How to get full sonar analysis from local code
Are you a Java Developer like me? If so, I bet you are used to dealing with continuous integration and continuous delivery.
I wanted to write this small article because I was going through an annoying and unproductive situation.
Assumptions
This small article assumes:
- Java and Maven well configured
- Maven is already been used for compile and run tests;
- The project has already been configured in sonar;
- Basic knowledge of sonar;
- The working machine is Linux or has some kind of terminal Linux emulator, like Git Bash.]
Context
I was creating some new dummy Java project that in the close future would become a real project. I was doing that because before starting the real code I wanted to have my Jenkins pipelines read to go, and that was when my annoying situation started.
It is quite common that a Jenkins pipeline builds, runs tests, and passes the code through a code quality gate, in my case SONAR. I was having problems testing my pipeline because every time I ran the pipeline it broke during the code quality gate phase.
I thought I had a simple way to solve this, I found a plugin to connect my IDE to the sonar server, and then I ran the sonar analysis all over my code: after that, I fixed all things that I got from sonar reports.
To my surprise, after committing and pushing my code to the pipeline it failed again, at the same quality gate phase. So I opened the sonar and I got something like this image below.
As a developer, I DO NOT want to commit and push my code, run the pipeline and then grab the sonar analysis report. That takes too much time. I want to get a sonar full analysis before committing my changes.
How to run sonar with local code
The first thing needed is an access token. To get one token access the <SONAR_ADDRESS>/sonar/account/security/ and create one like shown on the image below.
I have created the TmpToken only for demonstration proposes, of course I already revoked it.
Once you have copied the token, I advise you to create an environment variable to store the token. From this point forward I will assume that the token you have resides in a variable called SONAR_TOKEN.
The second thing needed, is to prepare the arguments to pass on sonar.
To accomplish that create a file sonar-project.properties in the same directory of the pom.xml file with the content below.
sonar.projectKey=KEY_PROJECT_ON_SONAR
sonar.language=java
sonar.sourceEncoding=UTF-8
sonar.sources=src/main
sonar.java.binaries=target
sonar.java.sources=src/main/java
sonar.java.tests=src/test/java
# Exclusions
sonar.exclusions=**/target/**/*,**/webapp/**/*,**/entity/*
sonar.java.coveragePlugin=jacoco
sonar.dynamicAnalysis=reuseReports
sonar.surefire.reportsPath=target/surefire-reports
sonar.jacoco.reportPath=target/jacoco.exec
Transform the sonar-project.properties file in maven arguments using the instruction below.
grep -o '^[^#]*' sonar-project.properties | sed -e 's/^/-D/'
The result must be something like this:
-Dsonar.projectKey=KEY_PROJECT_ON_SONAR
-Dsonar.language=java
-Dsonar.sourceEncoding=UTF-8
-Dsonar.sources=src/main
-Dsonar.java.binaries=target
-Dsonar.java.sources=src/main/java
-Dsonar.java.tests=src/test/java
-Dsonar.exclusions=**/target/**/*,**/webapp/**/*,**/entity/*
-Dsonar.java.coveragePlugin=jacoco
-Dsonar.dynamicAnalysis=reuseReports
-Dsonar.surefire.reportsPath=target/surefire-reports
-Dsonar.jacoco.reportPath=target/jacoco.exec
All arguments can be check here: https://docs.sonarqube.org/latest/analysis/analysis-parameters/
Keep in mind that you may need consider all arguments for a specific version.
For instance, https://docs.sonarqube.org/7.9/analysis/analysis-parameters/
Now, let’s combine it all together.
The command below will use maven clean, compile, test, and run sonar analysis of the code.
mvn clean test org.sonarsource.scanner.maven:sonar-maven-plugin:sonar $(grep -o '^[^#]*' sonar-project.properties | sed -e 's/^/-D/' | tr '\n' ' ')
-Dsonar.branch.name=locacode -Dsonar.host.url=<SONNAR_ADDRESS>/sonar -Dsonar.login=${SONAR_TOKEN}
Once it is finished, will be possible to notice a URL to get a sonar report.
Access the URL and check the code sonar report from the local code. The result will be something like the image below.