At (real) work, we’re planning on using SonarQube to measure code statistics – its a tool that will tell you whether your variable names match coding standards, or whether your code is duplicated, or has unused references etc. But I found out that SonarSource host an instance of SonarQube that can be used to analyse open source projects. As selfietorium is an open source project, I signed up.
For those looking to a more private solution, then it is possible to run your own sonarqube server, and that might be a topic for a future post – but for now I’m going to set up SonarQube.com to analyse selfietorium.
Logging on to SonarQube :
SonarQube uses github authentication, so connecting is easy. Once you are logged in you’ll need to create a security token. SonarQube works by having code pushed to it – so in the previous blogpost we used Travis CI to push the code to SonarQube. To make this happen we need a security token.
To create a security token :
Once you have authenticated with SonarQube and logged on, click your name in the top right of the page, and select “My Account”.
- From here click “Security”
- Click Generate to generate a token – give your token a suitable name. Once your token is generated make a note of it – you are going to need it later.
Back in Travis CI, the sonar-scanner line instructs a plug in to push the code to sonarqube using the configuration section and a new file that needs to be added to the project root:
We can now use the token we got from SonarQube to tell Travis-CI what to authenticate itself as. This is stored in the environment variables section, using the techniques I touched on in previous post, in particular the section on “Keeping Secrets”
Next time you build your project, it will be pushed to SonaqQube (along with the sonar-project.properties), and analysis performed against the code.
SonarQube is a great tool, but it doesn’t give us what we really want – a nice graphic we can add to our project read me – after all, that’s what’s important right?
Like SonarQube, Codacy uses github for authentication. To set up a project for analysis, it’ just a case of clicking your project and clicking go. It’s a much simpler setup that SonarQube. Getting that all important badge is also a breeze. Click on the Settings button from the dashboard.
From here you can generate markup for different documentation systems including html, rst, and markdown. Just copy the Markdown and paste it into the appropriate document on your github repository and now you’ll get a badge rewarding you for making the code better.