following env variable for debug option

set SONAR_SCANNER_OPTS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=8000"
  1. Run the sonar-scanner

For sonar scanner for gradle:

  1. Clone the relevant sonar scanner version from here

  2. Execute the following command

gradlew sonar -Dorg.gradle.debug=true --no-daemon -Dorg.gradle.debug.port=8000
  1. It's possible to keep the execution reports of an analysis in the .scannerwork directory without deleting them with the following property // sonar.scanner.keepReport=true

Setting up debug points in the scanners:

  1. Create a breakpoint in the required java project class file with a java remote debug configuration set up

  2. Click the debug icon, to start debugging

sonarqube-scans-testing's People

Contributors

xenowa avatar

Forkers

lamprinii

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.