Configure Jenkins with SonarQube for static code analysis and integration

Continuous integration and static code analysis

Continuous integration deals with merging code implemented by multiple developers into a single build system. Developers frequently integrate their code and the final build is automated, developer unit test are executed automatically to ensure the stability of the build. This approach is inspired by extreme programming methodologies. With a test driven approach put into place continuous integration would yield in the following benefits.

  • Identifying bugs and issues immediately as they arise.
  • Automated deployment and configuration to minimize manual deployment time.
  • Supports in generating documentation (Java Docs) automatically as post build steps.
  • Identifying conflicts in changes integrated.
  • Easier revert back to stable builds.
  • Metrics which provide code complexity and coverage.

Static code analysis analyzes source code for common coding standards and guidelines and notifies common code smells. Static code analysis performs analysis on uncompiled, unexecuted code. Even though there are extensions and tools for IDEs that allow individual developers to perform static code analysis, its important to note that integrating with continuous integration tools allows a more consistent an uniform analysis for all developers.

In this post we would be taking a closer look at setting up a Jenkins server, which would be the continuous integration tool, with SonarQube a static code analysis tool. The figure below illustrates how all of the tools would fit into place.

Integrating SonarQube with jenkins

Integrating SonarQube with jenkins

Individual developers would commit the code to a code repository. Jenkins would make checkouts of the code from the repository and would perform automated builds and would execute unit tests. During this process it would run a sonarqube runner which ultimately integrates the static analysis results to the SonarQube dashboard.

The SonarQube dashboard and the Jenkins server can be deployed as two separate components. The SonarQube Jenkins plugin ultimately executes the sonar runner to integrate the code to the sonar dashboard. This automated process can be repetitively performed at scheduled intervals.

Installing and configuring SonarQube

Navigate to http://www.sonarqube.org/downloads/ to download the latest version of SonarQube. Once downloaded extract the archive to a desired location.

Sonar Folder structure

Sonar Folder structure

The folder structure is organized to contain the binaries, configurations, extensions, logs and the dashboard web area.
Navigate to the conf folder. The conf folder consists of two configuration files, wrapper.conf and sonar.properties. Wrapper.conf contains JVM settings for the SonarQube server, such as memory limits JVM paths.
The sonar.properties contains configuration of the sonarQube server.

By default the SonarQube server makes use of an embedded H2 database. This configuration is not recommended for a production environment. The figure below lists the Sonar configuration file. The file contains configuration for different types of databases and the required type of database configuration could be enabled as required.

Sonar.properties file

Sonar.properties file

Once the required configuration changes have been made, to launch the Sonar Server navigate to the bin folder to find the binaries required. This folder contains specific sub folders based on the operating system been you wish to deploy on. Select the relevant folder structure, in this case we would be using windows-x86-64.

Sonar Binaries

Sonar Binaries


As you could see in the figure there are separate batch files for managing the server as a windows service or to launch it in console mode.

Install the service using the install service batch file. Then navigate to the windows services section by launching Run > services.msc . Start the sonar service.

Troubleshooting service launch issues
If the service fails to launch try troubleshooting by referring the log file logs/sonar.log file.

Issue

Starting service issue

Starting service issue


The issue as above could be solved by changing the identity of the service. By default the sonar service is launched as the system user account. Changing the identity to an account having permission to the file in the error would get the service up and running. In my instance I selected the Network Services account.

Solution

Right click of the Sonar Service on the Services manager and select properties and navigate to the Logon tab and select the desired identity as listed below.

Changing the Sonar service Identity

Changing the Sonar service Identity

Once the service has been successfully launched, navigate to the sonar dashboard to verify. The default sonar dashboard URL would be http://localhost:9000/dashboard/index/1. This completes the Sonar Dashboard setup.

Now lets setup a Jenkins server and automate releases from it into SonarQube.

Installing and configuring Jenkins

To get started navigate to the https://jenkins-ci.org/ URL and select a native package.

