SaFi Bank Space : SaFi Integrate SonarQube test coverage/code quality check into pull request flow

Overview

Introducing how to integrate SonarQube in our pull request flow.

Background

SonarQube has been set up for SonarQube SAST Guideline and Code Quality Management. There are some services/applications have been tracked by SonarQube, but some of them do not configure properly.

As the screenshot shows backoffice-manager coverage is 0.0%, but I checked the codebase it should be about 60%. For the the ticket manager, it show coverage is 0.0%, because the jacoco plugin is not properly configured in this project.

Quality Gate

Quality Gate is a combination of metrics which used for measure code quality.

We need to set up quality gate properly for both short term and long term

For short term, we want to continuously improve our test coverage. We can set quality gate for new code(from pull request branch) only. For example, test coverage of each pull request must be above 90%(or higher ?).

See https://docs.sonarqube.org/latest/branches/overview/ and https://docs.sonarqube.org/8.9/analysis/pull-request/ . This requires SonarQube Developer Plan https://www.sonarsource.com/plans-and-pricing/#sonarcloud or SonarCloud https://sonarcloud.io/

For long term, we need to track the change of test coverage for all applications/services, and hava a monthly or fortnightly goal of coverage improvement plan like the below table

How to integrate

• Set up Test Coverage Plugin for all projects

• Set up sonarqube plugin for all projects

• Add github action to check whether a PR pass SonarQube quality gate

• Block a PR if it fails on quality gate