Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "SonarQube"

(/s/hudson/jenkins/g/)
(14 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 +
[[File:Sonarqube.png]]
 +
 
== About code quality analysis ==
 
== About code quality analysis ==
  
Line 10: Line 12:
 
* more welcoming to new contributors
 
* more welcoming to new contributors
  
It is also a mandatory step for projects willing to enter the [https://polarsys.org/wiki/Maturity_Assessment_WG PolarSys Maturity Assessment], as the analysis process relies on code metrics extracted by Sonar.
+
It is also a mandatory step for projects willing to enter the [https://polarsys.org/wiki/Maturity_Assessment_WG PolarSys Maturity Assessment], as the analysis process relies on code metrics extracted by SonarQube.
  
 
=== How? ===
 
=== How? ===
  
Code quality analysis mainly relies on a set of tools that look at your code and give you hints. The most famous tools are Findbugs, PMD, Checkstyle; but also code coverage tools such as Jacoco. JDT itself provides very powerful quality checks, but there are not enabled by default. You should go to Error/Warnings in preferences and replace all "ignore" by "Warning". You can (and should) enable such tools in IDE.
+
Code quality analysis mainly relies on a set of tools that look at your code and give you hints. The most famous tools are Findbugs, PMD, Checkstyle; but also code coverage tools such as JaCoCo. JDT itself provides very powerful quality checks, but there are not enabled by default. You should go to Error/Warnings in preferences and replace all "ignore" by "Warning". You can (and should) enable such tools in IDE.
  
 
Code quality can also be analyzed out of the IDE, running those tools and using their reports to find out the "hot spots" in your code.
 
Code quality can also be analyzed out of the IDE, running those tools and using their reports to find out the "hot spots" in your code.
  
=== About Sonar ===
+
=== About SonarQube ===
  
[http://www.sonarsource.org/ Sonar] is an open-source product which is used to gather several metrics about code quality, put them all in a single dashboard, and provide some tips to help you making your code better, more sustainable, more reliable, less bugged.
+
[https://www.sonarqube.org/ SonarQube] (formerly known as Sonar) is an open-source product which is used to gather several metrics about code quality, put them all in a single dashboard, and provide some tips to help you making your code better, more sustainable, more reliable, less bugged.
  
Enable Hudson Sonar plugin on your job or running <tt>mvn sonar:sonar</tt> on your Maven build will result in the following flow of actions:
+
Enable Jenkins SonarQube plugin on your job or running <tt>mvn sonar:sonar</tt> on your Maven build will result in the following flow of actions:
# Sonar will locally analyze code and generate reports from many analyzers
+
# SonarQube will locally analyze code and generate reports from many analyzers
# Sonar will push those reports to the Sonar dashboard
+
# SonarQube will push those reports to the SonarQube dashboard
  
 
== Setting up SonarQube for Eclipse.org projects ==
 
== Setting up SonarQube for Eclipse.org projects ==
Line 30: Line 32:
 
=== Usage ===
 
=== Usage ===
  
Sonar can be found on https://dev.eclipse.org/sonar . [https://dev.eclipse.org/sonar/all_projects Several projects] already have quality reports enabled. You can drill-down on code to see Sonar annotations on each class, or navigate through the different widgets on the dashboard to focus on specific issues.
+
SonarQube can be found on https://sonar.eclipse.org . [https://sonar.eclipse.org/all_projects Several projects] already have quality reports enabled. You can drill-down on code to see SonarQube annotations on each class, or navigate through the different widgets on the dashboard to focus on specific issues.
  
=== Enable Sonar for your project ===
+
The project must have a [[Jenkins|Jenkins instance]]. See [[Jenkins#Requesting_a_JIPP_instance|how to get a dedicated JIPP]]. You should first setup a normal build to make sure the project compiles correctly.
  
The only prerequisite for projects is to use [https://eclipse.org/tycho/ Tycho] as a building tool, which allows to automatically retrieve all information about the build and its dependencies. Please note that for now Buckminster is '''not''' supported for Sonar analysis at Eclipse.
+
Optional: it may be a good thing to add a SonarQube goal in your pom.xml, so you can run the SonarQube analyser whenever you want, independently of the Jenkins build.  
  
The project must have a [[Hudson|Hudson instance]]. See [[Hudson#Requesting_a_HIPP_instance|how to get a dedicated HIPP]]. You should first setup a normal build to make sure the project compiles correctly.  
+
There are two ways to setup SonarQube on Jenkins for your project, depending on the build tool used: Tycho builds can use the SonarQube/Maven integration, while other tools (e.g. Buckminster) have to setup a SonarQube Runner build step.
  
