Author Chen Caihua article reprint exchange please contact [email protected]Copy the code
Recently, the company introduced the automatic code inspection platform, and the technology selection is SonarQube, which is summarized as follows:
1 overview
SonarQube(Sonar) is an open source platform for managing source code quality. SonarQube is not only a quality data reporting tool, but also a code quality management platform. Support Java, C#, C/C++, PL/SQL, Cobol, JavaScrip, Groovy and so on more than twenty programming languages code quality management and detection. SonarQube can detect code quality across seven dimensions, with at least the first five code quality issues you need to address as a developer.
- SonarQube can regulate code writing through PMD,CheckStyle,Findbugs, and other code rule checking tools.
- (2) Potential defects SonarQube can detect potential defects using PMD,CheckStyle,Findbugs and other code rule detection tools.
- (3) Poor complexity distribution files, classes, methods, etc., will be difficult to change if their complexity is too high, making them difficult for developers to understand, and without automated unit testing, changes to any component of the program will likely result in the need for comprehensive regression testing.
- (4) Duplication Clearly a program that contains a lot of copy-and-paste code is of low quality, and SonarQube can show you where the source code is heavily duplicated.
- (5) Insufficient or too many comments without any comments will make the code readability worse, especially when staff changes inevitably occur, the readability of the program will be greatly reduced, and too many comments will cause developers to spend too much energy on reading comments, which also defeats the original purpose.
- SonarQube makes it easy to count and display unit test coverage.
- SonarQube can find loops, show package to package, class to class interdependencies, can detect custom architectural rules SonarQube can manage third-party JAR packages, can use LCOM4 to detect the application of individual task rules, detect coupling.
The following describes how to do continuous code quality inspection based on Jenkins and SonarQube.
2 Environment Preparation
The list is as follows, installation method by baidu Google
- Java environment
- Maven environment
- SonarQube platform
- Jenkins platform
- Databases (such as MySQL)
3 Environment Configuration
3.1 the Maven
To use Jenkins in Maven mode, you need to configure the configuration of SONAR in the conf/setting. XML file in the Maven installation directory
- Sonar. Login User name for logging in to the SonarQube platform
- Sonar. Password Password for logging in to SonarQube platform
- SonarQube: sonar.host.url Address of SonarQube platform
- Sonar. Inclusions code analysis includes which files need to be analyzed, separated by English commas
4 Instructions
4.1 Jenkins
Create a new task:
-
Step 1 Create the option to build a free-style software project
-
Step 2 Configure source code management. Git is used for source code management, and Gitlab is filled with master as the branch of source code library project
-
Step 3 Configure the build trigger. Set H 18 * * *, which indicates the scheduled build before 18:00 every day
-
Step 4 Configure and build the first line. Use the Jacoco plug-in to test the code coverage. The second line uses the Sonar plug-in to test the code and submit the test results
clean org.jacoco:jacoco-maven-plugin:prepare-agent install -Dmaven.test.failure.ignore=true -P dev
sonar:sonar
Copy the code
- Step 5 Configure the post-build procedure. Email needs to be configured in Jenkins in advance
4.2 SonarQube
SonarQube basic architecture diagram
SonarQube and project continuous Integration architecture diagram
2 SonarQube instructions
4.2.2 Developers using SonarQube locally based on Maven
The default for Jenkins’ daily build is to use master. During development, there are times when you need to check the code in the developer’s branch:
-
Step 1 Configure Maven. Configure the local Maven environment. For details, see 3.1 Maven Configuration
-
Step 2 Trigger the detection in the top-level directory of the project, run the command: MVN SONAR :sonar
4.2.3 Description of related indicators
4.2.4 Code quality threshold
Overall code quality statistics help users understand whether the project is ready for production
Default configuration (reconfiguration based on project requirements) :
The late outlook
- Currently only access to Java code detection, later will be the client, front-end code detection is also introduced
- Historical problems should be remedied in a phased manner in light of actual conditions
- Regularly summarize to reduce or avoid introducing the same quality problems in new projects and new code
reference
SonarQube code quality check tool