Use Jenkins+Sonarqueb for automated testing and code quality inspection

Jenkins is an open source continuous integration tool, its characteristics: easy to install, easy to configure, extensible (their own plug-in development), and it has hundreds of mature plug-ins, this plug-in features can do anything possible.

Introduction to the

Jenkins

Jenkins is an open source continuous integration tool that is easy to install, easy to configure, extensible (develop your own plug-ins), and has hundreds of mature plug-ins that make it possible to do just about anything.

Sonarqube

SonarQube is an open source platform for code quality management. Through plug-in form, can support including Java, Objective-C, Swift, C#, C/C++, PL/SQL,JavaScript and more than 20 programming languages code quality management and detection.

SonarQueb measures code quality from the following seven dimensions:

1. Poor complexity distribution

Files, classes, methods, etc., will be difficult to change if they are too complex, making them difficult for developers to understand, and without automated unit testing, changes to any component in the program will likely result in the need for full regression testing

2. Repeat

Clearly the program contains a lot of copy-and-paste code is poor quality sonar can show where the source code is heavily duplicated

3. Lack of unit testing

Sonar can easily tally and display unit test coverage and test result statistics

4. No code standards

Sonar can pass oclint, PMD, CheckStyle, Findbugs detection tools and so on code rules standardize the code

5. Not enough or too many comments

Without comments, code becomes less readable, especially when staff changes inevitably occur, and too many comments cause developers to spend too much time reading comments, which defeats the purpose

Potential bugs

Sonar can pass oclint, PMD, CheckStyle, Findbugs and so on code rule detection tools to detect potential bugs

7. Spaghetti Design

Sonar can find loops, show packages and packages, classes and classes of interdependence between the detection of custom architecture rules through Sonar can manage third-party JAR packages can use LCOM4 to detect the application of single task rules detection coupling

The installation

jenkins

1.brew install jenkins

2. Install Java 1.8 as prompted

3. Brew Services Jenkins start or Jenkins — httpPort=9002

4. Install related plug-ins

Folders Plugin Build timeout plugin Workspace Cleanup Plugin Ant Plugin Gradle Plugin Pipeline Github Organization Folders Plugin Pipeline Stage View Plugin Git Plugin Subversion Plug-in SSH Slaves plugin LDAP Plugin Email Extension Plugin Gitlab Plugin

Matters needing attention

Gitlab Plugin 1.5.3 has problems and needs to be downgraded to 1.5.1

Remove makeup 1.5.3 and install by uploading gitlab-plugin.hpi file of 1.5.1

Jenkins uses port 8080 by default, it will fail to configure Web hook with Gitlab CI on the default port, it is suggested to try another port:

Jenkins – httpPort = 9002

Sonarqube

download

From under the downloads.sonarsource.com/sonarqube/…

Configuring environment Variables

Configure the SONAR_HOME environment variable as /opt/sonarqube in the previous step

The mysql database

Sonarqube needs to save the scan results to a database, so you need to create database tables. Sonarqube support

SQL Server, Mysql, Oracle, and PostgreSQL. Mysql is used as an example.

If mysql has not been installed, use Homebrew to install it. After the installation is complete, create the corresponding account and number

According to the library:

CREATE USER ‘sonar’@’%’ IDENTIFIED BY ‘sonar’; GRANT all privileges ON sonar.* TO ‘sonar’@’%’ IDENTIFIED BY ‘sonar’; flush privileges; create database sonar;

With the above instructions we created a sonar user and a database named SONAR at the same time.

Modify/opt/sonarqube/conf/sonar. The properties file, set the related attributes as follows:

Sonar. Web. Host = 0.0.0.0 sonar. Web. Port = 9000 sonar. JDBC. Username = sonar sonar. The JDBC. Password = sonar sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar? useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false #sonar. Web. context=/your_prefix // Not required, configured if uniform prefix is needed when accessing sonarqube service

start sonarqube

/opt/sonarqube/bin/macosx-universal-64/sonar.sh start

download sonar scanner

Docs.sonarqube.org/display/SCA…

objective-c plugin

Making: github.com/Backelite/s…

Clone the vm to the main directory and run the./build-and-deploy.sh script

To compile the generated backelite sonar – objective – c – the plugin – 0.6.2. Copy the jar file to the/opt/sonarqube/extensions/plugins directory.

Finally, restart Sonarqube

Prerequisites

1.Installation of xcpretty with JUnit reports fix

Xcpretty needs fixed version installed to work with Sonarqube.

