I’ll be the first to say I am not a fan of sonarqube, but is the only tool out there that can do the job we need. Getting TypeScript working with it was royal butt hurt, but we got there in the end so I wanted to share our journey.
The best way we found to work with it was to store our rules in our tslint config in source control with our own settings and use it as, this is good because it’ll help keep the sonarqube server rules in sync with the developers.
The problem we run into is that the rules need to exist on the server, so if you for example add the react-tslint rules to your project they also need to be defined in the sonarqube server here
Once they are there sonar understand the rules, but will not process them, but rather than setting up the processing on the server we decide to use our build.
So what we do is
- Import ALL rules to sonar server (once off)
- run tslint and export failed rules to file
- import failed rules using sonar runner (instead of letting runner do analysis)
The server is aware of ALL rules, but its our tslint output that tells it which ones have failed, so you can disable rules in your tsling config that the server is aware of and it won’t report them.
This then means that the local developer experience and the sonarqube report should be a lot more in sync than having to maintain the server processing, and means it easier to run multiple project on the one server with disparate rule sets.
The hard part here though is the import of rules
For our initial import we did the follow rule sets:
And I have created some powershell scripts that generates the format that is needed from the rules git repos.
To use this clone each of the above repos, then run its corresponding script to generate the output file, then copy and paste this into the section in the sonarqube admin page (it’s ok, this is a once off step).[gist https://gist.github.com/dicko2/f41f3a4c7bf8787510f68a97d2b2f2ab /]
you should create one record below for each of the four imports, then paste the output from each powershell script into the boxes on the right, as seen below.
Once this is done you need to restart the sonarqube server for the rules to get picked up
WARNING: check for duplicate rule names, there is some (I forgot which ones sorry) and they prevent the sonarqube server from starting and you will need to edit the SQL database to fix it.
Then browse to your rule set and active the rules into it. I recommend just creating a single rule set and put everything in it, like i said you can control the rules from your tslint run, and just add all rules to all projects on the sonarqube server side.
After this run your sonarqube analysis build (see here if you haven’t built it yet https://beerandserversdontmix.com/2018/02/03/sonarqube-with-a-multilanguage-project-typescript-and-dotnet/ ) and you are away.