As a Professional Software Developer I prefer always to use my localhost environment to develop applications.
Everything runs faster on localhost and it’s the most controlled environment you may get.
I think this is the reason why the most conversations between testers and developers end with the expected : “It works on my machine”…
Major life cycle stages in the life of every line of code are :
- git branch
- git master repository
- pipeline to release & stage (dev, qa, production)
In the last 3 months I had to increase code quality. I had a major impediment for this process : Sonar was configured to run only at stage 3, so for localhost and git local branch & git Pull Request the quality was ambiguous, freely decided by my “expert” human eye helped of course by ESLint.
SonarQube is used for tracking multiple coding metrics & potential problems and it works with a variety of programming languages and IDEs. It can spot syntax problems (code smells), it computes tests coverage, it checks for possible bugs & security issues.
But tracking everything at once, version by version and diff Sonar Qube enforces developer to stick with best practices (test coverage, small & testable components) and to naturally apply design principles, eg SO from SOLID.
After a few sprints using this tool the quality of code & progress of it can be measured and the team will perform better and better as the technical debt is controllable and the code base has robust form that can accommodate new developments easier and with lower risk of never ending refactoring.
Also the team expansion or members’ exchange becomes easier because of clean and easy to understand code base that you’ll have and bullet-prof for rookie mistakes when the test coverage is nearly 100%.
Install or obtain access to a SonarQube Server
I already had access to the internal SonarQube server but coverage results, code smells, refactoring advices and code duplications were visible only after the merge to master which happens at end of task. Every time after the task was finished I had to burn another 2 days in a process that I named : “sonar fix”
Download and Configure and Use Sonar Scanner CLI
Creating a new project is not intuitive at all. It involves a few steps before:
- creating a token in My Account -> Security
- download the latest Sonar Scanner CLI from here
- configure the scanner
- if your Sonar Qube server uses SSL then the certificate has to be added to cacerts in the scanner embedded JRE which is used by default , import that may be easily done with portecle. There is a very good article about this process here.Portcle must be used as Administrator on Windows
- put the Sonar Scanner bin folder to %PATH% environment vars is highly recommended
- running the scanner in the project folder for the first time will create the project on the server
Create and Analyse your new project with a central SonarQube instance
There is no create project button in the web ui page of SonarQube server.
(at least my version does not have it)
For my example is used this `sonar-project.properties` file in the project folder:
# projectKey must be unique in a given SonarQube instance sonar.projectKey=myspace:myprojectid sonar.projectName=myproject name sonar.projectVersion=1.0 sonar.sources=. sonar.sourceEncoding=UTF-8 sonar.host.url=https://<ip>:<port>/ sonar.login=<token_from_security_in_my_account>
For running a local docker SonarQube container there is a good tutorial on the Sonar Scanner doc page
Next you simply run
sonar-scanner.bat or OS command/app and everything will be created on server and you can manage your project rules in the server ui.
Configure SonarLint to have real-time Sonar checks
Sonar Lint is a great tool that works with modern IDEs to help you reduce technical debt. You can find more info here
Best combination of tools that increased my productivity and that I used so far :
IDE + SonarQube + Sonar Scanner + Sonar Lint + ESLint
Share you experience in comments if you know better options!