https://gitlab.com/afireinside/kubernetes-sonarqube
Versions
As of this writing, the following versions have been used:
- SonarQube 7.9.1-community LTS
- Minikube 1.5.2
- OSX 10.14.6 Mojave
- Kubernetes 1.16.2
- Docker 18.09.9
Description
SonarQube is a static analysis tool where it analyzes your code for bugs and code smells then shows you a nice report. The report includes why the lines chosen are bugs/code smells and what the recommended solution is.
Many coding languages are supported in the 7.9.1-community LTS version. I primarily use it for analyzing my Java code. The Java quality profile I prefer is FindBugs + FB Contrib.
Some of the benefits for having your own instance of SonarQube on your development machine include (but are not limited to)
- being able to make changes to the quality profiles and gates
- not using up the static analysis line limit if you're using an enterprise license
- experimenting with different plugins to find what works for you
- having a later version than what your enterprise version probably is
- privatizing all your code smells and bugs so no one ever has to know
- performing static analysis without making a commit or using up network bandwidth
- not relying on a small set of admins to make impactful changes to the instance
- etc
Installation
Lets hop into configuration and installation. This article assumes you have a Macbook laptop and Homebrew. Installation instructions are also available in the GitLab repository listed at the very top.
- First, you'll need Minikube (local Kubernetes cluster) and sonar-scanner (to perform static analysis)
brew install sonar-scanner
brew install minikube
- Configure Minikube to support the Sonar server and start the cluster (takes a few minutes)
minikube config set memory 4096
minikube config set cpus 2
minikube config set vm-driver hyperkit
minikube start
- Deploy your instance of SonarQube (will take a few minutes for pods to fully warm up and load SonarQube)
-
kubectl create secret generic postgres-pwd --from-literal=password={some made up password}
Remember to change the password. It can be anything you want kubectl create -f sonar-pv-postgres.yml
kubectl create -f sonar-pvc-postgres.yml
kubectl create -f sonar-postgres-deployment.yml
kubectl create -f sonarqube-deployment.yml
kubectl create -f sonarqube-service.yml
kubectl create -f sonar-postgres-service.yml
-
- Once all the pods are up and running, view your SonarQube instance (this will open a new browser tab with SonarQube). Default username/password is
admin/amin
minikube service sonar
Perform static analysis
Java
- In the root of your Java project, add an empty
sonar-project.properties
file. Thesonar-scanner
service will be looking for this file when performing static analysis. - Paste the following into the newly created
sonar-project.properties
file:
sonar.projectKey={name of project}
sonar.host.url=http://192.168.##.##:##### (url from minikube service sonar command)
sonar.login=${env.SONAR_TOKEN}
sonar.java.binaries=build/classes
sonar.sources=src/main/java
An example config would look like the following:
sonar.projectKey=notificationemailproc
sonar.host.url=http://192.168.64.9:31828
sonar.login=${env.SONAR_TOKEN}
sonar.java.binaries=build/classes
sonar.sources=src/main/java
Create and copy a new SonarQube token by going to the SonarQube instance in the browser and navigating to
My Account -> Security tab -> Enter Token Name -> Generate -> Copy token generated-
In your .bashrc or .zshrc file, add the following line:
export SONAR_TOKEN={SonarQube token that was just copied}
-
Reload your rc file
-
source ~/.bashrc
orsource ~/.zshrc
-
Run
sonar-scanner
in the project root directory. Once static analysis is finished, you can view the results in your SonarQube instance in the browser.
Useful plugins
- FindBugs
- Checkstyle
- Mutation Analysis
Thanks for reading!
Any questions, comments, or concerns, feel free to send me an email at philip.c.nguyen@gmail.com
Top comments (0)