Skip to content
This repository has been archived by the owner on Jul 26, 2022. It is now read-only.

Static code analysis: SonarQube

Jump to bottom
Stefan Hugtenburg edited this page Feb 27, 2015 · 1 revision

Static code analysis

In order to ensure that Syncany adheres to coding standards (such as those outlined here) and that bad practices (such as too complex methods) are avoided, every pull request that is accepted into develop is checked by the static code analysis tool SonarQube. The results of this analysis are currently hidden, but might be made public at some later point in time.

In this page we will outline the following three things: 1) How SonarQube has been configured to work with gradle. 2) What the ruleset used by SonarQube is currently based on and how it can be modified. 3) How you can do an analysis on your local SonarQube instance.

Configuration of SonarQube with gradle

In order to use SonarQube with gradle a small gradle file has been created outline the sonarRunner task. This file fills in basic information that is decrypted by Travis and allows the runner to upload the results to the SonarQube instance. In addition every subproject has a small section in their build.gradle file that ensures the integration tests are also including in the analysis.

The coverage reports generated by Cobertura are reused by SonarQube, but unfortunately we have been unsuccessful in getting this to work from the gradle scripts. As a result the server has been configured to look for the coverage.xml file in the right place, which is ../build/reports/coverage/coverage.xml. In addition you will have to download the Cobertura plug-in on your SonarQube server, which requires admin privileges (so you can access the 'Update Center') and a reboot of the server.

Ruleset used by SonarQube

The current ruleset used by SonarQube (which can be downloaded here and imported in SonarQube) features a combination of the default 'Sonar Way' ruleset from SonarQube, the 'FindBugs' ruleset from SonarQube and some hand-picked rules that enforce the Syncany code style outlined on this wiki. This ruleset requires the latest version of the 'FindBugs' plugin for SonarQube.

If you want to change or disable a rule, you require admin rights to the SonarQube instance. If you have these, log in and go to the 'Quality Profiles' page. Here you can access the 'Syncany' profile and disable or enable rules used by the analysis.

How to run this yourself

If you have an installation of SonarQube available to you, you can simply change the file gradle/gradle/reports.sonarqube.gradle with your server's information. If you also want coverage to work properly, you should do the trick outlined in the section "Configuration of SonarQube with gradle" above. To then execute the SonarQube runner with all details, execute this in the root of the project:

./gradlew testGlobal coberturaReport performCoverageCheck sonarRunner
Clone this wiki locally