Optional: it may be a good thing to add a sonar goal in your pom.xml, so you can run the sonar analyser whenever you want independently of the Hudson build.  
+
You can check the SonarQube documentation for the plugin here:
 +
* https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins
  
Once done, a dedicated job has to be defined for the quality analysis -- because you don't want to execute Sonar everytime the project is built. In the update center, install the Sonar plugin and restart the Hudson instance. Then [https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community post a new bug entry in the community bugzilla] to ask an administrator to add the Eclipse Sonar instance parameters to the Sonar plugin.
+
=== Enable SonarQube for your project with Tycho ===
+
The initial documentation referenced Mickael Istria's blog entry at http://mickaelistria.wordpress.com/2012/10/08/sonar-at-eclipse-org/ . The information in it regarding the Eclipse process is outdated, but the article is still a good reading to understand how sonar works and what it can bring to you.
+
  
=== Permissions on Sonar ===
+
The only prerequisite for this method is to use [https://eclipse.org/tycho/ Tycho] as a building tool, which allows to automatically retrieve all information about the build and its dependencies.
  
Sonar is currently (and will remain) public to all, but only an admin can log it. So it's not yet possible to store user preferences or be made an administrator on a project. Follow bug [https://bugs.eclipse.org/bugs/show_bug.cgi?id=391343 391343] for more details.
+
A dedicated job has to be defined for the quality analysis -- because you don't want to execute SonarQube every time the project is built. In the update center, install the Sonar plugin and restart the Jenkins instance. In the job configuration, check the SonarQube post-build action, click on advanced and fulfill the fields according to your project configuration. The following example screenshot shows the [https://ci.eclipse.org/emfcompare/job/master-quality/configure configuration used by the emf-compare project].
  
== Infrastructure and maintenance ==
+
[[File:Hudson_sonar_emfcompare.png|SonarQube post-build action in Jenkins]]
  
Sonar is installed on a VM accessible from inside Eclipse infrastructure and with hostname sonar. It uses its embedded Jetty server to publish to HTTP, and uses a PostgreSQL database on the same VM.
+
Then [https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community post a new bug entry in the community bugzilla] to ask an administrator to add the Eclipse SonarQube instance parameters to the Sonar plugin.
 +
 
 +
=== Permissions ===
 +
 
 +
SonarQube is currently (and will remain) public to all and by default only Eclipse Webmaster can administrate the analysis projects. If you need admin permissions on some analysis projects, drop a bug on [https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Sonar bugzilla], specifying which analysis projects you want to administrate. The name of the analysis must be close enough to the project's name. If you are not the project lead your project, don't forget to ask him to +1 your request. The admin permissions will be granted for all committers on the project.
 +
 
 +
=== Note ===
 +
 
 +
The initial documentation referenced Mickael Istria's blog entry at http://mickaelistria.wordpress.com/2012/10/08/sonar-at-eclipse-org/ . The information in it regarding the Eclipse process is outdated, but the article is still a good reading to understand how SonarQube works and what it can bring to you.
 +
 
 +
== Infrastructure and maintenance ==
  
The database is made accessible from Eclipse.org servers and has a user for Sonar, and another user for Hudson. When running the Hudson Sonar plugin, the plugin uses this user to push to the Sonar database the metrics about your project.
+
SonarQube is installed on a VM accessible from inside Eclipse infrastructure. The database is made accessible from Eclipse.org servers and has a user for SonarQube, and another user for Jenkins. When running the Jenkins Sonar plugin, the plugin uses this user to push to the SonarQube database the metrics about your project.
  
 
=== Bugzilla ===
 
=== Bugzilla ===
Line 58: Line 69:
 
* Open issues: https://bugs.eclipse.org/bugs/buglist.cgi?list_id=6604883&classification=Eclipse%20Foundation&query_format=advanced&component=Sonar&product=Community  
 
* Open issues: https://bugs.eclipse.org/bugs/buglist.cgi?list_id=6604883&classification=Eclipse%20Foundation&query_format=advanced&component=Sonar&product=Community  
 
* User to follow to get notified of new bugs on Sonar component: sonar-inbox@eclipse.org
 
* User to follow to get notified of new bugs on Sonar component: sonar-inbox@eclipse.org
 
=== Restarting Sonar ===
 
 
# As ''root'', restart postgres with
 
<source lang="bash">
 
/etc/init.d/postgresql start
 
</source>
 
# Then, as sonar user, restart SonarQube
 
<source lang="bash">
 
# Assuming installed version is 3.7.1
 
$ cd sonar-3.7.1/bin/linux-x86-64
 
$ ./sonar.sh start
 
</source>
 
  
 
=== Maintenance notes ===
 
=== Maintenance notes ===

Revision as of 10:12, 17 July 2018

Sonarqube.png

About code quality analysis

Why?

