Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "SonarQube"
(→Setting up SonarQube/SonarCloud for Eclipse.org projects) |
|||
(17 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
+ | [[File:Sonarqube.png]] | ||
+ | |||
== About code quality analysis == | == About code quality analysis == | ||
Line 10: | Line 12: | ||
* more welcoming to new contributors | * more welcoming to new contributors | ||
− | It is also a mandatory step for projects willing to enter the [https://polarsys.org/wiki/Maturity_Assessment_WG PolarSys Maturity Assessment], as the analysis process relies on code metrics extracted by | + | It is also a mandatory step for projects willing to enter the [https://polarsys.org/wiki/Maturity_Assessment_WG PolarSys Maturity Assessment], as the analysis process relies on code metrics extracted by SonarQube. |
=== How? === | === How? === | ||
− | Code quality analysis mainly relies on a set of tools that look at your code and give you hints. The most famous tools are Findbugs, PMD, Checkstyle; but also code coverage tools such as | + | Code quality analysis mainly relies on a set of tools that look at your code and give you hints. The most famous tools are Findbugs, PMD, Checkstyle; but also code coverage tools such as JaCoCo. JDT itself provides very powerful quality checks, but there are not enabled by default. You should go to Error/Warnings in preferences and replace all "ignore" by "Warning". You can (and should) enable such tools in IDE. |
Code quality can also be analyzed out of the IDE, running those tools and using their reports to find out the "hot spots" in your code. | Code quality can also be analyzed out of the IDE, running those tools and using their reports to find out the "hot spots" in your code. | ||
− | === About | + | === About SonarQube === |
− | [ | + | [https://www.sonarqube.org/ SonarQube] (formerly known as Sonar) is an open-source product which is used to gather several metrics about code quality, put them all in a single dashboard, and provide some tips to help you making your code better, more sustainable, more reliable, less bugged. |
− | + | [https://www.sonarcloud.io SonarCloud.io] is the "cloud"-version of SonarQube hosted by SonarSource. | |
− | + | ||
− | + | ||
− | == Setting up SonarQube for Eclipse.org projects == | + | == Setting up SonarQube/SonarCloud for Eclipse.org projects == |
− | + | {{important|Eclipse SonarQube server has been shutdown in early September 2020 | Due to relatively low demand and to reduce our maintenance overhead, we retired the Eclipse SonarQube server (https://sonar.eclipse.org/) in early September 2020. We will support projects to migrate to https://sonarcloud.io.<br> Please open a Bugzilla issue (Product: Community, Component: Sonar) for this. }} | |
− | + | If your project wants to use [https://www.sonarcloud.io SonarCloud.io], please open a [https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Sonar Bugzilla issue] to request it. Please specify for which exact project this should be setup. | |
− | The | + | The webmaster/releng team will create the respective [https://www.sonarcloud.io SonarCloud.io] repository for your project and set up the SONARCLOUD_TOKEN on your project's Jenkins instance. |
− | + | === Usage === | |
− | + | The project must either have a [[Jenkins|Jenkins instance]] or use [https://travis-ci.com Travis CI]. See [[Jenkins#Requesting_a_JIPP_instance|how to get a dedicated JIPP]]. You should first setup a normal build to make sure the project compiles correctly. | |
− | + | In Jenkins your build job needs to be modified as follows: | |
− | * | + | *Job config |
− | * | + | **“Use secret text(s) or file(s) |
+ | ***Add -> Secret text | ||
+ | ****Select “SonarCloud token” | ||
+ | ****Variable: SONARCLOUD_TOKEN | ||
− | + | *"Prepare SonarQube Scanner environment" option needs to be enabled | |
− | + | *In Maven build step, Goals: | |
+ | <source lang="bash" style="border:1px solid;padding: 5px; margin: 5px;"> | ||
+ | clean verify -B sonar:sonar | ||
+ | -Dsonar.projectKey=org.eclipse.cbi.examples:cbi-example-parent | ||
+ | -Dsonar.organization=eclipse-cbi | ||
+ | -Dsonar.host.url=${SONAR_HOST_URL} | ||
+ | -Dsonar.login=${SONARCLOUD_TOKEN} | ||
+ | </source> | ||
+ | <code>sonar.projectKey</code> and <code>sonar.organization</code> will need to be adapted individually. | ||
− | + | Running <tt>mvn sonar:sonar</tt> in your Maven build will result in the following flow of actions: | |
+ | # The Maven SonarQube plugin will locally analyze code and generate reports from many analyzers | ||
+ | # The Maven SonarQube plugin will push those reports to SonarCloud | ||
− | |||
− | + | [https://sonarcloud.io/organizations/eclipse Several Eclipse projects] already have quality reports enabled. You can drill-down on code to see annotations on each class, or navigate through the different widgets on the dashboard to focus on specific issues. | |
− | + | === Permissions === | |
− | + | By default only Eclipse Webmaster can administrate the analysis projects on [https://www.sonarcloud.io SonarCloud.io]. If you need admin permissions on some analysis projects, please open a bug on [https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Sonar Bugzilla], specifying which analysis projects you want to administrate. The name of the analysis must be close enough to the project's name. If you are not the project lead, don't forget to ask him/her for a +1. | |
− | + | === Note === | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | The initial documentation referenced Mickael Istria's blog entry at http://mickaelistria.wordpress.com/2012/10/08/sonar-at-eclipse-org/ . The information in it regarding the Eclipse process is outdated, but the article is still a good reading to understand how SonarQube works and what it can bring to you. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | The initial documentation referenced Mickael Istria's blog entry at http://mickaelistria.wordpress.com/2012/10/08/sonar-at-eclipse-org/ . The information in it regarding the Eclipse process is outdated, but the article is still a good reading to understand how | + | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
=== Bugzilla === | === Bugzilla === | ||
Line 89: | Line 76: | ||
* Open issues: https://bugs.eclipse.org/bugs/buglist.cgi?list_id=6604883&classification=Eclipse%20Foundation&query_format=advanced&component=Sonar&product=Community | * Open issues: https://bugs.eclipse.org/bugs/buglist.cgi?list_id=6604883&classification=Eclipse%20Foundation&query_format=advanced&component=Sonar&product=Community | ||
* User to follow to get notified of new bugs on Sonar component: sonar-inbox@eclipse.org | * User to follow to get notified of new bugs on Sonar component: sonar-inbox@eclipse.org | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 06:39, 9 September 2020
Contents
About code quality analysis
Why?
