SonarQube integration on macOS (Swift & Objective-C) - Developer Edition
What is SonarQube?
SonarQube is Static Code Analysis tool used for continuous inspection of code quality to perform automatic reviews with a set of rules to detect bugs, code smells, and security vulnerabilities.
Prerequisites
Make sure your mac have java environment setup (System Preference>Java). If Not kindly install the JDK or JRE, the Current version (9.1) SonarQube Server and Scanners requires JDK 11 or JRE 11.
Installation Process
- Download the SonarQube Zip File from SonarQube and unZip it. (Make Sure you download the developer edition by signing-up for 14 day Trail Period, because for analysing Objective-C and Swift developer edition is needed. After the Signup SonarQube team will contact and get some of the details (lines of code, which type of edition needed, etc..), meanwhile proceed with the installation process)
- Start the SonarQube server using terminal by executing the command (your Downloaded Path)/sonarqube-9.1.0.47736/bin/macosx-universal-64/sonar.sh console
- Once installed successfully, check the server by login on to http://localhost:9000 in browser by using the admin credentials (Username: admin / Password: admin). It will move on to force password change
4. Share your serverID information (Administration->System) to the SonarQube Team for processing the developer edition trail period (14 days only). They will be sending the key for processing the same.
Creating New Project
Steps For creating a new Project in SonarQube
- Click -> Create a new project button.
- Provide -> Project key and a Display name and click the Setup button.
3. Select the Repository that need to be analysed.
4. Give your token a name, click the Generate button, and click Continue.
5. Select your project’s main language under Run analysis on your project, and Operating System. Download Sonar Scanner commands to execute a Scanner on your code.
Sonar Scanner
Sonar Scanner is the separate client type application that in connection with the SonarQube server, will run project analysis and then send the results to the SonarQube server to process it.
- Download the Sonar-Scanner for mac-os
- Unzip it and move it to the project directory
- To verify the sonar scanner execute the command, **(local Directory)/sonar-scanner-4.6.2.2472-macosx/bin/sonar-scanner -h
Configuring your project
Add a new file with name sonar-project.properties in your project directory and add the below code in that file
If there is a need for exclusion of a file or folder add the below command in .properties file (sonar.exclusions=**/*.swift,**/*.h,**/*.m (** represent the folder path, * represent the file name))
Running The Sonar Scanner From Terminal
Execute the Sonar Scanner commands which you have downloaded earlier from the SonarQube server in terminal, from the project base directory to launch the analysis.
if need add some additional parameters like, -Dproject.settings=(** local project path)/sonar-project.properties (for getting the project config)
After the successful completion, Log in to SonarQube to view scan results, by selecting the project.
Scanning ObjectiveC Projects
Scanning projects that contain ObjectiveC code requires some additional analysis steps.
- Download Build Wrapper for macOS
- Unzip the wrapper and add it in your project path.
- Execute the below command in terminal, build_wrapper_output_directory refers to your local project path.
build-wrapper-macosx-x86 — out-dir build_wrapper_output_directory xcodebuild clean build
- After the execution of above command build-wrapper-dump.json will be created in your project path
- Add the following code in sonar-project.properties file,
sonar.cfamily.compile-commands=(** local project path)/build-wrapper-dump.jsonElse you can directly add the below command while executing the sonar-scanner (-Dsonar.cfamily.build-wrapper output=build_wrapper_output_directory)
Additional Info
- For more Parameters to be added in .properties file refer https://docs.sonarqube.org/latest/analysis/analysis-parameters/
