SonarQube setup for attaining the code quality of project using Docker compose
SonarQube is a static code analysis tool. It is an open-source and Java-based tool. it collects and analyzes source code, and provides reports checking the code quality of the project.
It combines static and dynamic analysis tools and enables quality to be measured continually over time. SonarQube can be set up using Docker Compose with fewer manual steps.
What is Docker compose
Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration. Since Docker Compose lets you configure related containers in a single YAML file, you get the same Infrastructure-as-Code abilities as Kubernetes. But they come in a simpler system that’s more suited to smaller applications that don’t need Kubernetes’ resiliency and scaling.
The purpose of docker-compose is to function as docker cli but to issue multiple commands much more quickly. To make use of docker-compose, you need to encode the commands you were running before into a docker-compose.yml file
Run docker-compose up and Compose starts and runs your entire app.
SonarQube Architechture
SonarQube has three components namely
1. Scanner - This contains a scanner and analyzer to scan application code
2. SonarQube server - contains Webserver(UI) and search server
3. DB server - used for storing the analysis reports.
Pre-requisites
New Ubuntu EC2 is up and running with at least t2.medium (4 GB RAM)
Port 9000 is opened in the security firewall rule
Login to an instance where you will be installing SonarQube, and perform the recommended values for the current session by running the following commands as root on the host.
sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072
ulimit -n 131072
ulimit -u 8192
Now to make sure that the changes are getting into effect type the command
sudo sysctl -p
Set the hostname as SonarQube by entering the command
sudo hostnamectl set-hostname SonarQube
It's not mandatory, just for our convenience.
Installing Docker-compose
Update the machine by performing the system update command
sudo yum update
Installing Docker-compose by using the command
sudo yum install docker-compose -y
Open a docker-compose yaml file in vi editor
sudo vi docker-compose.yml
this yaml has all configurations for installing both SonarQube and Postgresql.
version: "3"
services:
sonarqube:
image: sonarqube:community
restart: unless-stopped
depends_on:
- db
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
volumes:
- sonarqube_data:/opt/sonarqube/data
- sonarqube_extensions:/opt/sonarqube/extensions
- sonarqube_logs:/opt/sonarqube/logs
ports:
- "9000:9000"
db:
image: postgres:12
restart: unless-stopped
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
volumes:
- postgresql:/var/lib/postgresql
- postgresql_data:/var/lib/postgresql/data
volumes:
sonarqube_data:
sonarqube_extensions:
sonarqube_logs:
postgresql:
postgresql_data:
Save & exit the file by entering :wq!
Execute the compose file using the docker-compose command
sudo docker-compose up -d
Now access sonarQube UI by going on to browser and enter public key with port 9000
After login as an admin we need to change password.
Jenkins Dashboard
Now login on to Jenkins and select manage jenkins and install required plugins.
SonarQube Scanner
Eclipse Temurin installer
Now go through Global tool Configuration and add instalations for JDK, SonarQube Scanner and maven.
Add JDK
Add SonarQube Scanner
Add maven
Apply the changes then save and exit.
Project type:
Now create a new project named sonar-analysis, pipeline type & click on ok
Now go through Configure
General: select discard old builds and add a max number of builds as 2
Advanced project options: select the script type as Hellow world
pipeline {
agent any
tools{
jdk 'jdk11'
maven 'maven3'
}
stages {
stage('Git Checkout') {
steps {
git changelog: false, poll: false, url: https://github.com/maaz-mohd/Petclinic.git
}
}
stage('Sonar Analysis') {
steps {
sh "mvn clean package"
sh ''' mvn sonar:sonar -Dsonar.url=http://62.123.34/ -Dsonar.login=squ_a84652c619f9302593b0f284bb0a3182d7d0a4eb -Dsonar.projectName=Petclinic \
-Dsonar.java.binaries=. \
-Dsonar.projectKey=Petclinic '''
}
}
}
}
Creating a token of Administrator on SonarQube
On SonarQube dashboard go through Administration select security > users > tokens
generate token > copy token
Now Apply and save it.
Build
As we have setup everything up, now it's time to build > click on build
This is the final report we get on our SonarQube dashboard in projects session our code has passed and code coverage is 82%
Thanks for reading.