This is an old revision of the document!
SonarQube
SonarQube is an open-source platform for static code analysis, used to verify the technical quality of the source code. The development is managed by sonarsource (Tool website: sonarqube.org). The tool was released in 2007 and was called “Sonar” until the name was changed in 2013.
Homepage: https://www.sonarqube.org/
Install Server
Activate in Projekt on GitLab
Doc: https://docs.sonarqube.org/latest/analysis/gitlab-integration/
- Create Access Token in Gitlab in the Group or Project
- Token name: SonarQube
- Scopes: api
- Expiration date: empty = no
- Role: Reporter
Save the group access token
- Import GitLab Project into SonarQube
- Add Projekt
- Enter group access token
- Select Project you want to add
- Choose “With GitLab CI” for analyze your repository
- Project key: Other
- file: .sonar-project.properties
- In root dir of the project.
- Filename: .sonar-project.properties
- Content:
sonar.projectKey=<project-name>_<key from sonarqube> sonar.qualitygate.wait=true sonar.python.version=2
- Add two vars to Project: Settings→ CI/CD → Variables
- key: SONAR_TOKEN
- Value: generate token in SonarQube Webinterface
- uncheck “Protect Variable”
- CHECK “Mask Variable”
- key: SONAR_HOST_URL
- Uncheck both: Protect Variable / Mask Variable
- add sonarqube job in .gitlab-ci.yml
stages:
- sonarqube
sonarqube_check_job:
only:
refs:
- tags
variables:
- $CI_COMMIT_TAG =~ /^[Cc]heck_source-.*$/ # commit tag starts job
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [""]
tags:
- sonarqube-runner
stage: sonarqube
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner -Dsonar.qualitygate.wait=false -Dproject.settings=.sonar-project.properties # -X = debug, only for tests if failed