Overview
SonarQube is an open platform for managing continuous inspection of the code quality, which can locate potential errors in the codebase.
This is a plugin to enable analysis of Dart and Flutter projects into SonarQube.
Installation of SonarQube/Sonar-Scanner
brew install sonar brew install sonar-scanner
or there is already a plugin/extension that can be downloaded at https://github.com/insideapp-oss/sonar-flutter .
Go to Releases and take the latest one. In our case, it means sonar-flutter-plugin-0.4.0.jar
Also, Install sonar-scanner as explained in the official documentation.
Set SonarQube environment Variable
Enter vim ~/.bash_profile in the terminal to configure the sonar path. {version } can be replaced with the installed current version.
export SONAR_HOME=/usr/local/Cellar/sonar-scanner/{version}/libexecÂ
export SONAR=$SONAR_HOME/bin export PATH=$SONAR:$PATH
Project configuration
Create a sonar-project.properties file at the root with this content :
sonar.projectKey=SaFi_flutter
sonar.projectName=SaFi
sonar.projectVersion=1.0
sonar.sources=.
sonar.test.inclusions=**/test/**
sonar.exclusions=**/*.java, build/**, lib/**/*.g.dart
sonar.host.url=${env.SONARQUBE_URL}
sonar.login=${env.SONARQUBE_TOKEN}
sonar.sourceEncoding=UTF-8
sonar.dart.analysis.useExistingOptions=true
Run analysis
Use the following commands and go to the root of the Flutter project and run to start an analysis :
flutter pub get # just in case flutter test --machine --coverage > tests.output sonar-scanner
Setup SonarQube and Sync SonarQube to Github Actions
we add this command into the file ci.yml → safi-mobile-analyze-test-ci.yml, for example usage :
name: Reusable test and analyze mobile app
on:
workflow_call:
inputs:
working-directory:
required: true
type: string
jobs:
analyze_test:
name: Analyzer and Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup sonarqube
uses: warchant/setup-sonar-scanner@v3
- name: Run Sonarqube tests
working-directory: .${{ inputs.working-directory }}
env:
SONARQUBE_URL: "http://34.124.144.240:8080"
SONARQUBE_TOKEN: "467896c4766538b2485d0f147e55ce4eb8a1dd8b"
run: |
SONARQUBE_PROJECT=$(yq '.name' pubspec.yaml)
SONARQUBE_PROJECT_VERSION=$(yq '.version' pubspec.yaml)
sonar-scanner \
-Dsonar.projectKey=${SONARQUBE_PROJECT} \
-Dsonar.projectVersion=${SONARQUBE_PROJECT_VERSION} \
-Dsonar.host.url=${SONARQUBE_URL} \
-Dsonar.login=${SONARQUBE_TOKEN}
After that, we push the code into github, and we can see the result in the actions page like this :
 |  |
And then login to sonarqube to view scan results :
After that, in the sonarqube dashboard, Click on the Quality Gates Tab to assigns a passed or failed designation for that project.
And create new quality gates, for example Sonar Mobile App :
Then, we can add more conditions to a gate, for example :
References :
Attachments:
Screen Shot 2022-06-13 at 16.50.57.png (image/png)
Screen Shot 2022-06-13 at 15.56.10.png (image/png)
Screen Shot 2022-06-13 at 16.55.21.png (image/png)
Screen Shot 2022-06-13 at 15.56.10.png (image/png)
Screen Shot 2022-06-13 at 17.00.30.png (image/png)
Screen Shot 2022-06-14 at 09.11.25.png (image/png)
Screen Shot 2022-06-14 at 09.12.31.png (image/png)
Screen Shot 2022-06-14 at 09.14.28.png (image/png)
Screen Shot 2022-06-14 at 09.14.19.png (image/png)
Screen Shot 2022-06-14 at 09.14.19.png (image/png)
Screen Shot 2022-06-14 at 09.14.55.png (image/png)
Screen Shot 2022-06-14 at 09.18.06.png (image/png)
Screen Shot 2022-06-14 at 09.24.45.png (image/png)
Screen Shot 2022-06-14 at 09.41.36.png (image/png)
