SonarCloud integration
This article as a reminder on how to integrate your project into SonarCloud.
https://sonarcloud.io/projects
Maven
In the pom.xml add:
<properties>
<sonar.projectKey>blablanumerodeux_kayak</sonar.projectKey>
<sonar.organization>blablanumerodeux</sonar.organization>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
<!-- this should not be committed-->
<sonar.login>d0d909736d1c196a530e6f3f26e62bee1a81cd7f</sonar.login>
</properties>
Use this maven command only if you're the only dev in the team, otherwise you may override the scan of others:
mvnw verify sonar:sonar -DskipTests -f pom.xmlNB
you can also specify these params from the mvn command line that will be launched by jenkins for example -> see below at the end
CircleCi
If you're not alone on your project, then set your token within an environment variable called :
SONAR_TOKEN
https://www.baeldung.com/sonar-qube
https://docs.sonarqube.org/latest/analysis/gitlab-cicd/
Also SONAR_HOST_URL can also be set as an environment variable.
Finally, here is another example of maven command that you can use within your circleci config file:
mvnw source:jar javadoc:jar install -DcreateChecksum=true -e sonar:sonarAlso, don't forget to include your environment variables (via the context features) with your workflows on your circleci config file like such:
workflows:
version: 2
just-build:
jobs:
- build:
context: SonarCloud
More doc on how the sonar maven plugin works
https://blog.sonarsource.com/we-had-a-dream-mvn-sonarsonar/
IntelliJ IDEA plugins
SonarLint
Go on your SonarCloud profile and generate a new token.
Use it to connect to SonarCloud with SonarLint so that your SonarCloud connection within SonarLint will have access to all your organisations and repo.
So that you won't need to regernate 1 token per repo.
Then "Update binding".
Done.
then Ctrl-Shift-S to analyse a specific file. Also more options are available in the SonalLint Bar (at the bottom) or in the Analyze menu.
SonarQube
Configure your SonarCloud account on the IntelliJ IDEA params.
Then Analyze menu -> Inspect code (Ctrl-Alt-Shift-I) -> inspection profile Sonar -> ok.
Done
NB: use this plugin only if you're alone on the project.
Otherwise you may override the scan of others
Project badge
Once you sent your project to SonarCloud, on the right bottom corner you can generate your badge and paste it on your README.md file.
example of a badge:
[](https://sonarcloud.io/dashboard?id=dans-la-rue_homeless)Jenkins with maven
Jenkinsfile
// sh 'mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar \
sh """./mvnw sonar:sonar \
-Dsonar.host.url=${codeQualityManagementConfig.api_url} \
-Dsonar.projectKey=${sonarProjectName} \
-Dsonar.projectName=${sonarProjectName} \
-Dsonar.login=${bncSonarCredentials.credentials.username} \
-Dsonar.password=${bncSonarCredentials.credentials.password} \
-Dsonar.branch.name=${env.BRANCH_NAME} \
"""
// -Dsonar.branch.target=${targetBranch}"""
add those for sonar to differenciate the tests from the src
sonar-project.properties
sonar.sources=./src/main/java
sonar.tests=./src/test/java
or sonarqube with jacoco for test coverage
utils.shWithNoTrace """./mvnw sonar:sonar \
-Dsonar.host.url=${codeQualityManagementConfig.api_url} \
-Dsonar.projectKey=${sonarProjectName} \
-Dsonar.projectName=${sonarProjectName} \
-Dsonar.login=${bncSonarCredentials.credentials.username} \
-Dsonar.password=${bncSonarCredentials.credentials.password} \
-Dsonar.branch.name=${env.BRANCH_NAME} \
-Dsonar.coverage.jacoco.xmlReportPaths=target/jacoco.exec \
"""
// -Dsonar.branch.target=${targetBranch}"""
// }https://docs.sonarqube.org/pages/viewpage.action?pageId=1442166