Git clone github.com/Backelite/x…

cd xcpretty

git checkout fix/duration_of_failed_tests_workaround

gem build xcpretty.gemspec

Sudo gem install –both xcpretty 0.2.2.gem

2.install xctool

brew install xctool

3.install oclint

brew tap oclint/formulae

brew install oclint

4.install gcovr

brew install gcovr

5.install slather

gem install slather

No implicit conversion of nil into string

sudo gem update –system

If prompted: No write permissions

sudo gem install /usr/local/bin slather

6.install lizard

sudo pip install lizard

If there is no installation PIP, download < https://bootstrap.pypa.io/get-pip.py >

chmod +x get-pip.py

sudo python get-pip.py

Demonstrate an example of sample code engineering

Configuration of code engineering

sonar-project.properties

Download the sonar- Objective-C Github project sample file above, copy it to the sample code project directory, modify it according to the corresponding Settings

run-sonar.sh

Copy this file to the code project directory

Jenkins configuration

Configure the GitLab connection under Manage Jenkins -> System Settings -> GitLab

Set the Gitlab URL at the Gitlab Host URL, then click Add at Creadential.

Create a Gitlab API token and fill the API token with the Gitlab token:

Create a project

Build a free-style software project, go to source Control, select Git, and do the following configuration:

Enter the URL of the corresponding project in the Repository URL. Note that the URL must be the SSH URL because the subsequent project check is accessed through SSH:

Then fill in the Branch Specifier to focus on.

Then click Add on the Credentials to configure the SSH key:

Select SSH Username with private key, Enter gitlab Username in Username, and then Enter directly for private key. Copy the contents of ~/. SSH /id_rsa directly. Note that the public key corresponding to the private key (id_rsa.pub) must be configured on gitlab; otherwise, it will fail. Click Add after the configuration is complete.

Then select the credential you created in the Credentials file. If the configuration is successful, no error message will be displayed; otherwise, error messages will be displayed.

Other configurations can be configured based on actual conditions. After the configuration is complete, click Save to complete the creation.

Configuration SonarQube servers

Go to manage Jenkins -> Global Configuration page, find SonarQube Servers, configure SonarQube server information:

The Server Authentication token can be generated in the security department of SonarQube website under personal account management:

Add the SonarScanner build step

Click the example project name that appears in Jenkins — > Configure — > Build (Add Build step),

Add a Execute Shell build step:

The Command content is:

.user directory /.bashrc # Load the required environment variables./ run-sonar-sonar. sh -v # Generate data and pass it to SonarQube Server

Build the project and display the generated data

Report generation process analysis

Bugs, Velnerabilities, Code Smells

In Objective-C, oclint statically scans project code to generate relevant data.

Unit testing

Run the virtual machine for unit tests using the Xcodebuild command, and then generate a report from the output data.

coverage

Generate data reports using the Slather tool.

Function to discuss

Currently, for Objective-C language, only 1 Bug and 186 Code Smells are supported by the objective-C plug-in mentioned above, which is not enough to support bugs and vulnerabilities.

Since SonarQube is not completely open source, there are commercial plugins for Objective-C, so if you want to support bugs and vulnerabilities well, you have to customize the rules and provide SonarQube support.

So we looked at how to customize rules and get SonarQube support by doing the following:

1. Modify the Oclint source code and add custom rules

2. Modify the source code of the Sonar -objectivec plug-in and add custom rules

3. Build code engineering, test custom rules, and generate display data

Oclint adds custom rules

Download the oclint source code at github.com/oclint/ocli…

Go to the code home directory and generate a custom rule template file using the scaffolding script:

oclint-scripts/scaffoldRule TestRule -t ASTVisitor

Edit the generated testrule. CPP file to implement custom rule logic.

Finally compile the whole project: l test code directory/test

cd oclint-scripts ./make

Test the test code with the generated Oclint program:

/build/oclint-release/bin/ oclint-report-type PMD -o test.xm Test file

The sonar-objectivec plug-in supports custom rules

The SonarQube server program takes advantage of the plug-in recognition rules and writes them to the database, so the plug-in code also needs to be changed.

Download the plugin source at github.com/Backelite/s…

The following three files need to be modified:

1.src/main/resources/com/sonar/sqale/oclint-model.xml

2.src/main/resources/org/sonar/plugins/oclint/profile-oclint.xml

3.src/main/resources/org/sonar/plugins/oclint/rules.txt

Then compile the plug-in:

./build-and-deploy.sh

Finally, copy the generated. Jar plug-in to the Extensions /plugins directory of the SonarQube server and restart the SonarQube service.

reference

The original link

To read more articles, please scan the following QR code: