In order to improve the code quality, our team decided to install the SonarQube to do the static code analysis.
Easy Install
The installation can be done very easily using docker compose:
version: "2"
services:
sonarqube:
image: sonarqube
ports:
- "9002:9000"
environment:
- SONARQUBE_JDBC_URL=jdbc:postgresql://db:5432/sonar
volumes:
- ./sonarqube_conf:/opt/sonarqube/conf
- ./sonarqube_data:/opt/sonarqube/data
- ./sonarqube_extensions:/opt/sonarqube/extensions
- ./sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins
db:
image: postgres
environment:
- POSTGRES_USER=sonar
- POSTGRES_PASSWORD=sonar
volumes:
- ./postgresql:/var/lib/postgresql
# This needs explicit mapping due to https://github.com/docker-library/postgres/blob/4e48e3228a30763913ece952c611e5e9b95c8759/Dockerfile.template#L52
- ./postgresql_data:/var/lib/postgresql/data
There exists two things to be noticed:
- We didn’t specify
networksbecause docker compose will create a default bridge network for all services to communicate; - We use relative path like
./sonarqube_confto mount those data & config volume out;
Simple Run
After the installation, we can run mvn/gradle command to analyze code and submit report:
mvn sonar:sonar \
-Dsonar.host.url=$SONAR_URL \
-Dsonar.login=$SONAR_LOGIN
# $SONAR_LOGIN is the token generated in sonar `accoun-security` config
With Gitlab
Config Sonar
If we want to control the quality of new code, we need to control the merge request and this is where integrate Sonar. In order to integrate Sonar with Gitlab, we need to install Gitlab plugin in Sonar rather than install Sonar plugin in Gitlab.
The control flow is like following:
- User submit merge request;
- Gitlab run the Gitlab runner to do the CI of related repo;
- The CI run analyze command and submit report;
- The Sonar add comment about problems in new code under the merge request;
- Other colleague review the code and decide whether to accept the merge request;
In order to do it, we need to do the following configs in SonarQube:
- Sonar Gitlab plugin;
- Update settings:
- Add Gitlab user token;
- Add Gitlab URL;
- Add Gitlab api version: Notice – Gitlab 8.x need to use
v3;
- Sonar Java plugin;
Config Gitlab
- Install Gitlab runner
- Register runner
- Add
.gitlab.ci.ymlin your repo:
sonarqube_master_job:
stage: test
only:
- master
script:
- mvn --batch-mode verify sonar:sonar -Dsonar.host.url=$SONAR_URL -Dsonar.login=$SONAR_LOGIN
sonarqube_preview_feature_job:
stage: test
only:
- /^feature\/*/
script:
- git checkout origin/master - git merge $CI_COMMIT_SHA --no-commit --no-ff - mvn --batch-mode verify sonar:sonar -Dsonar.host.url=http://192.168.1.204:9002 -Dsonar.login=07d1235f70b084c6d08c4f3e3ff86fe84c3ee52e -Dsonar.analysis.mode=preview -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
Problem List
Wrong Variable
- As the Gitlab repo said, different version of Gitlab use different variable:
| GitLab 8.x name | GitLab 9.x name |
|---|---|
| CI_BUILD_REF | CI_COMMIT_SHA |
| CI_BUILD_REF_NAME | CI_COMMIT_REF_NAME |
No quality profiles have been found, you probably don’t have any language plugin installed
Lacking plugin will result in this error when run mvn command.
Gitlab runner fail to register
If met this error, check the detailed error in /var/log/gitlab/production.log to find real reason. In our case, it is version mismatch.
Ref
- Sonar Gitlab plugin install guide
- Failed to execute sonar plugin error
- Fail to register Gitlab runner: 404
- Compatibility chart
Written with StackEdit.
评论
发表评论