Industrial Project 234313 Make quality profile Sonar Qube
Industrial Project (234313) Make quality profile (Sonar. Qube) savable to SCM Final Meeting Students: Meshi Fried, Ilanit Smul Supervisor: Assaf Katz Computer Science Department Technion - Israel Institute of Technology
Sonar. Qube is an open source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells and security vulnerabilities on 20+ programming languages. Introduction Sonar. Qube use “Quality Profiles” and “Quality Gates” to analyze your project. Quality Profile allowed you to define the requirements from the project by defining sets of rules, and with Quality Gate you can define set of Boolean conditions based on measure thresholds against which projects are measured. Sonar. Qube's greatest asset is that it provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools. 2
Everything is code: Using configuration as code, in order to store Sonar. Qube analysis as source code. Automation over SCM: Goals Import and Export Quality Profiles and Quality Gates automatically straight to SCM (Git). Integrate with Jenkins: Defining Quality Profiles and Gates as injected configuration, and managing them through Jenkins. 3
Familiarity with web services concepts. Understanding of the Sonar. Qube API. Methodology Research on how to communicate with Sonar. Qube server using REST API and Ok. Http 3 library for Groovy. Maintaining Sonar. Qube Quality Profiles and Quality Gates with Git. Integrate our Groovy scripts with Jenkins by configuring a shared Library and writing pipeline scripts. 4
Automation the import and export of Quality Profile and Quality Gates. Full integration with Jenkins. Achievements 5 Upload the project’s deliverables to: Git – including documentation (link). Sonar. Qube community – in the near future.
Demo Examples 6 Website – link
Week 1 (1. 4 -7. 4): Understanding project goals. Planning the initial schedule. Experience with Sonar. Qube: Investigating the current behavior of import and export quality profiles/gates. Milestones Focusing on Java and Java. Script projects. Week 2 (8. 4 -14. 4): Familiarity with web services concepts. Understanding of the Sonar. Qube API, and specially the “import” and “export” options. 7 Research on how to communicate with Sonar. Qube server using REST API and c. URL commands.
Weeks 3 -4 (15. 4 -28. 4): Writing Batch scripts: Export Profile: export Quality Profile (XML file) from Sonar. Qube. Import Profile: import Quality Profile (XML file) into Sonar. Qube. Milestones 8 Export Gate: export Quality Gate (json file) from Sonar. Qube. Import Gate: import Quality Gate (json file) into Sonar. Qube. Note: At this stage of the project we realized that the Sonar. Qube API has fully supported in import and export of Quality Gate(contrary to our initial assumption), and therefore we had to change the schedule.
Week 5 (29. 4 -5. 5): Rewrite the scripts to Groovy: Export Profile: <project. Key> OR <language> <profile. Name> Import Profile: <file. Name> <token> OR <file. Name> <username> <password> Milestones Export Gate: <gate. Name> <file. Name> Import Gate: <file. Name> <token> OR <file. Name> <username> <password> Add support in authentication (username and password comparing to token). 9 Minor fixes, such as: Maintain project association for profiles/gate after running the scripts.
Weeks 6 -7 (6. 5 -19. 5): Start the integration with Jenkins: Define “Shared Library” and “Node”. Milestones Define 4 “Pipelines” for each operation and write the corresponding “Jenkins Files”. Week 8 (20. 5 -26. 5): Update the groovy scripts: Add more parameters (like Sonar Server). Run behind proxy server. Better exception support. 10
Weeks 9 -11 (27. 5 -16. 6): Continuing the integration with Jenkins. Add more parameters to support the combination with the Git (like GIT_URL and GIT_BRANCH). Fix a bug related to running Jenkins’s slave on different computers: Milestones Jenkins use two files system: One for the master and the other for the slave. For this reason, we had to change the way we read/write a file: instead of using the File object, we used Jenkins’s ‘read. File’/’write. File’ commands. 11 In addition, to support this solution, we moved our project from the “src” folder to a new “vars” folder.
Weeks 12 -13 (17. 6 -30. 6): Write documentation. Milestones Upload to Git. Hub. Create website for the project. 12
Project on Git Must include the following folders: Jenkins. Files Building Blocks Jenkins Configure the shared library in Jenkins. Sonar-Gates Configure Sonar. Qube node. Sonar-Profiles Import the relevant job. Sonar. Qube Server Projects Quality Profiles. Quality Gates. Dashboard. Sonar. Qube. Over. SCM repository Jenkins. Files – pipeline scripts. Jenkins. Jobs – includes pre-configured parameters. Vars - the Groovy scripts. 13 Sonar. Qube Over SCM
Workflow Configure the Shared Library and Node Import the job using CLI command “create-job” Build the job from jenkins Jenkins cloning your project and changes the relevant files Jenkins cloning the Shared Library to use the groovy scripts such as Export. Profile Enter the relevant parameters, such as your git url, sonar server url, etc. Build succeed or failed You can see the changes in Sonar. Qube or in your git Jenkins commits the changes if needed 14
We learned how to use REST API, and more generally how Web Services works. Conclusions We learned how to use the “Ok. Http 3 library” (for Groovy) to make HTTP requests from Sonar. Qube's server (after trying other solutions that did not work well when importing files to Sonar. Qube). We learned how to use Jenkins, and how to integrate this complex system with other projects. 15
Thank you! 16
- Slides: 16