Overview
SonarQube is an open platform for managing continuous inspection of the code quality, which can locate potential errors in the codebase.
This is a plugin to enable analysis of Dart and Flutter projects into SonarQube.
Installation of SonarQube/Sonar-Scanner
brew install sonar brew install sonar-scanner
or there is already a plugin/extension that can be downloaded at https://github.com/insideapp-oss/sonar-flutter .
Go to Releases
and take the latest one. In our case, it means sonar-flutter-plugin-0.4.0.jar
Also, Install sonar-scanner as explained in the official documentation.
Set SonarQube environment Variable
Enter vim ~/.bash_profile in the terminal to configure the sonar path. {version } can be replaced with the installed current version.
export SONAR_HOME=/usr/local/Cellar/sonar-scanner/{version}/libexec export SONAR=$SONAR_HOME/bin export PATH=$SONAR:$PATH
Project configuration
Create a sonar-project.properties file at the root with this content :
sonar.projectKey=SaFi_flutter sonar.projectName=SaFi sonar.projectVersion=1.0 sonar.sources=. sonar.test.inclusions=**/test/** sonar.exclusions=**/*.java, build/**, lib/**/*.g.dart sonar.host.url=${env.SONARQUBE_URL} sonar.login=${env.SONARQUBE_TOKEN} sonar.sourceEncoding=UTF-8 sonar.dart.analysis.useExistingOptions=true
Run analysis
Use the following commands and go to the root of the Flutter project and run to start an analysis :
flutter pub get # just in case flutter test --machine --coverage > tests.output sonar-scanner
Setup SonarQube and Sync SonarQube to Github Actions
we add this command into the file ci.yml → safi-mobile-analyze-test-ci.yml
, for example usage :
name: Reusable test and analyze mobile app on: workflow_call: inputs: working-directory: required: true type: string jobs: analyze_test: name: Analyzer and Test runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup sonarqube uses: warchant/setup-sonar-scanner@v3 - name: Run Sonarqube tests working-directory: .${{ inputs.working-directory }} env: SONARQUBE_URL: "http://34.124.144.240:8080" SONARQUBE_TOKEN: "467896c4766538b2485d0f147e55ce4eb8a1dd8b" run: | SONARQUBE_PROJECT=$(yq '.name' pubspec.yaml) SONARQUBE_PROJECT_VERSION=$(yq '.version' pubspec.yaml) sonar-scanner \ -Dsonar.projectKey=${SONARQUBE_PROJECT} \ -Dsonar.projectVersion=${SONARQUBE_PROJECT_VERSION} \ -Dsonar.host.url=${SONARQUBE_URL} \ -Dsonar.login=${SONARQUBE_TOKEN}
After that, we push the code into github, and we can see the result in the actions page like this :
And then login to sonarqube to view scan results :
After that, in the sonarqube dashboard, Click on the Quality Gates Tab to assigns a passed or failed designation for that project.
And create new quality gates, for example Sonar Mobile App
:
Then, we can add more conditions to a gate, for example :
References :
Attachments:
Screen Shot 2022-06-13 at 15.56.10.png (image/png)
Screen Shot 2022-06-13 at 16.55.21.png (image/png)
Screen Shot 2022-06-13 at 15.56.10.png (image/png)
Screen Shot 2022-06-13 at 17.00.30.png (image/png)
Screen Shot 2022-06-14 at 09.11.25.png (image/png)
Screen Shot 2022-06-14 at 09.12.31.png (image/png)
Screen Shot 2022-06-14 at 09.14.28.png (image/png)
Screen Shot 2022-06-14 at 09.14.19.png (image/png)
Screen Shot 2022-06-14 at 09.14.19.png (image/png)
Screen Shot 2022-06-14 at 09.14.55.png (image/png)
Screen Shot 2022-06-14 at 09.18.06.png (image/png)
Screen Shot 2022-06-14 at 09.24.45.png (image/png)
Screen Shot 2022-06-14 at 09.41.36.png (image/png)