Code quality analysis helps you to make your code:
- less error-prone
- more sustainable
- more reliable
- more readable
- more welcoming to new contributors
It is also a mandatory step for projects willing to enter the PolarSys Maturity Assessment, as the analysis process relies on code metrics extracted by SonarQube.
How?
Code quality analysis mainly relies on a set of tools that look at your code and give you hints. The most famous tools are Findbugs, PMD, Checkstyle; but also code coverage tools such as JaCoCo. JDT itself provides very powerful quality checks, but there are not enabled by default. You should go to Error/Warnings in preferences and replace all "ignore" by "Warning". You can (and should) enable such tools in IDE.
Code quality can also be analyzed out of the IDE, running those tools and using their reports to find out the "hot spots" in your code.
About SonarQube
SonarQube (formerly known as Sonar) is an open-source product which is used to gather several metrics about code quality, put them all in a single dashboard, and provide some tips to help you making your code better, more sustainable, more reliable, less bugged.
SonarCloud.io is the "cloud"-version of SonarQube hosted by SonarSource.
Setting up SonarQube/SonarCloud for Eclipse.org projects
If your project wants to use SonarCloud.io, please open a Bugzilla issue to request it. Please specify for which exact project this should be setup.
The webmaster/releng team will create the respective SonarCloud.io repository for your project and set up the SONARCLOUD_TOKEN on your project's Jenkins instance.
Usage
The project must either have a Jenkins instance or use Travis CI. See how to get a dedicated JIPP. You should first setup a normal build to make sure the project compiles correctly.
In Jenkins your build job needs to be modified as follows:
- Job config
- “Use secret text(s) or file(s)
- Add -> Secret text
- Select “SonarCloud token”
- Variable: SONARCLOUD_TOKEN
- Add -> Secret text
- “Use secret text(s) or file(s)
- "Prepare SonarQube Scanner environment" option needs to be enabled
- In Maven build step, Goals:
clean verify -B sonar:sonar -Dsonar.projectKey=org.eclipse.cbi.examples:cbi-example-parent -Dsonar.organization=eclipse-cbi -Dsonar.host.url=${SONAR_HOST_URL} -Dsonar.login=${SONARCLOUD_TOKEN}
sonar.projectKey
and sonar.organization
will need to be adapted individually.
Running mvn sonar:sonar in your Maven build will result in the following flow of actions:
- The Maven SonarQube plugin will locally analyze code and generate reports from many analyzers
- The Maven SonarQube plugin will push those reports to SonarCloud
Several Eclipse projects already have quality reports enabled. You can drill-down on code to see annotations on each class, or navigate through the different widgets on the dashboard to focus on specific issues.
Permissions
By default only Eclipse Webmaster can administrate the analysis projects on SonarCloud.io. If you need admin permissions on some analysis projects, please open a bug on Bugzilla, specifying which analysis projects you want to administrate. The name of the analysis must be close enough to the project's name. If you are not the project lead, don't forget to ask him/her for a +1.
Note
The initial documentation referenced Mickael Istria's blog entry at http://mickaelistria.wordpress.com/2012/10/08/sonar-at-eclipse-org/ . The information in it regarding the Eclipse process is outdated, but the article is still a good reading to understand how SonarQube works and what it can bring to you.
Bugzilla
- Open issues: https://bugs.eclipse.org/bugs/buglist.cgi?list_id=6604883&classification=Eclipse%20Foundation&query_format=advanced&component=Sonar&product=Community
- User to follow to get notified of new bugs on Sonar component: sonar-inbox@eclipse.org