8. Quality Control
Contents
8.1. Sonar Qube
docker network create ecosystem
docker network create ecosystem
docker run \
--name sonarqube \
--detach \
--rm \
--network ecosystem \
--publish 9000:9000 \
--volume sonarqube_data:/opt/sonarqube/data \
--volume sonarqube_logs:/opt/sonarqube/logs \
--volume sonarqube_extensions:/opt/sonarqube/extensions \
sonarqube
Note
For SonarQube 8.2+ make sure you're using volumes as shown with the above commands, and not bind mounts. Using bind mounts prevents plugins and languages from populating correctly. https://docs.sonarqube.org/latest/setup/install-server/#header-3
--env SONAR_JDBC_URL=... \
--env SONAR_JDBC_USERNAME=... \
--env SONAR_JDBC_PASSWORD=...
# SONAR_JDBC_URL=jdbc:postgresql://localhost:5432/sonarqube?currentSchema=my_schema
8.2. Sonar Scanner
sonar-project.propertiesFurther Reading: https://dev.astrotech.io/sonarqube/sonarscanner.html
Further Reading: https://python.astrotech.io/devsecops/ci-cd/static-analysis.html
docker run --rm --network ecosystem -v $(pwd):/usr/src sonarsource/sonar-scanner-cli
8.3. Configuration for Java
## Sonar Server
sonar.host.url=http://sonarqube:9000/
sonar.login=admin
sonar.password=abcdefghi
## About Project
sonar.projectKey=myjavaproject
sonar.projectName=myjavaproject
sonar.sourceEncoding=UTF-8
## SonarScanner Config
sonar.verbose=false
sonar.log.level=INFO
sonar.showProfiling=false
sonar.projectBaseDir=/usr/src/
sonar.working.directory=/tmp/
## Build Breaker
sonar.buildbreaker.skip=false
sonar.buildbreaker.queryInterval=10000
sonar.buildbreaker.queryMaxAttempts=1000
## Debugging
# sonar.verbose=true
# sonar.log.level=DEBUG
# sonar.showProfiling=true
# sonar.scanner.dumpToFile=/tmp/sonar-project.properties
## Java
sonar.language=java
sonar.java.source=8
sonar.java.binaries=target/classes
sonar.sources=src/main/java
sonar.exclusions=**/migrations/**
8.4. Configuration for Python
## Sonar Server
sonar.host.url=http://sonarqube:9000/
sonar.login=admin
sonar.password=abcdefghi
## About Project
sonar.projectKey=mypythonproject
sonar.projectName=mypythonproject
sonar.sourceEncoding=UTF-8
## SonarScanner Config
sonar.verbose=false
sonar.log.level=INFO
sonar.showProfiling=false
sonar.projectBaseDir=/usr/src/
sonar.working.directory=/tmp/
## Build Breaker
sonar.buildbreaker.skip=false
sonar.buildbreaker.queryInterval=10000
sonar.buildbreaker.queryMaxAttempts=1000
## Debugging
# sonar.verbose=true
# sonar.log.level=DEBUG
# sonar.showProfiling=true
# sonar.scanner.dumpToFile=/tmp/sonar-project.properties
## Python
sonar.language=py
sonar.sources=.
sonar.inclusions=**/*.py
sonar.exclusions=**/migrations/**,**/*.pyc,**/__pycache__/**
8.5. Automation
#!/bin/sh
cd example-py-doctest/
python3 -m doctest -v doctests/*
#!/bin/sh
pip install -r requirements.txt
cd example-py-pytest/
python3 -m pytest
#!/bin/sh
docker run --rm --network ecosystem -v $(pwd):/usr/src sonarsource/sonar-scanner-cli
#!/bin/sh
cd example-py-unittest
python3 -m unittest
8.6. Alternatives
Server side quality monitoring:
SonarLint https://www.sonarlint.org
SonarQube https://www.sonarqube.org
SonarScanner https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
Findbugs http://findbugs.sourceforge.net
Checkstyle https://checkstyle.sourceforge.io
UI Testing:
Cloud based quality monitoring:
SonarCloud https://sonarcloud.io
Coveralls https://coveralls.io
Code Coverage:
Cobertura http://cobertura.github.io/cobertura/
Mutation Testing:
PiTest http://pitest.org
Load Testing:
Locust https://locust.io
Gatling https://gatling.io
JMeter https://jmeter.apache.org
BDD Testing: