Login/Register
SonarQube - how is it used
Asked Answered
Solved sonarqubecheckstylesonar-runnersoftware-quality
H

2

7

I have a simple problem, with a simple answer probably, but I can't find what is it. We want to deploy SonarQube along with Checkstyle and some other tools, but we can't find out is it meant for a centralized, server deployment, or on each developer machine? All tutorials show installations on separate machines and being used in the localhost, while there is a public instance example, and the requirements and specs certainly look service-like.

On the other hand, I'm not getting how do the developers submit their code for checks if it is on a server.

So, in short, how is it deployed? Any checklist or something similar would be of great help.

Handcrafted answered 15/11, 2013 at 15:57 Comment(0)
C
10

SonarQube (formerly just "Sonar") is a server-based system. Of course you can install it on your local machine (the hardware requirements are minimal). But it is a central server with a database.

Analyses are performed by some Sonar "client" software, which could be the sonar runner, the sonar ant task, the sonar Eclipse plugin etc. The analysis results can be automatically uploaded to the server, where they can be accessed via the sonar Web application.

In an environment with many developers, you should run a build server (e.g. Hudson or Jenkins), which performs automatic sonar analyses as part of the nightly build. Other schedules are possible, but the developers should know when they can expect updates of the server-side analysis results. The results of the automated analysis can be displayed in the individual developer's Eclipse editor by way of the sonar Eclipse plugin.

The architectural documentation on Sonar is quite sparse. I've looked for a picture to visualize what I just described, but could not find one ...

Consultative answered 15/11, 2013 at 19:8 Comment(3)
Thank you. This makes much more sense now. I'm not sure do we need a build server because we do not fall under the "many developers" category, and we are research oriented. However, we would like to raise our code quality so I guess these tools are the way to go. We'll just think about do we really need Sonar.Handcrafted
If you have more than one developer, a build server is a very good idea, because it demonstrates that your code can work somewhere other than your own personal development workstation. This build server can just be a "clean" workstation (i.e. that nobody uses for anything else), running something simple like Jenkins, with builds and quality analysis triggered whenever you commit new code to your version control system's master branch.Jacqui
I certainly don't agree that "many developers" is the prerequisite for having a separate build server, unless "many developers" means "more than one".Jacqui
D
16

The SonarQube "runtime" architecture has several elements:

  1. SonarQube server. It contains a database (e.g., MySql) and an embedded web server (Tomcat). The SonarQube server stores the results of analyses (the metrics), but does not execute the code analyses. This server provides a web UI that shows the dashboard of the projects, various metrics and drill down into code, admin options. It uses a pluggable architecture--you can add/remove funcitionality via plug-ins.
  2. Program that runs code analysis on the developer machine. There are options: (a) if they are using Eclipse or IntelliJ, they can use the respective SonarLint plug-in, which provides configuration properties, menu options to run analysis, a view to show violations, etc.; (b) developers can also run code analysis via maven (mvn sonar:sonar) or gradle (gradlew sonarqube); (c) developers can execute the various code analyses through a program called SonarQube Runner. All these options of programs that run the analysis on the developer machine need to be configured to communicate with a SonarQube server. For example, when you run code analysis in IntelliJ using SonarLint, the metrics will be uploaded to the server. This server is typically shared by all developers, but it can also be localhost.
  3. Program that runs code analysis on the CI/CD server. The job/pipeline that builds a software project can be configured to run SonarQube code analysis. It can be done via maven or gradle just like on the developer's machine, or via a plug-in. There are SonarQube CI plug-ins for Jenkins, Hudson, Bamboo, and others. Depending on the size of your project, you may want to configure the code analysis to run once a day only, and not upon each code commit or changes to dependencies. The SonarQube code analysis executed on the CI server will likewise send the generated metrics to the SonarQube server.

The SonarQube architecture documentation is very poor (not to say absent), so it's hard to get the big picture. I hope this helps.

Dehiscence answered 12/2, 2014 at 12:40 Comment(0)
C
10

SonarQube (formerly just "Sonar") is a server-based system. Of course you can install it on your local machine (the hardware requirements are minimal). But it is a central server with a database.

Analyses are performed by some Sonar "client" software, which could be the sonar runner, the sonar ant task, the sonar Eclipse plugin etc. The analysis results can be automatically uploaded to the server, where they can be accessed via the sonar Web application.

In an environment with many developers, you should run a build server (e.g. Hudson or Jenkins), which performs automatic sonar analyses as part of the nightly build. Other schedules are possible, but the developers should know when they can expect updates of the server-side analysis results. The results of the automated analysis can be displayed in the individual developer's Eclipse editor by way of the sonar Eclipse plugin.

The architectural documentation on Sonar is quite sparse. I've looked for a picture to visualize what I just described, but could not find one ...

Consultative answered 15/11, 2013 at 19:8 Comment(3)
Thank you. This makes much more sense now. I'm not sure do we need a build server because we do not fall under the "many developers" category, and we are research oriented. However, we would like to raise our code quality so I guess these tools are the way to go. We'll just think about do we really need Sonar.Handcrafted
If you have more than one developer, a build server is a very good idea, because it demonstrates that your code can work somewhere other than your own personal development workstation. This build server can just be a "clean" workstation (i.e. that nobody uses for anything else), running something simple like Jenkins, with builds and quality analysis triggered whenever you commit new code to your version control system's master branch.Jacqui
I certainly don't agree that "many developers" is the prerequisite for having a separate build server, unless "many developers" means "more than one".Jacqui

© 2022 - 2024 — McMap. All rights reserved.