SonarQube Pull Request Decoration with GitLab
Reviewing pull requests is one of the daily (sometimes tiresome) tasks of software developers. Parts of the review can be automated so that the reviewer can concentrate on the essentials such as architecture and business logic.
Learn how your team can save review time with SonarQube Pull Request Decoration.
TL; TR — Preview
The following screens show SonarQube Pull Request Decoration in GitLab.
Read on if you’re interested in how it works.
What SonarQube can do for you
SonarQube scans your source code (20+ programming languages, including Swift — i used it for the quality assurance of an iOS project) and provides results for Reliability, Security and Maintainability. For details see here.
A Quality Gate is defined which defines the code standards (e.g. 90% test coverage, max 3% code duplication, 0 bugs and max 3 code smells).
If the code in the pull request does not meet the requirements from the Quality Gate, the Quality Gate is shown as failed in GitLab (you can decide during the setup in GitLab whether in this case the pipeline in GitLab should also be regarded as failed).
You need GitLab (11.7 or better) or GitLab self hosted and SonarQube Developer Editon (or better).
GitHub, GitHub Enterprise, Bitbucket Server and Azure DevOps Server are also supported.
To configure the sonar scanner you have to create a file called sonar-project.properties in the root directory of your project — heres an example (See here for the configuration documentation and here to copy the files content):
To run sonar locally (so that you can validate your sonar.properties file) the sonar-scanner must be installed on your machine.
On the mac you can do this with homebrew:
brew install sonar-scanner
For installation instructions on other platforms see here.
After installing sonar-scanner you can start it on the command line (make sure the sonar.login parameter is set properly in the sonar-project.properties or pass it as property):
If your properties file is valid the output should look something like this:
To activate sonarqube in your GitLab pull requests you have to add a section to your .gitlab-ci.yml — heres an example (heres the gist to copy the config):
With that you have laid the foundations. Follow the instructions on the Sonarqube documentation for more details on GitLab/Sonarqube integration.
If the Sonarqube integration works follow these instructions to set up Pull Request Decoration in GitLab.
So long, and thanks for all the fish
Thanks for reading. Perhaps SonarQube Pull Request Decoration will also help your team to produce clean and maintainable code and save some time reviewing the pull requests.
If you are interested in further automatic quality assurance measures in Pull Request, take a look at my article Automatic Quality Assurance Measures for iOS Projects with Fastlane, Danger and GitLab.
Credits & Links
SonarQube Documentation: https://docs.sonarqube.org/latest/
Credits for featured image: https://www.freellustrations.com/illustration/NDYp