Post4

Mobile App Development and Continuous Delivery – SonarQube (2/7)

Posted by Mahesh Thakuri

The next step in the process of setting your Mobile DevOps environment is to get hold of your code quality. I prefer SonarQube in the DevOps tool chain to evaluate my app code quality.

What is SonarQube?

SonarQube is an open source platform to check the quality of the code. We can generate reports of code highlighting the coding guidelines, duplicate codes, dead codes, logical errors, null-pointers, bugs, testing, security vulnerabilities, and code coverage. SonarQube also allows setting up Quality Gates to enforce a set of policies such as coverage by the new code, bugs count, security rating, and reliability rating. This ensures that no build is deployed to production or other environments without passing the quality standard. SonarQube supports quality check for most of the well-known languages including Java, C/C++, Groovy, Python, Javascript, PHP, and Swift.

Setting up SonarQube Server

We will install SonarQube (v6.5) on our Ubuntu 16.04 Operating System. SonarQube’s default embedded database is H2 but as it is not production ready, we’ll simply install PostgreSQL as its replacement.

To configure SonarQube and PostgreSQL as interrelated services, we’re going to use Docker compose file as it ensures easy management. Although, we can configure tons of features with the help of Docker compose file, discussing them all is beyond the scope of this tutorial.

Follow these steps to setup SonarQube in Docker.

$gitclone https://github.com/mthakuri/sonarqube_with_postgresql.git

$ docker-compose up -d

Upon doing this, you should see a screen similar to the one below, showcasing the details of SonarQube and PostgreSQL download.

  • To check if SonarQube is running, execute the following URL:

If installed on the remote server – $ http://<server-ip>:9000

If installed on local system – $ http://localhost:9000

The URL will open a welcome screen, similar to the one below, which confirms that the SonarQube is successfully installed and running on the system.

Install SonarQube Plugin in Jenkins

Now, we’ll install SonarQube plugin to support SonarQube integration with Jenkins.

  • Click on ‘Manage Jenkins’ option on the left side of Jenkins home screen.
  • Click on ‘Manage Plugin’ on the right side of the screen.
  • Navigate to ‘Available’ tab and perform a search for “SonarQube Scanner for Jenkins” plugin. Since the names of plugin’s often change, ensure you are using the correct name by crosschecking it from the official SonarQube site.

  • Check the checkbox next to the desired plugin and click “Install without restart”. Installation should begin in the next screen.

Configure SonarQube Plugin in Jenkins

Before configuring the Jenkins server, we first need to generate an authentication token. This token is used by SonarQube scanner to upload the scanned code’s report to SonarQube server. The first login throws up the option of generating the authentication token. Follow the steps to generate the token, which could be anything. We named it Test.

We can also generate authentication token from security tab in My Account. To do so, click on the image icon on top right > My Account > Security > Enter token name > Generate.

 

After installing the plugin and generating the authentication token, it is time to configure the plugin. Before that, we need to tell Jenkins about SonarQube server, and for that we need to:

  • Go to Jenkins home > Manage Jenkins > Configure System > SonarQube Servers
  • Click on ‘Add SonarQube’
  • Enter the name, server location, and authentication token
  • Click ‘Save’

Next, we’ll use Jenkins to install the SonarQube scanner on the server, if it is not already available.

  • Go to Jenkins home > Manage Jenkins > Global Tool Configuration > SonarQube Scanner.
  • Click ‘Add SonarQube Scanner’.
  • Click ‘Install Automatically’ and choose the version of SonarQube Scanner to install. At the time of writing this tutorial, the latest version was 3.0.3.778
  • Finally, click ‘Save’.

 

Setup SonarQube in Job

To run the SonarQube scanner, we’ll create a new Job with the name SonarTest, through the following steps;

  • Go to Job configure screen.
  • Setup the Git repository for app source.
  • Setup build trigger to poll SCM with “* * * * *”.
  • Check the box next to “Delete workspace before build starts”.(optional)
  • Look for Build section and click on Add build step.
  • Choose “Execute SonarQube Scanner”.
  • Enter the details of the project including name, project key, and android project source path.
  • Click ‘Save’.

Execute SonarQube Scanner

SonarQube Scanner starts scanning projects the moment we push changes to the Git repository. If auto scanning doesn’t starts, initiate it by clicking ‘Build Now’ at the Job home screen. We can now view the complete output log of the Job via console output. The path of the report is also available in the log.

View Report on SonarQube Dashboard

To view the Scanner report, we need to log into SonarQube server dashboard.

Thank you for going through the complete blog post. Feedback and comments for improvement are welcome. In the next tutorial, we’ll learn to “Test Android Apps and Notify the Concerned User through email using Jenkins”.

 

Until next time,

Techblog!

 

References

https://jenkins.io/doc/

https://www.sonarqube.org/

https://hub.docker.com/_/sonarqube/

https://docs.sonarqube.org/display/SONAR/Documentation

https://github.com/docker/compose

Related Posts

  • Mobile App Automation Testing using ‘ESPRESSO’

    If you are a Mobile Apps Test Engineer, you cannot overlook the very reliable Google Product i.e. Espresso. Espresso is an automatic UI testing or as we call it “hands…

  • Mobile App Development and Continuous Delivery – Introduction to Docker (1/7)Mobile App Development and Continuous Delivery – Introduction to Docker (1/7)

    DevOps has changed the way application development is done and has significantly influenced mobile app development too! DevOps methodology help bridge the gap between development and operations within an organization,…

  • Don’t be a data hog! – Designing Android Applications

    There are tons of mobile apps out there in the market, each specializing in their own area. There are a plenty of apps built on a single idea, around the…

  • Manager’s Dilema: SAS vs R vs Python

    There are countless articles on this topic already, and I must begin by accepting that I am quite late to this superstar battle. However, every time these champions of analytics…

  • Understanding Teradata Wallet

    Teradata Wallet is a facility for storage of sensitive/secret information, such as Teradata Database user passwords. Users are able to save and retrieve items by using this facility. Teradata wallet…

  • Introduction to Messaging

    Messaging is one of the most important aspects of modern programming techniques. Majority of today's systems consist of several modules and external dependencies. If they weren't able to communicate with…

Leave a Reply

Your email address will not be published. Required fields are marked *