Code quality analysis helps you to make your code:

  • less error-prone
  • more sustainable
  • more reliable
  • more readable
  • more welcoming to new contributors

It is also a mandatory step for projects willing to enter the PolarSys Maturity Assessment, as the analysis process relies on code metrics extracted by SonarQube.

How?

Code quality analysis mainly relies on a set of tools that look at your code and give you hints. The most famous tools are Findbugs, PMD, Checkstyle; but also code coverage tools such as JaCoCo. JDT itself provides very powerful quality checks, but there are not enabled by default. You should go to Error/Warnings in preferences and replace all "ignore" by "Warning". You can (and should) enable such tools in IDE.

Code quality can also be analyzed out of the IDE, running those tools and using their reports to find out the "hot spots" in your code.

About SonarQube

SonarQube (formerly known as Sonar) is an open-source product which is used to gather several metrics about code quality, put them all in a single dashboard, and provide some tips to help you making your code better, more sustainable, more reliable, less bugged.

Enable Jenkins SonarQube plugin on your job or running mvn sonar:sonar on your Maven build will result in the following flow of actions:

  1. SonarQube will locally analyze code and generate reports from many analyzers
  2. SonarQube will push those reports to the SonarQube dashboard

Setting up SonarQube for Eclipse.org projects

Usage

SonarQube can be found on https://sonar.eclipse.org . Several projects already have quality reports enabled. You can drill-down on code to see SonarQube annotations on each class, or navigate through the different widgets on the dashboard to focus on specific issues.

The project must have a Jenkins instance. See how to get a dedicated JIPP. You should first setup a normal build to make sure the project compiles correctly.

Optional: it may be a good thing to add a SonarQube goal in your pom.xml, so you can run the SonarQube analyser whenever you want, independently of the Jenkins build.

There are two ways to setup SonarQube on Jenkins for your project, depending on the build tool used: Tycho builds can use the SonarQube/Maven integration, while other tools (e.g. Buckminster) have to setup a SonarQube Runner build step.

You can check the SonarQube documentation for the plugin here:

Enable SonarQube for your project with Tycho

The only prerequisite for this method is to use Tycho as a building tool, which allows to automatically retrieve all information about the build and its dependencies.

A dedicated job has to be defined for the quality analysis -- because you don't want to execute SonarQube every time the project is built. In the update center, install the Sonar plugin and restart the Jenkins instance. In the job configuration, check the SonarQube post-build action, click on advanced and fulfill the fields according to your project configuration. The following example screenshot shows the configuration used by the emf-compare project.

SonarQube post-build action in Jenkins

Then post a new bug entry in the community bugzilla to ask an administrator to add the Eclipse SonarQube instance parameters to the Sonar plugin.

Permissions

SonarQube is currently (and will remain) public to all and by default only Eclipse Webmaster can administrate the analysis projects. If you need admin permissions on some analysis projects, drop a bug on bugzilla, specifying which analysis projects you want to administrate. The name of the analysis must be close enough to the project's name. If you are not the project lead your project, don't forget to ask him to +1 your request. The admin permissions will be granted for all committers on the project.

Note

The initial documentation referenced Mickael Istria's blog entry at http://mickaelistria.wordpress.com/2012/10/08/sonar-at-eclipse-org/ . The information in it regarding the Eclipse process is outdated, but the article is still a good reading to understand how SonarQube works and what it can bring to you.

Infrastructure and maintenance

SonarQube is installed on a VM accessible from inside Eclipse infrastructure. The database is made accessible from Eclipse.org servers and has a user for SonarQube, and another user for Jenkins. When running the Jenkins Sonar plugin, the plugin uses this user to push to the SonarQube database the metrics about your project.

Bugzilla

Maintenance notes

  • Database requires to be tweak to add some "GRANT" permissions to the sonar user. Sonar could start otherwise.
  • March 2013: https://bugs.eclipse.org/bugs/show_bug.cgi?id=407658 . Removed big log file and restarted Sonar,
  • July 2013: Got an OutOfMemory on Sonar side while running Platform-Sonar job. Increased max memory in conf/wrapper.conf and restarted Sonar.
  • July 2013: No space left on device. A lot of big memory dumps files in bin/linux-x86-64 consumed half of disk space. Removed them
  • October 2013: Migration to SonarQube 3.7.1 to provide compatibility with Maven
  • Reboot: INFO | jvm 1 | 2014/01/24 06:06:27 | java.lang.OutOfMemoryError

Back to the top