Staying ahead of your bugs - quality metrics for developing Atlassian plugins with SonarQube
SonarQube's quality dashboards are a useful tool for monitoring the quality of your code against a defined rule set and based on standard metrics. This blog post is complemented by two videos, and it provides you with the ready-made Maven configuration required to integrate SonarQube into your Continuous Integration (CI) build process.
Benefits of SonarQube
SonarQube is an 'open platform for managing code quality' that lets you assess your code from a variety of perspectives, including
- Coding rules
- Metrics such as complexity, and
- Dynamic measurements like code coverage in integration and unit tests.
Furthermore, it can be employed and extended free of charge. At the same time, professional support is available, as are commercial plugins that extend its scope. And since it meshes nicely with Maven, using the tool alongside your Atlassian plugin development environment is straightforward.
And in case you were wondering: SonarQube is indeed the tool formerly known as Sonar.
Continuously assess your code quality
Quality management with SonarQube is based on the analysis and measurement of your source code. Three types of measurement are used to assess code quality:
- Basic metrics (such as lines of code and number of classes), which give you an impression of the size and complexity of your code.
- Static analysis, i.e. the evaluation of rules against your code – e.g. are you complying wiht the naming conventions, or are you using any well-known anti-patterns, such as multi-threaded use of the SimpleDateFormatter.
- And last but not least, the dynamic measurement of code coverage for your unit and integration tests.
The findings of these measurements are conveniently included in various management views and/or dashboards. Moreover, you can always drill down to the underlying code, or compare current measurements with earlier ones. This proves extremely useful for identifying trends in your code base.
Using SonarQube to develop kick-ass Confluence add-ons
At K15t Software, we use SonarQube to safeguard the high quality of our code. The first video begins by offering an overview of our in-house software development environment – which, unsurprisingly, includes a host of Atlassian tools. The video then describes the capabilities of SonarQube which extend and enhance that environment. This section represents an executive summary.
SonarQube tutorial – setting up plugin development projects
The second video is a hands-on tutorial that explains how to set up a plugin development project for SonarQube, and gives you an impression of the SonarQube UI’s look & feel.
We'll add a profile and probably, you should only execute this profile on your CI server (of course you use Atlassian Bamboo ). Executing the SonarQube tasks will take some time. Most of the profile is devoted to telling Maven how to record coverage using the JaCoCo plugin.
Here are the additions required in your pom.xml document to integrate SonarQube into your CI build. Add the following profile and modify at the TODO tag, if you're developing code for a product other than JIRA:
When you're done, you can run
which will execute your build as usual, and also collect coverage data for your unit and integration tests.
Next, you need to put all test reports (not including coverage reports) into a single folder, as SonarQube can't handle multiple directories. To do this, you could use the Maven resource or dependency copy plugin. I myself used a simple Bash script, because I only run SonarQube analyses on our CI server.
When you’ve done that, running
will analyze the source code and execute the rule sets using the results from the first mvn call. When the run is completed, you can view the results in the SonarQube UI.
Setting up your SonarQube platform
"Cool. But where is the SonarQube UI?” you ask. Hmmm, I should’ve explained that by now. You will, of course, need to set up and install SonarQube and its database before you get started. You'll find a useful description of how to do this in the SonarQube documentation, which was created using Atlassian Confluence. And incidentally, integrating SonarQube’s user management functionality with your Atlassian Crowd directory is simple: See the Crowd Plugin documentation.