Shulou(Shulou.com)06/02 Report--

How to integrate SonarQube code quality detection? in view of this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

Brief introduction to Code quality Inspection (SonarQube) Integration

SonarQube is an automated code review tool that detects errors, vulnerabilities and code odors in your code. It can be integrated with your existing workflow for continuous code review between the project branch and the pull request.

Continuous code check, sonar can use Maven and Gradle push code check alone, of course, you can also check the code automatically in the ci engine, such as Jenkins, Git.

Server side

Installation

In order to start the sonarqube instance quickly, we use the docker method.

Sonarqube defaults to the English version, and the inspection rules are self-contained. We use Chinese here, and the java language adds Ali P3c rules.

Use git to clone the project:

Git clone https://github.com/purgeteam/sonarqube-startcd docker-start

The sonar-docker-start.yml template is as follows:

# Chinese version + Ali P3C verifies version: "2" services: sonarqube: image: sonarqube ports:-"9000 image 9000" networks:-sonarnet environment:-sonar.jdbc.url=jdbc:postgresql://db:5432/sonar volumes:-sonarqube_conf:/opt/sonarqube/conf-sonarqube_data:/opt/sonarqube/data-sonarqube_extensions:/opt/sonarqube/extensions- Sonarqube_bundled-plugins:/opt/sonarqube/lib/bundled-plugins -. / plugin/rhinoceros/sonar-pmd-plugin-3.2.0-SNAPSHOT.jar:/opt/sonarqube/extensions/plugins/sonar-pmd-plugin-3.2.0-SNAPSHOT.jar -. / plugin/sonar-l10n-zh-plugin-1.16.jar:/opt/sonarqube/extensions/plugins/sonar-l10n-zh-plugin-1.16.jar db: image: postgres Ports:-"5432 POSTGRES_USER=sonar 5432" networks:-sonarnet environment:-POSTGRES_USER=sonar-POSTGRES_PASSWORD=sonar volumes: -. / postgres/postgresql:/var/lib/postgresql -. / postgres/postgresql_data:/var/lib/postgresql/datanetworks: sonarnet: driver: bridgevolumes: sonarqube_data: sonarqube_extensions: sonarqube_bundled-plugins: postgresql: postgresql_data:

Start using docker-compose

Docker-compose-d sonar-docker-start.yml up

By default, the plug-in will be mounted into the container.

Start ok and view the console to access localhost:9000. The default account password is admin/admin.

Default rule configuration

Although Ali P3C has been integrated, the default rules are still used, and here we need to set them to the specified rules.

Log in as an admin account

Open the quality configuration profiles page and click the create button at the top right to create a P3C profiles

The first creation will jump to the code rule configuration page. The newly created profile does not activate any rules, so you need to activate it manually.

We need to activate P3C rules for the P3C profile we just created. Click activate more rules.

Jump to the activation page and search for P3C, as shown in the figure, with rules that start with [P3C].

Batch modify-> activity P3C-> Application-> successful

After the binding rule is basically completed after success, we return to the quality configuration and select the P3C just set as the default in java.

The configuration of Ali P3C has been completed.

Maven code check

Sonarqube can check code uploads in a variety of ways. We use a simple Maven to trigger the code check.

Add plug-in

Add the sonar-maven-plugin plug-in to the project pom file.

Org.sonarsource.scanner.maven sonar-maven-plugin 3.6.0.1398

Server-related configuration:

You need to change it to the sonarqube service address you built earlier.

Sonar true http://127.0.0.1:9000/

Trigger check

When the pom configuration is complete, first build the code using the Maven package command.

Complete the build and execute the mvn sonar:sonar command, or you can use the idea maven visual interface for operation.

The operation is complete.

View sonar report

Open the sonar service page 127.0.0.1 virtual 9000

You can see the list of uploaded projects, select the project to view the analysis results, project health status and other information.

You can see a list of related code problems in the questions. Open a single one to see the details.

Of course, we only use a simple Maven method to push to the SonarQube service, of course, we can also automatically check the code in the ci engine.

This is the answer to the question on how to integrate SonarQube code quality testing. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.