All geek questions in one place

SonarQube - how it is used

I have a simple problem, maybe with a simple answer, but I can not find what it is. We want to deploy SonarQube along with Checkstyle and some other tools, but we cannot understand, does this mean a centralized server deployment or on each developer machine? All tutorials show the settings on separate machines and are used on the local host, while there is an example of a public instance, and the requirements and specifications certainly look like service ones.

On the other hand, I don’t understand how developers submit their code to check if it is on the server.

So, in a word, how does it unfold? Any checklist or something like that would be very helpful.

+6
source share
2 answers

SonarQube (formerly "Sonar") is a server system. Of course, you can install it on your local computer (minimum hardware requirements). But this is a central server with a database.

Analyzes are performed by client sonar software, which can be a sonar runner, ant sonar task, Eclipse sonar plugin, etc. Analysis results can be automatically uploaded to the server, to which they can be accessed through the sonar web application.

In an environment with many developers, you must run a build server (such as Hudson or Jenkins), which performs automatic sonar analysis as part of the nightly build. Other schedules are possible, but developers need to know when they can expect server-side analysis results to be updated. The results of automatic analysis can be displayed in a separate Eclipse editor by the editor through the Eclipse sonar plugin.

Sonar's architectural documentation is pretty rare. I was looking for a picture to visualize what I just described, but could not find it ...

+9
source

The "runtime" SonarQube architecture has several elements:

  • SonarQube Server . It contains a database (e.g. MySql) and an embedded web server (Tomcat). The SonarQube server stores analysis results (metrics), but does not execute analysis code. This server provides a web interface that displays the project control panel, various indicators and code details, administrator settings.
  • A program that performs code analysis on a developer's machine . There are options: (a) developers can perform various code analyzes through the SonarQube Runner program; (b) if they use Eclipse or InteliJ, they can use the appropriate SonarQube plug-in, which provides configuration properties, menu options for starting analysis, presentation for detecting violations, etc .; (c) developers can also run code analysis through maven or ant - if you use maven, you just need a sonar-maven plugin that gives you sonar: the goal of sonar. All of these program parameters that run the analysis on the developer's machine must be configured to communicate with the SonarQube server. Thus, when you run code analysis in Eclipse using the Eclipse SonarQube plug-in, for example, the metrics will be uploaded to the server. This server is commonly used by all developers, but it can also be local.
  • Progran performing code analysis on a continuous integration server . The work that the software project creates can be customized to perform SonarQube code analysis. This can be done through maven, as on the developer's machine, or through a plug-in. There are SonarQube CI plugins for Jenkins, Hudson, Bamboo and others. Depending on the size of your project, you can configure code analysis to run only once a day, and not every time you commit or change dependencies. SonarQube code analysis performed on the CI server will also send the generated metrics to the SonarQube server.

The SonarQube architecture documentation is very poor (not to mention the absence), so it's hard to get a big picture. Hope this helps.

+14
source

Source: https://habr.com/ru/post/958153/

More articles:


All Articles