This is a three part series on how to set up SonarQube as a Quality Gate in your SharePoint Framework development process. The end goal is to add SonarQube to your build and release process through DevOps. These three articles will explain:
- How to set up a sample SonarQube server in Azure
- How to run a code review manually
- How to integrate the code review into your Azure DevOps build and release process.
As part of a quality development process not only should developers be linting their code, running unit test and so forth, another step in the process which can be added is a “Code Quality” check using the open source project SonarQube.
In this article we will see how to create a stand alone sample SonarQube server in Azure (and locally if you really want as well).
“SonarQube provides the capability to not only show health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality systematically.”
In practice what it means is an additional tool which developers can use to write better, more maintainable code. This increases quality and reduces overall maintenace costs when implemented as part of a continuous build and deploy process.
Setting up the server
The first step is to create a SonarQube server upon which your code can be reviewed. Some VERY nice person by the name of vanderby has created an ARM template to “Deploy Sonar Cube to Azure“. It is limited by using an embedded database, but it will at least show you the basics before you are ready to scale this properly.
As the github page states – it does take a while to get started but once it is up you can start to use it.
To log into the server I used admin/admin. As this is a sample setup it doesn’t really matter.
Creating a project
Once you are set up and running you can create a project and a key which can then be used to access the server from a command line interface (CLI).
Under the administration server create a new project and once that is complete generate a key for your project
Using these credentals we can test out code from the command line.
Setting up a sample SonarQube server in Azure is pretty simple. As it states though this will not scale and if you are going to use this in an enterprise it will need some better set up. But for the sake of demonstration, it’s just fine.
In the next article we will look at how to apply this to an Azure DevOps build and deploy process for SPFx.
You can just as easily set up your own local SonarQube server by following the 2 minute set up installation instructions