Sonarqube
Quick start
- Install from sonarqube docker image.
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube:9.9.1-community
-
Go http://localhost:9000/ to create a manual project and use local scan to get token.
-
Setup properties in root of your repo named
sonar-project.properties.
sonar.projectKey=${YOUR_PROJECT_KEY}
sonar.login=${YOUR_PROJECT_AUTH_TOKEN}
- Run scanner-cli for scan.
docker run \
--rm \
--network="host" \
-e SONAR_HOST_URL=${SONARQUBE_URL} \
-v ${YOUR_REPO}:/usr/src \
sonarsource/sonar-scanner-cli
For example, my command looks like:
docker run \
--rm \
--network="host" \
-e SONAR_HOST_URL=http://localhost:9000 \
-v ./:/usr/src \
sonarsource/sonar-scanner-cli
- Or using offical scanner.
sonar-scanner \
-Dsonar.projectKey=${YOUR_PROJECT_KEY} \
-Dsonar.sources=. \
-Dsonar.host.url=${SONARQUBE_URL} \
-Dsonar.login=${YOUR_AUTH_TOKEN} \
Issues
-
When sonarqube is hosted on the same machine use
--network="host"to make network work. -
Gitbash on Windows will break volume path of docker command.
Parameters
-
Specify branch or pull request for a scan after install sonarqube-community-branch-plugin 1.14.0.
- Add
-Dsonar.branch.name=${branch_name}for branch. - Add
-Dsonar.pullrequest.key=${pr_number} -Dsonar.pullrequest.branch=${pr_branch} -Dsonar.pullrequest.base=${base_branch}for pull request.
- Add
-
Upload javascript unit test converage report.
- Run
jest test --coverageto get report. - Add
-Dsonar.javascript.lcov.reportPaths=./coverage/lcov.infoto upload the report.
- Run
WebAPI
-
API document can be found at http://localhost:9000/web_api.
-
Fetch api with a
User Tokenset from http://localhost:9000/account/security.
curl -u <token>: 'http://localhost:9000/api/qualitygates/project_status?projectKey=test&pullRequest=1'
- Fetch api with a password
curl -u <user>:<password> 'http://localhost:9000/api/qualitygates/project_status?projectKey=test&pullRequest=1'
Plugins
Install
- Download
${plugin}.jarto local and copy into containers then restart.
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube:lts
docker cp ${plugin}.jar sonarqube:/opt/sonarqube/extensions/plugins
docker restart sonarqube
Recommend plugins
Following package's verion works with sonarqube
Community EditionVersion 9.9.1 (build 69595).
-
sonar-cnes-report-4.2.0, supported veriosn can be found in source code.
- plugin can be found in
Moretab.
- plugin can be found in
-
sonarqube-community-branch-plugin 1.14.0
-
The container should be start with the following command, using the
Dockerfilein the next section is recommended.docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 -e SONAR_WEB_JAVAADDITIONALOPTS=-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=web -e SONAR_CE_JAVAADDITIONALOPTS=-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=ce sonarqube:9.9.1-community
There will have
Branches and Pull Requestsin Administration > HouseKeeping tab means install success. -
Build From Dockerfile
- Download plugins
curl -L https://github.com/cnescatlab/sonar-cnes-report/releases/download/4.2.0/sonar-cnes-report-4.2.0.jar --output sonar-cnes-report-4.2.0.jar
curl -L https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/1.14.0/sonarqube-community-branch-plugin-1.14.0.jar --output sonarqube-community-branch-plugin-1.14.0.jar
- Add
Dockerfile
FROM sonarqube:9.9.1-community
COPY ./sonar-cnes-report-4.2.0.jar /opt/sonarqube/extensions/plugins/sonar-cnes-report-4.2.0.jar
COPY ./sonarqube-community-branch-plugin-1.14.0.jar /opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar
ENV SONAR_WEB_JAVAADDITIONALOPTS=-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=web
ENV SONAR_CE_JAVAADDITIONALOPTS=-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=ce
EXPOSE 9000 9092
- Build and Run, then executes scans for your projects.
docker build -t my-sonarqube .
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 my-sonarqube
