Sonarqube and Docker

Sonarqube provides static code analysis, testing and continuous inspection. Also see Quality Assurance Tools

You can also have these validations as part of your IDE – https://www.sonarlint.org/visualstudio/

Run Locally

Docker

To spin up a docker container you can use the public sonarqube image and embedded H2 database (not suited for production) however fine for stand alone small projects.

  1. Spin up a container, there is a shell script here
    1. Default login is admin/admin
    2. Create a key and project
  2. Example key – 93292c24ba95f6dc5a9275ec169dd654a3382a2d
    1. Example project – PatternsAndPrinciples
  3. Download .Net Core SDK (if your target project is .Net Core)
    1. dotnet-sdk-2.1.302-win-x64.exe
    2. If you are targeting classic .net as long as you have msbuild you are fine
  4. Download Java Runtime
    1. jre-8u181-windows-x64.exe
  5. Download sonar-scanner-msbuild
    1. sonar-scanner-msbuild-4.3.1.1372-netcoreapp2.0.zip
    2. extract to C:\sonarscanner-msbuild-netcoreapp2\
    3. Add the path to your Environmental Variables – Path
      1. Ensure you add with the ending \

Run For .Net Core

Once you have the container up and the above installed, navigate via command prompt to the path your solution is on your local disk, example:

  • C:\Dev-Code-School\Boilerplate\Class Library\PatternsAndPrinciples

Then run the following substituting your container hosts IP and your key

1
dotnet sonarscanner begin /k:"PatternsAndPrinciples" /d:sonar.host.url="http://172.29.5.203:9000" /d:sonar.login="93292c24ba95f6dc5a9275ec169dd654a3382a2d"

Then build

1
dotnet build

Then end, once done navigate to the sonarcube containers UI and fix what it moans about :D

1
dotnet sonarscanner end /d:sonar.login="93292c24ba95f6dc5a9275ec169dd654a3382a2d"

Exclusions

If you need to exclude a class from quality checks while you are dev/testing just add [ExcludeFromCodeCoverage]

Remote Server

A fully licenced sonar server can scan branches! Additionally if you want to have test reporting the test results can be sent to the server. (The actual test run is done on the Team City agent)

1
2
3
4
5
6
7
8
9
10
11
12
# --- Sonarscanner begin ---
WORKDIR /code/project/My.Worker
RUN dotnet sonarscanner begin \
/k:$PROJECT_ID \
/n:"[Prefix] $PROJECT_NAME" \
/v:$BUILD_NUMBER \
/d:sonar.host.url=$SONAR_HOST_URL \
/d:sonar.login=$SONAR_LOGIN \
/d:sonar.password=$SONAR_PASSWORD \
/d:sonar.cs.opencover.reportsPaths="../My.Worker.Tests.Unit/opencover-report.xml" \
/d:sonar.cs.xunit.reportsPaths="../My.Worker.Tests.Unit/xunit-report.xml" \
$SONAR_PR_BRANCH $SONAR_PR_KEY
1
2
3
4
5
6
7
8
# --- Run unit tests ---
WORKDIR /code/project/My.Worker.Tests.Unit
RUN dotnet test "My.Worker.Tests.Unit.csproj" \
/p:CollectCoverage=true \
/p:CoverletOutputFormat=opencover \
/p:CoverletOutput="opencover-report.xml" \
--logger:"xunit;verbosity=normal;LogFilePath=xunit-report.xml" \
--logger:"console;verbosity=normal;"
1
2
3
4
5
# --- Sonarscanner end ---
WORKDIR /code/project/My.Worker
RUN dotnet sonarscanner end \
/d:sonar.login=$SONAR_LOGIN \
/d:sonar.password=$SONAR_PASSWORD

References