Enhancing Code Quality: Integrating SonarQube into Your CircleCI Pipeline
Introduction :-
In the ever-evolving landscape of software development, maintaining high code quality is paramount. It’s the bedrock on which stable, secure, and scalable applications are built. However, ensuring #codequality can be challenging, especially in a world where rapid development and continuous integration are the norm.
Enter #SonarQube, a powerful tool designed to help developers and teams enhance their code quality. #SonarQube doesn’t just scan code for bugs and vulnerabilities; it delves deep into the intricacies of code, identifying technical debt, duplications, and other issues that may compromise the long-term maintainability of your software.
Pre-requestisites:-
- #CircleCI application with #GitHub (project) configured.
- GitHub Repository with CircleCI full access.
- #SonarQubeAccess
Procedure :-
Step-1: First Login to your #SonarQube and generate a token, then copy it.
Step-2 :- Next Login to your circleci application and go to the contexts and then create a environment variable for #Sonarqube token in your circleci Context as shown below.
Step-3 :- Open your circleci config using a visual editor and add below job to run #Sonarqube on your project code.
version: 2.1
orbs:
sonarscanner: psl/sonarscanner@0.0.4
jobs:
# Sonarqube scanner
scan:
docker:
- image: YOUR DOCKER IMAGE
working_directory: /tmp/workspace
environment:
ENV_FILE: /tmp/workspace/.circleenv
DOCKER_BUILDKIT: "1"
BUILDKIT_PROGRESS: plain
steps:
- checkout
- attach_workspace:
at: /tmp/workspace
- run:
name: Install Sonarqube scanner
command: |
sudo apt-get update
sudo apt-get install -y openjdk-11-jdk
wget -O sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip
unzip sonar-scanner.zip
rm sonar-scanner.zip
- run:
name: Run Sonarscanner
command: |
export PATH="$PATH:$PWD/sonar-scanner-4.6.2.2472-linux/bin"
sonar-scanner \
-Dsonar.projectKey=$CIRCLE_BRANCH:$CIRCLE_PROJECT_REPONAME \
-Dsonar.host.url=https://sonarqube.com/ \
-Dsonar.login=$SONAR_TOKEN
workflows:
version: 2
main:
jobs:
- scan:
context: sonarqubeStep-4:- Commit your changes and push the code to the Github repository. Circleci will automatically trigger the changes and runs the pipeline.
Step-5 :- Go to the circleci projects and check whether the pipeline got triggered or not.
Step-6 :- Once the Job Completes, Go a head and check whether sonarqube detects bugs and vulnerabilities in code as shown like below.
Source-code Link :- “https://github.com/MahiraTechnology/Mahira-medium.git”
Conclusion :-
In the world of modern software development, #codequality is non-negotiable. It’s about creating maintainable, efficient, and secure codebases. #SonarQube, with its comprehensive code analysis, is a valuable ally on this journey.
Integrating #SonarQube into your #CircleCI pipeline empowers your team to detect and rectify issues early. This proactive approach saves time, resources, and elevates the overall quality of your codebase
