Shulou(Shulou.com)06/02 Report--

This article focuses on "how to use Jenkins and Sonar integration for continuous code testing", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let the editor take you to learn "how to use the integration of Jenkins and Sonar to continuously test the code."

Brief introduction of SonarQube and Jenkins

SonarQube is an open source code quality analysis platform that makes it easy to manage code quality and detect vulnerabilities and potential logic problems in project code. At the same time, it provides rich plug-ins to support the detection of multiple languages, such as Java, Python, Groovy, C, C++ and other programming languages. Its main core values are reflected in the following aspects:

Check whether the code conforms to programming standards, such as naming conventions, written specifications, etc.

Check for potential defects in the design: SonarQube detects defects in the code through plug-ins Findbugs, Checkstyle, and other tools.

Detect the amount of repeated code: SonarQube can show that there is a large number of copied and pasted code in the project.

Detect the degree of comments in the code: it is not good to comment too much or too little source code, affecting the readability of the program.

Detect the relationship between packages and classes in the code: analyze whether the relationship between classes is reasonable and complex.

The SonarQube platform consists of four parts:

SonarQube Server

SonarQube Database

SonarQube Plugins

SonarQube Scanner

Installation and configuration of Jenkins and SonarQube integrated plug-in

Jenkins is a server that supports the automation framework, which we won't go into detail here. Jenkins provides relevant plug-ins that make it easy for SonarQube to integrate.

Log in to jenkins and click "system Management", as shown in the figure.

Jenkins Management snap-in

Jenkins installs the SonarQube plug-in

Enter Jenkins system Management-system Settings and configure SonarQube Server information

Enter Jenkins system Management-Global Tool Configuration, and configure SonarQube Scanner

Create a new Jenkis project

Add SonarScanner to code analysis during the construction of Jenkins project

First, you need to check "Prepare SonarQube Scanner evironment" in the build environment tab of the new Jenkins project.

Add Execute SonarQube Scanner build steps

To configure the SonarQube Scanner build step, enter scan in the Task to run input box, that is, the analysis code; select the JDK used by SonarQube Scanner in the JDK selection box (note that it must be JDK, not JRE); Path to project properties is an optional input box, where you can specify a sonar-project.properties file, if not specified, the project default properties file will be used Analysis properties input box, where you need to enter some configuration parameters to pass to SonarQube. The parameters here take precedence over the parameters in the sonar-project.properties file, so you can configure all the parameters here to replace the sonar-project.properties file. Some parameters are listed below. Sonar.language specifies the development language to be analyzed (specific development language corresponds to specific rules). Sonar.sources defines the location of the source code that needs to be analyzed ($WORKSPACE in the example indicates the directory of the current Jenkins project), and sonar.java.binaries defines the location of the compiled class file that needs to analyze the code. You can enter some additional parameters in the Additional arguments input box. The-X in the example means to enter the Debug mode of SonarQube Scanner, which will output more log information; JVM Options can enter the JVM parameters that are required to execute SonarQube Scanner

Sonar.projectKey=testSonar sonar.projectName=testSonar sonar.projectVersion=1.0 sonar.language=java sonar.java.binaries=$WORKSPACE/testSonar/target/test-classes/ sonar.sources=$WORKSPACE/testSonar/src

Configure Execute SonarQube Scanner build steps

Jenkins project construction results

Analysis result report

Specific problem presentation

At this point, I believe you have a deeper understanding of "how to use the integration of Jenkins and Sonar to continuously detect code". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.