Jump to content

Continuous integration/SonarQube Scanner

From mediawiki.org

wmf-sonar-scanner

[edit]

The Code_Health_Group/projects/Code_Health_Metrics working group maintains an integration with the static analysis code tool, SonarQube.

To use it, run "check experimental" on MediaWiki core or any extension (example). The link to the generated report will be output in the build logs for the "wmf-sonar-scanner" job.

You can read more about in this blog post.

Coming soon:

Debugging

[edit]

You can test out the scanner locally, if you have an API key.

docker run \
--volume $(pwd)/mediawiki/extensions/GrowthExperiments/log://var/lib/jenkins/log \
--volume /tmp/sonar-scanner-cache://cache \
--volume $(pwd)/mediawiki/extensions/GrowthExperiments://src \
--env SONAR_API_KEY=REDACTED \
--env ZUUL_PROJECT=mediawiki-GrowthExperiments \
docker-registry.wikimedia.org/releng/java8-sonar-scanner:0.4.0 \
-X \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.organization=wmftest \
-Dsonar.projectKey=mediawiki-extensions-GrowthExperiments \
-Dsonar.projectName=mediawiki-extensions-GrowthExperiments

The following example is useful if you want to make modifications to run.sh and copy them into the container without rebuilding the Docker image.

docker run \
--volume $(pwd)/src/mediawiki/extensions/examples/log://var/lib/jenkins/log \
--volume /tmp/cache://cache \
--volume $(pwd)//src/mediawiki/extensions/examples://src \
--entrypoint=sh \
--rm -it \
--env SONAR_API_KEY=REDACTED \
--env ZUUL_PROJECT=examples \
docker-registry.wikimedia.org/releng/java8-sonar-scanner:0.4.0

Then you can execute /run.sh -X  -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=wmftest -Dsonar.projectKey=mediawiki-extensions-Examples -Dsonar.projectName=mediawiki-extensions-Examples

Sonar Lint

[edit]

The SonarLint tool is a useful complement to SonarQube, as it runs many of the same checks locally in your IDE.