New to Sonar. Am comfortable with checkstyle and jacoco.
What I am exploring is in a a gradle project, give developers ability to run style checks and code coverage reports locally, but then use bamboo to publish reports in sonar.
Is this a viable option ? I can see that jacoco plugin and sonar plugin can be in the same build.gradle and so guessing that jacoco reports can be got from sonar. However am unsure how checkstyle integration works. From what I see, I can add a checkstyle plugin to sonar, but then I will have to define rules in SonarQube. I will like to keep checkstyle configuration locally so developers can run a local check before commiting code.
Bear with me if the questions are naive.
Your goal: enable developers to run the same set of rules locally that are applied in a SonarQube scan.
The means: SonarLint offers a "connected mode" for IntelliJ, Eclipse, and Visual Studio. Assuming you're using the SonarQube Analyzers, they'll get on-the-fly checking as they code using the same rule set locally as is applied in an analysis. If the profile changes on the server, it can be manually re-synchronized in the IDE.
The hitch: to make this work seamlessly, you should look at replacing your Checkstyle rules with the ones offered by the SonarQube Analyzer for Java (i.e. the Java plugin). Almost all of the "valuable" rules from Checkstyle have been replaced in the Java plugin.
Related
Does anyone know a jenkins plugin for Java that analyses the coding styles and fails the build (not only provide a report) in case there are styles violations?
You can use Findbugs and Checkstyle for the same.
https://plugins.jenkins.io/checkstyle
https://plugins.jenkins.io/findbugs
Jacoco is used to unit test coverage and not really for static analysis.
the solution is to use a plugin of your build tool(like jacoco plugin in your pom for maven build).
And then configure your jenkins pipline to fail if quality is not satisfying
I want to know how to link production code and test code, i.e., I'd like to answer this question: which product codes are the targets of this test code?
I'd like to do this automatically.
My project uses maven and I have used SonarQube and the source codes are written in Java.
If it's needed, I will try any other tools.
How can I link production codes and test codes?
Please let me know how to do it.
What you want to do is effectively getting the Coverage of your tests, an answer to the question "What lines/branches of my code are covered by my tests?".
Maven and SonarQube are perfectly suited for this, the only thing you need to add into the mix is Jacoco. A good explanation for the configuration of Jacoco/Junit is here. Jacoco is an agent that gets added to the execution of your tests and which monitors them, analyzing which lines/branches have been executed (covered) and which have not.
The important part is to configure the jacoco plugin and the surefire/failsafe plugin(s) (last one is for integration tests) to use jacoco. This will generate jacoco report files, which then can/will be read by SonarCube during the sonar:sonar goal (you might have to set the path to these files either in your maven pom.xml as a sonar property or directly in the SonarQube server properties, both work fine).
You can test it step-by-step, first getting jacoco to run, since it already creates nice html reports. Reading the reports into SonarQube is the easier part then.
I have a few modules(projects and subprojects) in my application (in Gradle) and i have added plugins: PMD, checkstyle, findbugs. Those plugins create their own reports in their directory (for example: PMD makes directory "PMD" in directory "reports" and put there report). I would like to have a one report for all those plugins. It is possible to do that? And if yes, how do that?
You can't simply configure them to create a shared report together. However, you can use for this purpose either SonarQube or QualityGate. Both tools can execute the above mentioned plugins and they can generate a summarized report as you required.
You probably want take a look at SonarQube. It basically gathers reports of mentioned tools and shows them via nice web app. It can also gather test coverage reports and is free.
Not sure how it can be integrated with Gradle, but we have it integrated with Jenkins. There is also Eclipse plugin I used.
QualityGate (that was mentioned by Csuki) is paid solution.
I've set up a Sonar installation on our build server so that we can maintain reporting on our coding rules compliance, code coverage, etc.
What I want to do is maintain this Sonar installation as the main source of our checkStyle, findBugs and PMD rules. Sonar supports this by letting you modify the rules its using and export them. I can then import these rules to developer machines running IntelliJ Idea with the QAPlug plugin.
The problem is that I have to import profiles individually. Which means I will have to run QAPlug with the checkStyle profile, then then the PMD plugin, then the findBugs plugin. This is a few too many steps to expect developers to do all the time.
I can combine them within the plugin itself, so that it executes PMD, checkStyle and findBugs rules at the same time. But then the amount of steps to maintain the profile becomes too large. ie. Modify rule in Sonar, export 3 profiles, combine 3 profiles into one, distribute to developers.
Is there a better way of achieving this goal?
Turns out that you can import into an already existing profile. So I just needed to import all 3 files into QAPlug, and now I have a combined profile.
We use Hudson for our continuous integration which provides us with easy to browse build reports showing compiler warnings, unit test results and coverage (EMMA), pmd, checkstyle and findbugs violations.
Although we each have the relevant plugins installed locally in Eclipse, it often seems easier to simply commit to SVN in order to trigger a Hudson build and generate a build report showing the above info rather than checking with each plugin.
Is there something that developers could install locally (i.e. an Eclipse plugin perhaps) to generate similar reports? Or would it be feasible to somehow use Hudson for this purpose?
You can also install Sonar, which includes all the tools you list (except EMMA which is a plugin). Try it, it's free and open source ! http://sonar.codehaus.org
You Can install hudson locally easily. It is a runnable jar.
Try it. You'll like it.