Foreword
In the previous articles of this series we looked at how to add tests and how to run them automatically via the CI/CD; we configured in GitHub Actions. In this article we’ll continue to improve the quality of our project using Sonarqube.
What are Sonarcloud and Sonarqube
More information could be found in this post
Integration in Java project with Gradle
Declare plugin
- Add plugin
1plugins {
2 id("org.sonarqube") version "4.1.0.3113"
3}
- Add configuration
1sonar {
2 properties {
3 property "sonar.projectkey", "happraisal"
4 property "sonar.projectName", "happraisal"
5 property "sonar.host.url", "http://localhost:9000"
6 property "sonar.coverage.jacoco.xmlReportPaths", "build/reports/jacoco/all-tests/jacocoAllTestReport.xml"
7 property "sonar.sources", "src/main,build.gradle,gradle"
8 property "sonar.tests", "src/test,src/integration-test,src/system-test"
9 property "sonar.junit.reportPaths", "build/test-results/test,build/test-results/integrationTest,build/test-results/systemTest"
10 }
11}
Export results
From IntelliJ, via configuration or terminal you can execute:
1clean build jacocoTestReport sonar -Dsonar.login=<<YOUR_ID>> -Dsonar.password=<<YOU_PASSWORD>>
If you have created a token you can run
1./gradlew clean build jacocoTestReport sonar -Dsonar.login=<<TOUR_TOKEN>>
Multi module
In multi-module projects each module must execute its own sonar task.
Tools around Sonar
Sonar API
Sonar provides some APIs to manage projecst, quality profiles, quality gates and other.
You can find more details here . Before you can call these APIs, you have to create a token. You can use http capable tools such as Postman or curl.
To create a token, login to the SonarQube or SonarCloud web user interface and go to your profile, then go to the security tab and create a token.
For some APIs such as
- /api/qualitygates/select
- /api/projects/search
you have to create a token with administrator authorizations.
SonarLint
SonarLint is a tool that can be used to analyze source code.
Configuration
- Add a SonarLint plugin to IntelliJ
- Open the SonarLint settings in Tools/SonarLint menu
- Choose a connection type, for this article we chose SonarCloud.
- Click on the online service link to connect to Sonarcloud service
- Set the token or, if you don’t have one yet, create one from the link here
- Select your organization
By default, your organization is your GitHub account
- Check the Receive notifications from SonarCloud option
- Approve the creation
- Bind the project with the connection
How to use SonarLint
In IntelliJ there is a SonarLint window
In this window:
- From the Current File tab, you can analyze the file selected and displayed in IntelliJ
- From the Report tab, you can analyse just the changed files or all the files in the project.
If you have any remarks on the content or the form, you can leave a comment…it is by exchanging that we progress.
Author : Emmanuel Quinton Reviewer : Daniele Cremonini
Comments