Monday, July 11, 2016

Using SonarQube in a Shared Docker Image to simplify Java code quality testing for teams - Part 1

As teams work to increase their speed to production, a discussion about code quality will inevitably come up. 

In many cases, development team members (even with production level tools in place) have difficulty checking code quality before checking code into a shared repository and have to wait to see results. 

This article seeks to provide a method to allow code quality checks using SonarQube to happen on the development station before having to check to the code into a code repository while also providing a consistent base Plugin­ set for team members. 

Although the procedure below gives a base set to start with for Java developers, it is provided as a guide to allow you to use a similar approach and build something that is perfect for your unique environment.

This is the first of several posts.

Part 1 - A Quick-Start to using SonarQube and docker on a developer workstation with no long-term data retention 

Part 2 - An extension of this procedure to a cloud based server (such as Digital Ocean) 

Part 3 - Some notes about storing data long-term into a database.

Important Notes:​


The Quick-Start procedure in this document launches a container on a workstation that is disposable and will not retain any data if re­-created.  
  
An understanding of docker installation and execution is implied.

Please consider firewall implications as source code may become available at port 9000 at your workstation.


Technology used:




Article Sections 

  • Quick­-Start (development station) 
  • Sample launchable Dockerfile and image


Quick-­Start 


Using the shared Droplet instance from your workstation


docker run -d --name sonarqube -p 9000:9000 mikecaspar/docker_sonarqube

You should see the latest image download .... 




You will be able to confirm the server is running with the command: 

docker ps


It should show you something like this ... 



Notice that the SonarQube server starts at tcp port 9000.  You may need to make firewall adjustments. 

To get the local server to see it’s current information, use the Url: 

http://localhost:9000


The default SonarQube instance will look like this:  






* Notice the red warning that data stored in this instance will not stay in the server after it has been restarted. 


To add your Java project to the local instance for current code quality information, go to your Java project directory (where you POM file is) and type: 


mvn sonar:sonar


By  default , the Sonar plugin looks for a local Sonar Server to store data. 

The sonar plugin will download from your configured sources, analyse your code with the currently configured rules and then store the results in the current temporary instance. 



Now, you can see your progress without the need to check your code into a repository first!


Go back to your web instance at http://localhost:9000 and you will see how your code quality is. 

This sample has a few hours of technical debt shown for presentation purposes ... 





 A more detailed view.. 





Sample launchable Dockerfile and image 


A sample Dockerfile is available at this git repository:  

https://github.com/MikeCaspar/docker-sonarqube

This repository could be used as is to launch containers without the need to create your own if you are happy with the settings in the repository. 

If you to make your own changes, feel free to fork or clone the repo.


The Dockerfile is available at  

https://raw.githubusercontent.com/MikeCaspar/docker-sonarqube/master/Dockerfile 

The default admin userid is ​admin​

The default admin password is ​admin​