This Eddings sub-guide describes the steps necessary to make eddings a SonarQube server. It assumes that the following guides have already been followed:
- Eddings LDAP Server: Describes the steps necessary to make eddings an LDAP directory server.
- Eddings Puppet Master Server: Describes the steps necessary to make eddings a Puppet master server.
- Eddings Jenkins Server: Describes the steps necessary to make eddings a Jenkins CI server.
SonarQube provides a code quality analysis service and web application dashboard. It can be used to run static analysis tools such as PMD, storing, and tracking the results over time.
Installing the SonarQube Server
References:
The installation of Sonar was actually handled via Puppet: https://github.com/karlmdavis/justdavis-puppet/blob/master/manifests/nodes/eddings.pp. This included the LDAP plugin for Sonar, along with the DB that is used to store Sonar’s data.
In addition, an Apache proxy was setup was Sonar, using the following configuration in /etc/apache2/sites-enabled/justdavis.com-ssl
:
# Proxy the Java web application running at http://localhost:9000/
<Location /sonar>
ProxyPass http://localhost:9000/sonar
ProxyPassReverse http://localhost:9000/sonar
ProxyPassReverse http://justdavis.com/sonar
SetEnv proxy-nokeepalive 1
</Location>
This makes Sonar available at the following URL: https://justdavis.com/sonar/.
Configuring SonarQube
References:
The following was done after installing Sonar, to configure it:
- Open the Sonar web application: https://justdavis.com/sonar/.
- Log in using the default
admin
account. The default password is “admin
”. - Reset the
admin
user’s password:- Open the Settings > Users page: https://justdavis.com/sonar/users.
- Click the Change Password link for the
admin
user. - In the pane on the right, enter the new password.
- Write down the password in a secure location.
- Click the Update button.
- Populate the
karl
account from LDAP:- Log out.
- Log in using the
karl
account from LDAP/Kerberos. - Log out.
- Lock back in as
admin
.
- Make the
karl
user a Sonar admin:- Open the Settings > Users page: https://justdavis.com/sonar/users.
- Click the (select) link for the
karl
user’s groups. - Add the account to the sonar-users and sonar-administrators groups.
- Click the Save button.
- Log out.
- Log in using the
karl
account. - Create a
jenkins
user:- Open the Settings > Users page: https://justdavis.com/sonar/users.
- In the Add new user pane on the right:
- Login:
jenkins
- Name:
Jenkins Service Account
- Email: (leave blank)
- Enter a password for the account.
- Write down the password in a secure location.
- Click Create.
- Login:
- Click the (select) link for the
karl
user’s groups. - Add the account to the sonar-users and sonar-administrators groups.
- Click the Save button.
Configuring the Analysis Profile
When SonarQube analyzes a project, it does so against a set of rules known as a Quality Profile. This is basically a set of PMD rules that can be enabled/disabled. The default profiles have some silly rules, which need to be changed:
- Open the Quality Profiles page: https://justdavis.com/sonar/profiles.
- Click the Copy button for the Sonar way with Findbugs profile.
- New name:
justdavis.com
- Click the Copy button.
- New name:
- Click the Set as default button for the new justdavis.com profile.
- Open the new justdavis.com profile and make the following changes:
- Coding rules
- if/else/for/while/do statements should always use curly braces: disable
- Tabulation characters should not be used: disable
- Coding rules
Running SonarQube Analysis in Jenkins
References:
The primary way that projects will be added to SonarQube, and analyzed when changes are made to them, is via Jenkins.
Installing the SonarQube Plugin in Jenkins
The SonarQube plugin for Jenkins was installed, as follows:
- Open the Manage Jenkins > Manage Plugins page in Jenkins.
- Switch to the Available tab.
- Select the Jenkins Sonar Plugin from the list.
- Click the Download now and install after restart button.
-
Restart Jenkins, as follows:
$ sudo service jenkins restart
- Open the Manage Jenkins > Configure System page in Jenkins.
- Scroll down to the sonar > Sonar installations section (not the Sonar Runner section).
- Click Add Sonar.
- Name:
https://justdavis.com/sonar/
- Click Advanced….
- Server URL:
https://justdavis.com/sonar/
- Sonar account login:
jenkins
- Sonar account password: (the password that was set for the
jenkins
account in SonarQube that was created above) - Database URL:
jdbc:postgresql://localhost/sonar
- Database password:
sonarpassword
- Database driver:
org.postgresql.Driver
- Click the Save button at the bottom of the page.
- Name:
Adding SonarQube Analysis to a Jenkins Project
SonarQube analysis needs to be configured for each project it’s desired for. This was done, as follows:
- Open the project’s Configure page, e.g. https://justdavis.com/jenkins/job/jessentials/configure.
- Click the Add post-build action dropdown.
- Select Sonar.
- Click the Save button at the bottom of the page.
Once this has been configured, trigger a build of the project.