SonarQube Configuration Details
2020-06-25 Table of Contents
Server configuration...... 2
Quality Gates ...... 2
Update ...... 3
Rules / quality profile ...... 4
Technical Debt ...... 5
Troubleshooting ...... 5
See SonarQube for an older build...... 6
Make sure I’ve got all the relevant new rules in my profile ...... 6 Table 1. History
Date Author Detail
2020-01-28 bcouetil Ὅ (all) refactor detail tag to new collapsible asciidoc feature
2020-01-28 bcouetil Ὅ (core) update theme
2020-01-28 bcouetil Ὅ (core) remove sample and build with docker
2019-12-15 Benoît Ὅ (doc) add asciidoc docker generation sample on gitlab + add pipeline sh scripts COUETIL
2018-12-11 bcouetil - Added reveal plugins and background - Fixed reveal css following change in structure in asciidoc-reveal master (from previous version : 1.1.3) - Implemented Zenika layout in HTML and PDF - Reported back reveal-js enhancements
2018-11-28 bcouetil - Updated reveal css for all syntax elements, for both light and dark themes : asciidoc-syntax-quick-reference is now nicely output - Refactored light and dark css, extracting common items into reveal-zenika.css - Added syntax quick reference in all format generated and linked in asciidoc page
2018-11-13 bcouetil - Updated sample project with Reveal.js generation - Duplicated Reveal.js execution to have multiple styles - Compromised layout between 4/3 and 16/9 - Minor changes in Reveal.js css - Added some web comics
2018-09-19 bcouetil - Sample asciidoctor maven project published on Github - Github & LinkedIn links - Sample project tree - new images + resizing and positioning
2018-08-23 bcouetil Initial commit
1 SonarQube helps you calculate and monitor in near real time your code quality for most development languages.
Server configuration
Quality Gates
Click on Quality Gate
Create a new one for your project and select your quality gate rules :
• Comments is less than 30 then 25 • Coverage is less than 86 then 80 • Maintainability Raiting is worse than A then C • Reliability Raiting is worse than A then C • Security Raiting is worse than A then C • Unit Test Success (%) is worse than A then C
In pipelines
Use this script to enforce Quality Gate in pipelines.
2 Example 1. sonar-gateway-check.sh
#!/bin/bash # # Getting analysis progress status # taskId=`cat $WORKSPACE/build/sonar/report-task.txt |grep ceTaskId |cut -f2 -d "="`
sonarApiUrl="curl -u $TOKEN: http://localhost:9000/api"
analysisResponse=`$sonarApiUrl/ce/task?id=$taskId` echo "*** global status of SonarQube analysis : $analysisResponse ***"
sleep 10s status=`echo "$analysisResponse" | jq .task.status | sed -e 's/^"//' -e 's/"$//'`
while [[ "$status" == "IN_PROGRESS" || "$status" == "PENDING" ]] do sleep 10s analysisResponse=`$sonarApiUrl/ce/task?id=$taskId` status=`echo "$analysisResponse" | jq .task.status | sed -e 's/^"//' -e 's/"$//'` done
if [ "$status" = "SUCCESS" ] then analysisId=`echo "$analysisResponse" | jq .task.analysisId | sed -e 's/^"//' -e 's/"$//'` else echo "*** SonarQube server failed at analyzing this build ***" exit 1; fi
# # Getting gateway result # gatewayResponse=`${sonarApiUrl}/qualitygates/project_status?analysisId=$analysisId`
echo "$gatewayResponse" | jq .
qualityGateStatus=`echo "$gatewayResponse" | jq '.projectStatus.status' | sed -e 's/^"//' -e 's/"$//'` if [ "$qualityGateStatus" != "OK" ]; then RED='\033[0;31m' echo -e "${RED}/!\ Quality gate shows WARNINGS/ERRORS : You shall not pass ! (∩`-´)⊃━☆" exit 1; fi
Update
This has to be done only for a new Production Line
Administration → System → Update Center
• SonarJava : install or update to latest • Findbugs : install • SoftVis3D : install
3 Rules / quality profile
Export
• Navigate to Quality Profiles → BCT (or your profile) → Actions → Back Up • This will download a XML • On CG-WM, the common java XML quality profile is saved here :
src\docs\SonarQube.qualityProfile.BCT.xml
Import
for an import to be successful, SonarQube must know the rules, so SonarJava and Findbugs must be up to date
• Navigate to Quality Profiles → dropdown menu next to Create → Restore Profile • Provide the saved XML
Create
This has to be done only if you want to define a custom set of rules
• Choose Quality Profiles → Java → Sonar way → Copy • Select the newly created profile
4 • Now you can : ◦ Click on the number of active rules to deactivate some ◦ Click on Activate More ◦ Go to Rules, search one and change its value
Technical Debt
• Select Administration → Configuration → General Settings → Technical Debt • Set Maintainability rating grid = 0.01,0.02,0.03,0.05 ◦ This means that a tech debt < 1% is rated A, a tech debt > 5% is rated E. • Hit save technical debt
Troubleshooting
5 See SonarQube for an older build
SonarQube does not have history available for browsing, you can only see the last build. So you have to retrigger the gerrit patch to see specific data associated to your change.
You can do an empty commit amend from Eclipse. But you can also retrigger from Jenkins.
• Go to Jenkins homepage • Navigate to the pipeline/job • If your build is still in the history ◦ Open it ◦ Select Retrigger • Else if your build has been deleted ◦ Go to Jenkins homepage ◦ Click on Query and Trigger Gerrit Patches ◦ In Query String, put your change-id ◦ Click SEARCH ◦ Select the change ◦ Click TRIGGER SELECTED
Make sure I’ve got all the relevant new rules in my profile
Each time a language plugin update is released, new rules are added, but they won’t appear automatically in your profile unless you’re using a built-in profile such as Sonar way.
If you’re not using a built-in profile, you can compare your profile to the built-in profile to see what new on- by-default rules you’re missing.
6 Another option is to go to the Rules space, and use the Available Since search facet to see what rules have been added to the platform since the day you upgraded the relevant plugin.
And finally, the profile interface itself will help you be aware of rules added in a new plugin version in the Latest New Rules section on the right of the interface.
7