Downloading  Jenkins

Downloading Jenkins

Extract the package and run the installer. This would setup Jenkins. Launch the browser and point to
Next navigate to Manage Jenkins then Manage Plugins. This section allows to install the SonarQube plugin for Jenkins. From the available section search the SonarQube Plugin.

Installing Sonar Plugin for Jenkins

Installing Sonar Plugin for Jenkins

Once the installation is complete navigate back to Manage Jenkins then Configure System

This would launch the Jenkins configuration. This section allows to configure compilers, configuration of existing plugins and Repository settings.

Manage jenkins

Manage jenkins

Configure Build tools such as ANT, Maven and the JDK versions that are needed to build the project. The figure below shows a sample setup of the global parameters, JDK versions, environment variables can be configured here. JDKs could be automatically downloaded and configured via Jenkins itself.

Jenkins Global Configuration

Jenkins Global Configuration

After installing the Sonar plugin in the configuration section there would be a separate section for Sonar Server configuration. The Sonar section allows to configure Sonar Server URLs, database configuration for the sonar server and user credentials.

SonarQube Configuration

SonarQube Configuration

The next section that needs to be configured is the Sonar Runner. This could be configured to automatically downloaded and installed from Maven central. The figure below contains the configuration of a the Sonar Runner.

Sonar Runner Configuration

Sonar Runner Configuration

Creating a project in Jenkins

Navigate to the Jenkins home and select New Item to start off with a new project. Based on the project type select a type of configuration. Once the project is created the following could be configured in it.

Project : General Configuration

Project : General Configuration


General configuration consists of the item name and the item description. and the JDK version used.

Project :  Build Settings

Project : Build Settings


Another important configuration section consists of the build settings. It provides configuration to schedule the build.
Once the build scheduling is configured, a code repository needs to be provided to checkout the code. The figure below consists a snapshot of the configuration related to different code repository configurations.

Project :  Subversion

Project : Subversion

Finally configure the Sonar runner with the desired project related sonar.properties as explained earlier. Once this is configured the entire integration is done.

Project : Sonar Runner

Project : Sonar Runner

After the following configuration steps a build could be executed to verify the integration. If properly integrated the Jenkins log would show traces of SonarQube Runner execution and the results could be found at the sonar dashboard.

References

  1. Continuous Integration
  2. SonarQube Documentation
  3. Use Jenkins
Advertisements

17 thoughts on “Configure Jenkins with SonarQube for static code analysis and integration

  1. Any idea how jenkins sonar plugin can be incorporate with a web(angular js) project which has a bower.json for dependency management.

  2. It is still possible to break the build without a plugin. Using the Web-API and a defined Quality Gate is all you need. And a shell script which runs after the Sonar Scanner:

    sleep 10
    url=$(cat $WORKSPACE/.sonar/report-task.txt | grep ceTaskUrl | cut -f2,3 -d “=”)
    status=$(curl -u $SONAR_LOGIN:$SONAR_PASSWORD $url | jq .task.status | sed -e ‘s/^”//’ -e ‘s/”$//’)

    if [[ “$status” == “SUCCESS” ]]; then
    analysisId=$(curl -u $SONAR_LOGIN:$SONAR_PASSWORD $url | jq .task.analysisId | sed -e ‘s/^”//’ -e ‘s/”$//’)
    else
    echo “Sonar Run was not successful. Please check your Code.”
    exit 1;
    fi

    analysisUrl=”http://SonarURL:8080/api/qualitygates/project_status?analysisId=”
    quality_gate_status=$(curl -u $SONAR_LOGIN:$SONAR_PASSWORD $analysisUrl${analysisId} | jq .projectStatus.status | sed -e ‘s/^”//’ -e ‘s/”$//’)

    if [[ “$quality_gate_status” == “OK” ]]; then
    echo “Quality Gate Validation passed”
    else
    echo “Quality Gate Validation failed”
    exit 1;
    fi

    Try it.

    Best regards
    Alex

  3. Pingback: Possibility usage of Jenkins and its plugin – Come as you are

  4. Hello: I set up in the project sonarqube, but can’t jump straight to the sonarqube error list, how be to return a responsibility excuse me? thank you

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s