SonarQube setup for attaining the code quality of project using Docker compose

·

4 min read

SonarQube is a static code analysis tool. It is an open-source and Java-based tool. it collects and analyzes source code, and provides reports checking the code quality of the project.

It combines static and dynamic analysis tools and enables quality to be measured continually over time. SonarQube can be set up using Docker Compose with fewer manual steps.

What is Docker compose

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration. Since Docker Compose lets you configure related containers in a single YAML file, you get the same Infrastructure-as-Code abilities as Kubernetes. But they come in a simpler system that’s more suited to smaller applications that don’t need Kubernetes’ resiliency and scaling.

The purpose of docker-compose is to function as docker cli but to issue multiple commands much more quickly. To make use of docker-compose, you need to encode the commands you were running before into a docker-compose.yml file

Run docker-compose up and Compose starts and runs your entire app.

SonarQube Architechture

SonarQube has three components namely

1. Scanner - This contains a scanner and analyzer to scan application code

2. SonarQube server - contains Webserver(UI) and search server

3. DB server - used for storing the analysis reports.

Pre-requisites

  • New Ubuntu EC2 is up and running with at least t2.medium (4 GB RAM)

  • Port 9000 is opened in the security firewall rule

Login to an instance where you will be installing SonarQube, and perform the recommended values for the current session by running the following commands as root on the host.

sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072
ulimit -n 131072
ulimit -u 8192
  • Now to make sure that the changes are getting into effect type the command sudo sysctl -p

  • Set the hostname as SonarQube by entering the command

    sudo hostnamectl set-hostname SonarQube

    It's not mandatory, just for our convenience.

Installing Docker-compose

  • Update the machine by performing the system update command

    sudo yum update

  • Installing Docker-compose by using the command

    sudo yum install docker-compose -y

  • Open a docker-compose yaml file in vi editor

    sudo vi docker-compose.yml

    this yaml has all configurations for installing both SonarQube and Postgresql.

version: "3"
services:
  sonarqube:
    image: sonarqube:community
    restart: unless-stopped
    depends_on:
      - db
    environment:
      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
      SONAR_JDBC_USERNAME: sonar
      SONAR_JDBC_PASSWORD: sonar
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_extensions:/opt/sonarqube/extensions
      - sonarqube_logs:/opt/sonarqube/logs
    ports:
      - "9000:9000"
  db:
    image: postgres:12
    restart: unless-stopped
    environment:
      POSTGRES_USER: sonar
      POSTGRES_PASSWORD: sonar
    volumes:
      - postgresql:/var/lib/postgresql
      - postgresql_data:/var/lib/postgresql/data
volumes:
  sonarqube_data:
  sonarqube_extensions:
  sonarqube_logs:
  postgresql:
  postgresql_data:

Save & exit the file by entering :wq!

  • Execute the compose file using the docker-compose command

    sudo docker-compose up -d

Now access sonarQube UI by going on to browser and enter public key with port 9000

After login as an admin we need to change password.

Jenkins Dashboard

Now login on to Jenkins and select manage jenkins and install required plugins.

  1. SonarQube Scanner

  2. Eclipse Temurin installer

Now go through Global tool Configuration and add instalations for JDK, SonarQube Scanner and maven.

Add JDK

Add SonarQube Scanner

Add maven

Apply the changes then save and exit.

Project type:

Now create a new project named sonar-analysis, pipeline type & click on ok

Now go through Configure

General: select discard old builds and add a max number of builds as 2

Advanced project options: select the script type as Hellow world

pipeline {
    agent any
    tools{
        jdk 'jdk11'
        maven 'maven3'
    }

    stages {
        stage('Git Checkout') {
            steps {
                git changelog: false, poll: false, url: https://github.com/maaz-mohd/Petclinic.git

            }
        }
        stage('Sonar Analysis') {
            steps {
                sh "mvn clean package"
                sh ''' mvn sonar:sonar -Dsonar.url=http://62.123.34/ -Dsonar.login=squ_a84652c619f9302593b0f284bb0a3182d7d0a4eb -Dsonar.projectName=Petclinic \
                    -Dsonar.java.binaries=. \
                    -Dsonar.projectKey=Petclinic '''
            }
        }
    }
}

Creating a token of Administrator on SonarQube

On SonarQube dashboard go through Administration select security > users > tokens

generate token > copy token

Now Apply and save it.

Build

As we have setup everything up, now it's time to build > click on build

This is the final report we get on our SonarQube dashboard in projects session our code has passed and code coverage is 82%

Thanks for reading.