Skip to content

mirkosertic/mavensonarsputnik

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Maven Sonar Sputnik Integration

Maven Plugin for Sputnik with Multi-Module Support.

Together with Sputnik, Jenkins and Gerrit you can easily setup a pretested commit infrastructure for semi-automatic Code Reviews.

Build Status Maven Central

System Requirements

Plugin-Version Java Maven SonarQube
1.7 min. 7 min. 3.2.5 min. 4.5
1.8 min. 8 min. 3.2.5 min. 4.5

Usage

The following command can be used in conjunction with the Gerrit Trigger on Jenkins:

mvn de.mirkosertic.mavensonarsputnik:sputnik:1.8:sputnik 
   -DgerritRevision=<GERRIT_REVISION_ID> 
   -DgerritChangeId=<GERRIT_PROJECT>~<GERRIT_BRANCH>~<GERRIT_CHANGE_ID> 
   -DsputnikConfiguration=<path-to-sputnik.properties> 

The sputnik.properties file contains authentication information to connect to Gerrit:

connector.host=<Gerrit host>
connector.path=<Gerrit context>
connector.port=<Gerrit port>
connector.username=<Gerrit username>
connector.password=<Gerrit password>
customsonar.enabled=true
customsonar.configurationFile=<path to sonar.properties>

The sonar.properties file contains authentication information to connect to SonarQube:

# Only Required if you are not declaring SonarQube configuration in pom.xml
sonar.jdbc.url=<JDBC url to SonarQube database>
sonar.jdbc.driverClassName=<JDBC Driver>
sonar.jdbc.username=<Sonar username>
sonar.jdbc.password=<Sonar password>
sonar.host.url=<URL to Sonar Web UI>

JDBC Configuration is only required for Sonarqube 4.

Advanced Reporting

Mutation Testing

This plugin can integrate Mutation Testing results based on PITest in the review. To enable this, you also need to enable the PITest Reviewer in the sputnik.properties file by adding the following line:

pitest.enabled=true

The PITest Plugin is automatically invoked.

OWASP Dependency Checks

This plugin also runs a OWASP Dependency Check in case of any changes at the Maven project configuration, hence if a pom.xml is part of the current patchset.

To enable the OWASP Dependency Reviewer in the sputnik.properties file by adding the following line:

owaspdependencycheck.enabled=true

Automated Quality Feedback

The Maven plugin can add reports to the review comments. For instance, a SonarQube Plugin can generate a simple text file containing statistics about the submitted change and how it affects SonarQube metrics. This file is stored by the Plugin and can be read and added as a review comment.

Report embedding can be enabled by the following line in the sonar.properties file:

customsonar.additionalReviewCommentFiles=<comma separated list name of text file to embedd as review comment>

The reports must be stored in the SonarRunner working directory, project-root/.sonar.

An example Report can be generated using Sonar Delta Report Plugin.

Additional SonarQube Reports

SonarQube can generate HTML reports for a given PatchSet. To enable this feature, you have to

  • Install the Issues Reports Plugin
  • Add the following lines to your sonar.properties file:
# This are already the default values
sonar.issuesReport.console.enable=true
sonar.issuesReport.html.enable=true
sonar.issuesReport.json.enable=true

SonarQube will place to files inside the .sonar/issues-report Directory of the workspace:

  • issues-report-light.html contains only the new introduced and removed issues of the PatchSet
  • issues-report.html contains all issues of the PatchSet

These Reports can be easily integrated using the Publish HTML Post Build Action of Jenkins