Thursday, 5 February 2015

How to install and analyse Java code with SonarQube


Installation process

To give a quick try at SonarQube, just follow the steps below.

Get Started in Two Minutes

1. Download and unzip the SonarQube distribution (let's say in "C:\sonarqube" or "/opt/sonarqube")
2. Start the SonarQube server:
# On Windows, execute:
C:\sonarqube\bin\windows-x86-xx\StartSonar.bat
  
# On other operating system, execute:
/opt/sonarqube/bin/sonar.sh console
3. Download and unzip the SonarQube Runner (let's say in "C:\sonar-runner" or "/opt/sonar-runner")
4. Download and unzip some project samples (let's say in "C:\sonar-examples" or "/opt/sonar-examples")
5. Analyze a project:
# On Windows:
cd C:\sonar-examples\projects\languages\java\sonar-runner\java-sonar-runner-simple
C:\sonar-runner\bin\sonar-runner.bat
  
# On other operating system:
cd /opt/sonar-examples/projects/languages/java/sonar-runner/java-sonar-runner-simple
/opt/sonar-runner/bin/sonar-runner
6. Browse the results at http://localhost:9000 (default System administrator credentials are admin/admin)

Install SonarQube server in Linux (Ubuntu/Debian)

Edit "/etc/apt/sources.list" and add:
# SonarQube
deb http://downloads.sourceforge.net/project/sonar-pkg/deb binary/
And run the below commands as sudo:
apt-get update
apt-get install sonar
/etc/init.d/sonar start
After start the sonar service go to your web-browser on http://localhost:9000/ and login on it with admin/admin.
Next, go to "Settings -> Update Center -> Plugin Updates" and update the Java plugin.
Restart the server with:
/etc/init.d/sonar restart
Now you can analyse your code in Eclipse with your local sonar server.

Install SonarQube server plug-ins

Setup the proxy in your local server

Edit "/opt/sonar/conf/sonar.properties" file and add:
#--------------------------------------------------------------------------------------------------
# UPDATE CENTER
 
# The Update Center requires an internet connection to request http://update.sonarsource.org
# It is enabled by default.
sonar.updatecenter.activate=true
 
# HTTP proxy (default none)
http.proxyHost=proxy.my-proxy-url.com
http.proxyPort=8080
 
# proxy authentication. The 2 following properties are used for HTTP and SOCKS proxies.
http.proxyUser=my-proxy-user
http.proxyPassword=my-proxy-pass
Save it and restart Sonar again.

Choose the plug-ins

  1. Go to "Settings" -> "Update Center" -> "Available Plugins"
  2. Install:
    1. Checkstyle
    2. PMD
    3. fb-contrib
  3. Restart Sonar server

Import production rules into local Sonar server

  1. Export production rules from
    http://sonar.my-company.com/profiles
  2. Choose "Sonar way with Findbugs" profile and back it up.
  3. Go to your local server
    http://localhost:9000/profiles
  4. Delete your local "Sonar way with Findbugs" profile
  5. Restore the previous profile using in this case the production profile file.
  6. Set this one as default

How to set up Active Directory validation with LDAP in SonarQube server

Open the file "/opt/sonar/conf/sonar.properties" and add below lines:
# LDAP Configuration
sonar.security.realm=LDAP
sonar.security.savePassword=true
sonar.security.updateUserAttributes=true
sonar.authenticator.downcase=true
sonar.authenticator.createUsers=true
 
ldap.authentication=simple
ldap.url=ldap://my-ldap-host-server
ldap.bindDn=cn=jiraldapquery,ou=Serviceaccounts,ou=X-ADM,dc=root,dc=local
ldap.bindPassword=HERE-THE-PASSWORD
  
# User Configuration
ldap.user.baseDn=OU=standarduser,OU=X-RIS,DC=root,DC=local
ldap.user.request=(&(objectClass=user)(sAMAccountName={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
  
# Group Configuration
ldap.group.baseDn=OU=groups,OU=X-RIS,DC=root,DC=local
ldap.group.request=(&(objectClass=group)(member={distinguishedName}))
Restart the server with "/etc/init.d/sonar start"
More info here http://docs.codehaus.org/display/SONAR/LDAP+Plugin

Run a local analize with Gradle

Install Gradle

In Ubuntu Linux the process is quite easy:
sudo apt-get install gradle
Note: install at least version 1.12 (the old ones doesn't support the sonar plugin)
To get the last Gradle version you need to add the below lines into your "/etc/apt/sources.list" (only for Debian distributions) and import the pgp key that's used to sign the repository
source.list snippet
deb http://ppa.launchpad.net/cwchien/gradle/ubuntu YOUR_UBUNTU_VERSION_HERE main
deb-src http://ppa.launchpad.net/cwchien/gradle/ubuntu YOUR_UBUNTU_VERSION_HERE main
Import of the PGP-Key
apt-key adv --keyserver keyserver.ubuntu.com --recv-key D7CC6F019D06AF36

Start code analysis with SonarRunner

cd [PROJECT_BASE_DIR]/bin/custom
gradle sonarRunner
That's all :-)

Install and setup IDEs support

Eclipse IDE plugin

Add the below link into your "Available Software Sites"

http://dist.sonar-ide.codehaus.org/eclipse/
On your Eclipse you need to set some properties, for example for BayWa project:
  • Window -> Preferences -> SonarQube -> Preview Analysis Properties and then click on "New"
Sonar BayWa properties
sonar.buildbreaker.skip = true
sonar.sources = src
sonar.binaries = classes
  • Add the Sonar server into "Servers" section with below values:
Server URL = http://localhost:9000
User = admin
Password = admin
  • For each project select from context menu: "SonarQube" -> "Change ProjectAssociation..", the connection should be detected automaticly, just use "Finish" and analyes should start.

IntelliJ IDE plugin

Set up SonarQube in IntelliJ (take care with this plugin, it doesn't support multiple modules in a project without Maven)
Set up SonarQube with the Communitiy Edition plugin
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)