I've set up a Sonar installation on our build server so that we can maintain reporting on our coding rules compliance, code coverage, etc.
What I want to do is maintain this Sonar installation as the main source of our checkStyle, findBugs and PMD rules. Sonar supports this by letting you modify the rules its using and export them. I can then import these rules to developer machines running IntelliJ Idea with the QAPlug plugin.
The problem is that I have to import profiles individually. Which means I will have to run QAPlug with the checkStyle profile, then then the PMD plugin, then the findBugs plugin. This is a few too many steps to expect developers to do all the time.
I can combine them within the plugin itself, so that it executes PMD, checkStyle and findBugs rules at the same time. But then the amount of steps to maintain the profile becomes too large. ie. Modify rule in Sonar, export 3 profiles, combine 3 profiles into one, distribute to developers.
Is there a better way of achieving this goal?
Turns out that you can import into an already existing profile. So I just needed to import all 3 files into QAPlug, and now I have a combined profile.
Related
New to Sonar. Am comfortable with checkstyle and jacoco.
What I am exploring is in a a gradle project, give developers ability to run style checks and code coverage reports locally, but then use bamboo to publish reports in sonar.
Is this a viable option ? I can see that jacoco plugin and sonar plugin can be in the same build.gradle and so guessing that jacoco reports can be got from sonar. However am unsure how checkstyle integration works. From what I see, I can add a checkstyle plugin to sonar, but then I will have to define rules in SonarQube. I will like to keep checkstyle configuration locally so developers can run a local check before commiting code.
Bear with me if the questions are naive.
Your goal: enable developers to run the same set of rules locally that are applied in a SonarQube scan.
The means: SonarLint offers a "connected mode" for IntelliJ, Eclipse, and Visual Studio. Assuming you're using the SonarQube Analyzers, they'll get on-the-fly checking as they code using the same rule set locally as is applied in an analysis. If the profile changes on the server, it can be manually re-synchronized in the IDE.
The hitch: to make this work seamlessly, you should look at replacing your Checkstyle rules with the ones offered by the SonarQube Analyzer for Java (i.e. the Java plugin). Almost all of the "valuable" rules from Checkstyle have been replaced in the Java plugin.
I want to know how to link production code and test code, i.e., I'd like to answer this question: which product codes are the targets of this test code?
I'd like to do this automatically.
My project uses maven and I have used SonarQube and the source codes are written in Java.
If it's needed, I will try any other tools.
How can I link production codes and test codes?
Please let me know how to do it.
What you want to do is effectively getting the Coverage of your tests, an answer to the question "What lines/branches of my code are covered by my tests?".
Maven and SonarQube are perfectly suited for this, the only thing you need to add into the mix is Jacoco. A good explanation for the configuration of Jacoco/Junit is here. Jacoco is an agent that gets added to the execution of your tests and which monitors them, analyzing which lines/branches have been executed (covered) and which have not.
The important part is to configure the jacoco plugin and the surefire/failsafe plugin(s) (last one is for integration tests) to use jacoco. This will generate jacoco report files, which then can/will be read by SonarCube during the sonar:sonar goal (you might have to set the path to these files either in your maven pom.xml as a sonar property or directly in the SonarQube server properties, both work fine).
You can test it step-by-step, first getting jacoco to run, since it already creates nice html reports. Reading the reports into SonarQube is the easier part then.
I have a few modules(projects and subprojects) in my application (in Gradle) and i have added plugins: PMD, checkstyle, findbugs. Those plugins create their own reports in their directory (for example: PMD makes directory "PMD" in directory "reports" and put there report). I would like to have a one report for all those plugins. It is possible to do that? And if yes, how do that?
You can't simply configure them to create a shared report together. However, you can use for this purpose either SonarQube or QualityGate. Both tools can execute the above mentioned plugins and they can generate a summarized report as you required.
You probably want take a look at SonarQube. It basically gathers reports of mentioned tools and shows them via nice web app. It can also gather test coverage reports and is free.
Not sure how it can be integrated with Gradle, but we have it integrated with Jenkins. There is also Eclipse plugin I used.
QualityGate (that was mentioned by Csuki) is paid solution.
I'm using sonar with jenkins for continues integration and code analysis. I learned that sonar by default includes Checkstyle, FindBugs, JaCoCo, PMD altogether, so we don't need to configure any of the above plugins to a project. But when I check the Quality Profile, there are two profiles named as Sonar way with 113 rules and Sonar way with Findbugs with 516. What does mean by there profiles? Why they have different rules?
And, I have a requirement like, for some project, I need to configure Checkstyle only for another project may be Checkstyle with PMD, etc. Is it possible to do that?
Sonar works by parsing the output of the external tools like Checkstyle, FindBugs, PMD, etc. In short you don't need to configure the plugins, but you can specify the way Sonar reacts to violations in your code found by the plugins.
With Quality profile you can set the rules for your project and modify them for your needs, e.g. line length by default is 80, but you can extend it for your project to 120 characters. If your coding style doesn't care about line length you can disable the rule.
Two default quality profiles gives you an option to decide to build the project with or without Findbugs, which means that your build will or will not run Findbug tool. Findbug provides wider set of rules, but will slow down your build.
To set a specific rules to specific projects you can check here
We build our projects with ant and happy with it.
The other day, I wished to give Sonar a try only to discover that it requires me to have maven. So, I guess I need some kind of pom.xml somewhere in my project.
There are three things I wish to avoid:
Learn maven right now (in general I may want to, but not now)
Migrate to maven from ant
Maintain two build scripts - one for ant and the other for maven.
Is it possible to have this pom.xml as minimal as possible and yet to be able to analyze the project with Sonar?
Thanks.
P.S.
Less demanding Sonar alternatives are welcome as well.
as requested, putting this as an answer:
SONAR comes with an ANT task
Also look at this.
Sonar version 2.6 introduced an ANT task for running Sonar.
Code coverage reporting requires additional work. See the following answer:
SONAR - Measure Code Coverage using Cobertura