SonarQube is an open-source platform for continuous code quality inspection that uses static analysis to find defects, code smells, and security vulnerabilities in code written in more than 20 programming languages. Duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities are all covered by SonarQube reports.
In this article, we will integrate SonarQube in our P4D platform based on Jelastic PaaS, as a docker container and we will test integrating SonarQube with DevOps tools that we’ve already tested on the previous demos. First, let’s add a SonarQube server to our platform.
- Click the “New Environment” icon.
2. Head to the “Docker” section and click “Select Image”.
- Now on the search tab write “SonarQube” and choose SonarQube’s original image from Docker Hub, then click “Next”.
4. Now set your environment’s name and click “Create”.
- Once the environment is created open SonarQube in your browser and let’s login. (Credentials for the first login are username: “admin”, password “admin”).
6. You’ll be asked to set your own password :
- Now you’ll be redirected to your SonarQube Dashboard. We’ll start by creating a project. Choose the option “Manually”.
8. Set project name and project Key.
- Then choose “with Jenkins”.
- Now head to your Jenkins account and add the following configurations to your project. (We will use the same maven project that we set on the previous article for this demo.)
a. Install the “SonarQube Scanner” plugin.
i. Click “Manage Jenkins” then “Manage Plugins”.
ii. Look for the “SonarQube Scanner” plugin, check its box then click the “Install” button.
iii. Now that we installed the plugin let’s configure it. Go to the “Global Configuration Tools” section under “Manage Jenkins” section
iv. Scroll down to “SonarQube Scanner” section and click “Add SonarQube Scanner”, define its name and version the, click “Save”.
v. Next, head to the “Configure System” section under the “Manage Jenkins” section.
vi. Scroll down to “SonarQube Servers”, add a SonarQube server, define its name and set the Server URL along with the credentials then click the “Save” button.
vii. PS : To set SonarQube server’s credentials, you’ll need to go to the “ Manage Credentials” section under the “Manage Jenkins” section and click “Add Credential”.
viii. Set the credential kind to “Secret” and the scope to “Global”. Paste the access token and define your credential’s ID then click the “OK” button.
ix. PS : The “Secret” is an access token generated from SonarQube. To generate your token you’ll need to :
- Click the “Administrator” icon on the top left of your SonarQube Dashboard and choose “My Account”
- Click on “Security”, enter your token’s name then click on “Generate”.
- Copy your token then go paste it on your Jenkins credentials.
b. Now that the plugin is installed and configured, head to your project and click the “Configure” icon.
c. Scroll down to the “Pre-Build” section and click “Add prebuild step”. Choose “Execute SonarQube Scanner”.
d. On the “Analysis properties” section define the sonar.projectkey (The project’s unique key) and define sonar.sources (Comma-separated paths to directories containing main source files ). Click “Save”.
- Now that the pipeline is configured, click “Build with parameters” then click the “Build” button.
- Once the build is finished, refresh the browser page of your SonarQube project and you’ll notice that your code has been scanned and a report is provided.
Testing SonarQube with Gitlab
Now that we tested SonarQube integration with Jenkins, let’s try it with another interesting tool provided in our platform: GitLab.
So we’ll head to our GitLab repository and add a SonarQube test stage to our .gitlab.yaml file:
We’ll also add the “entrypoint.sh” file to our repository. This file contains a script that is run by the container to trigger the SonarQube.
Link to the “entrypoint.sh” file : https://github.com/SonarSource/sonarscanner-cli-docker/blob/master/4/bin/entrypoint.sh
Now in the “Variable” section under “CI/CD” section in Settings we will configure the following variables:
- Click “Settings” icon in your project then click on “CI/CD”
2. Head to “Variables” section and click “Expand”.
- Add the following variables :
a. SONAR_ HOST_URL : your SonarQube server URL
b. SONAR_LOGIN : your SonarQube generated token ( Please do check steps to generate a token above on the step 10/ .ix )
c. SONAR_SCANNER_CLI_VERSION = 4.6
d. CI_PROJECT_NAME: is the name of the project and it will be assigned to the SonarQube project
Now let’s run the pipeline. Go to the “pipelines” section under the “CI/CD” section and click on “Run pipeline”.
Once all of the pipeline’s jobs successfully completed, head to your SonarQube dashboard and you’ll notice that a new project have been added, its name is the name you defined for the CI_PROJECT_NAME variable. Open it to check details of the report.