Sonarqube is a cool tool, but getting multiple languages to work with it can be hard, especially because each language has its own plugin maintained by different people most of the time, so the implementations are different, so for each language you need to learn a new sonar plugin.
In our example we have a frontend project using React/Typescript and dotnet for the backend.
For C# we use the standard ootb rules from microsoft, plus some of our own custom rules.
For typescript we follow a lot of recommendations from AirBnB but have some of our own tweaks to it.
In the example I am using an end to end build in series, but in reality we use build chains to speed things up so our actual solution is quite more complex than this.
So the build steps look something like this
- dotnet restore
- Dotnet test, bootstrapped with dotcover
- Yarn install
- yarn test
- Sonarqube runner
Note: In this setup we do not get the Build Test stats in Teamcity though, so we cannot block builds for test coverage metrics.
So lets cover the dotnet side first, I mentioned our custom rules, I’ll do a separate blog post about getting them into sonar and just cover the build setup in this post.
with the dotnet restore setup is pretty simple, we do use a custom nuget.config file for our internal nuget server, i would recommend always using a custom nuget config file, your IDEs will pick this up and use its settings.
dotnet restore --configfile=%teamcity.build.workingDir%\nuget.config MyCompany.MyProject.sln
The dotnet test step is a little tricky, we need to boot strap it with dotcover.exe, using the analyse command and output HTML format that sonar will consume (yes, sonar wants the HTML format).
%teamcity.tool.JetBrains.dotCover.CommandLineTools.DEFAULT%\dotcover.exe analyse /TargetExecutable="C:\Program Files\dotnet\dotnet.exe" /TargetArguments="test MyCompany.MyProject.sln" /AttributeFilters="+:MyCompany.MyProject.*" /Output="dotCover.htm" /ReportType="HTML" /TargetWorkingDir=.
echo "this is working"
Lastly sometimes the error code on failing tests is non zero, this causes the build to fail, so by putting the second echo line here it mitigates this.
Typescript We have 3 steps.
yarn install, which just call that exact command
Out tslint step is a command line step below, again we need to use a second echo step because when there is linting errors it returns a non zero exit code and we need to process to still continue.
node ".\node_modules\tslint\bin\tslint" -o issues.json -p "tsconfig.json" -t json -c "tslint.json" -e **/*.spec.tsx -e **/*.spec.ts
echo "this is working"
This will generate an lcov report, now i need to put a disclaimer here, lcov has a problem where it only reports coverage on the files that where executed during the test, so if you have code that is never touched by tests they will not appear on your lcov report, sonarqube will give you the correct numbers. So if you get to the end and find that sonar is reporting numbers a lot lower than what you thought you had this is probably why.
Our test step just run yarn test, but here is the fill command in the package json for reference.
"test": "jest –silent –coverage"
Now we have 3 artifacts, two coverage reports and a tslint report.
The final step takes these, runs an analysis on our C# code, then uploads everything
We use the sonarqube runner plugin from sonarsource
The important thing here is the additional Parameters that are below
You can see our 3 artifacts that we pass is, we also disable the typescript analysis and rely on our analysis from tslint. The reason for this is it allows us to control the analysis from the IDE, and keep the analysis that is done on the IDE easily in sync with the Sonarqube server.
Also if you are using custom tslint rules that aren’t in the sonarqube default list you will need to import them, I will do another blog post about how we did this in bulk for the 3-4 rule sets we use.
Sonarqube without a language parameter will auto detect the languages, so we exclude files like scss to prevent it from processing those rules.
This isn’t needed for C# though because we use the nuget packages, i will do another blog post about sharing rules around.
And that’s it, you processing should work and turn out something like the below. You can see in the top right both C# and Typescript lines of code are reported, so this reports Bugs, code smells, coverage, etc is the combined values of both languages in the project.