Skip to content

Instantly share code, notes, and snippets.

@seantrane

seantrane/README.md

Last active February 14, 2024 17:25
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save seantrane/b753152218e75441dfd477ffaf017eaa to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save seantrane/b753152218e75441dfd477ffaf017eaa to your computer and use it in GitHub Desktop.
Download ZIP
SonarQube / SonarCloud Instructions
Raw
README.md

SonarQube / SonarCloud Instructions

Pay attention to these importants facts regarding Sonar inclusions/exclusions:

  • SonarQube, an opensource product, calculates coverage using percentage of lines-of-code (LOC) covered by tests.
  • SonarCloud calculates cost based on lines-of-code (LOC). This only applies to private repositories.
  • Adjust relative paths in sonar.sources and sonar.exclusions config properties to match your requirements.
  • Only scan the files you've written. DO NOT scan external libraries.
  • If you must scan large amounts of code, use an ephemeral SonarQube instance to reduce cost.

Use SonarQube Docker image for quick local scans

This is very helpful when first configuring the sonar-project.properties file and adjusting inclusion/exclusions settings.

  1. Run sonarqube container (in detached mode). This may command take a few minutes. It will respond with the containerId.

    docker run -d --name sonarqube \
  -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true \
  -p 9000:9000 --stop-timeout 3600 \
  sonarqube:latest

  2. Visit http://localhost:9000 in your web browser, using admin/admin for login/password.

  3. Create a new Sonar project and select manual configuration so that you can get a SONAR_TOKEN.

  4. Use the provided sonar-project.properties file as a template, changing values to match your requirements.

  5. Using your SONAR_TOKEN, run sonar-scanner from the root directory of your repository.

    docker run --rm -v "${PWD}:/usr/src" \
  -e SONAR_TOKEN="$SONAR_TOKEN" \
  sonarsource/sonar-scanner-cli

  6. Once you're happy with results, commit the sonar-project.properties file to your repo.

  7. If you'd like to use SonarCloud, make sure you change the sonar.host.url property to https://sonarcloud.io and follow SonarCloud instructions for integration.

  8. To remove SonarQube Docker container, run docker rm -f sonarqube.

Raw
sonar-project.properties
#-------------------------------------------------------------------------------
# SonarQube/SonarCloud URL
#-------------------------------------------------------------------------------
sonar.host.url=http://127.0.0.1:9000
# sonar.host.url=https://sonarcloud.io
#-------------------------------------------------------------------------------
# Sonar Project Info
#-------------------------------------------------------------------------------
sonar.organization=profile
sonar.projectKey=profile_reponame
sonar.projectName=reponame
sonar.projectVersion=latest
#-------------------------------------------------------------------------------
# Sonar Project URLs
#-------------------------------------------------------------------------------
sonar.links.homepage=https://github.com/profile/reponame#readme
sonar.links.ci=https://github.com/profile/reponame/actions
sonar.links.scm=https://github.com/profile/reponame
sonar.links.issue=https://github.com/profile/reponame/issues
#-------------------------------------------------------------------------------
# Sonar source paths
#-------------------------------------------------------------------------------
sonar.sources=.
#-------------------------------------------------------------------------------
# Files - Configure the files that should be completely ignored by the analysis.
#-------------------------------------------------------------------------------
# Patterns used to exclude some source files from analysis.
sonar.exclusions=temp/**/*, **/.scannerwork/**/*, **/megalinter-reports/**/*, **/node_modules/**/*, **/*.test.js, **/*.test.ts
# Patterns used to include some source files and only these ones in analysis.
sonar.inclusions=src/**/*
# Patterns used to exclude some test files from analysis.
sonar.test.exclusions=
# Patterns used to include some test files and only these ones in analysis.
sonar.test.inclusions=**/*.test.js, **/*.test.ts
#-------------------------------------------------------------------------------
# Code Coverage
# Configure the files that should be ignored by code coverage calculations.
#-------------------------------------------------------------------------------
# Patterns used to exclude some files from coverage report.
sonar.coverage.exclusions=
#-------------------------------------------------------------------------------
# Duplications
# Configure the files that should be ignored by duplication detection.
#-------------------------------------------------------------------------------
# Patterns used to exclude some source files from the duplication detection mechanism.
# See below to know how to use wildcards to specify this property.
sonar.cpd.exclusions=
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment