A utility to collect a history of key numbers for each SonarQube analysis triggered by maven builds.
Steinar Bang 96eaeff6c6 Change docker image name from sonar-collector to steinarb/sonar-collector | 10 ay önce | |
---|---|---|
.github | 1 yıl önce | |
docker | 10 ay önce | |
jacoco-coverage-report | 11 ay önce | |
sonar-collector-webhook | 11 ay önce | |
.editorconfig | 7 yıl önce | |
.gitignore | 2 yıl önce | |
LICENSE | 7 yıl önce | |
README.org | 11 ay önce | |
pom.xml | 11 ay önce |
SonarQube is a code analysis tool that shows key numbers about code quality, e.g. code coverage, code complexity and various code practices.
SonarQube has a web GUI that allows exploring the analysis results.
However, SonarQube has no storage of build quality history. To keep statistics about code quality one either have to manually type the key numbers of each analysed application into a spreadsheet, or use something like this tool.
This utility consists of a servlet that serves as a webhook that is called by Sonar when completing an analysis. The webhook POST data doesn't have the necessary information (which are some key metrics of the build).
So when receiving a POST, the servlet will do a callback to the SonarQube REST API to retrieve the metrics, which will then be stored in a PostgreSQL database.
The servlet has been written as a microservice that can be installed into an apache karaf instance.
file:https://github.com/steinarb/sonar-collector/actions/workflows/sonar-collector-maven-ci-build.yml/badge.svg file:https://coveralls.io/repos/github/badges/shields/badge.svg?branch=master file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=alert_status#.svg file:https://maven-badges.herokuapp.com/maven-central/no.priv.bang.sonar.sonar-collector/sonar-collector/badge.svg
file:https://sonarcloud.io/images/project_badges/sonarcloud-white.svg
file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=sqale_index#.svg file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=coverage#.svg file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=ncloc#.svg file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=code_smells#.svg file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=sqale_rating#.svg file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=security_rating#.svg file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=bugs#.svg file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=vulnerabilities#.svg file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=duplicated_lines_density#.svg file:https://sonarcloud.io/api/project_badges/measure?project=steinarb_sonar-collector&metric=reliability_rating#.svg
Version | Date | Description |
---|---|---|
1.5.22 | <2023-12-14 Thu> | Use postgresql JDBC 42.7.1 and mockito 5.8.0 |
1.5.21 | <2023-12-12 Tue> | Use liquibase 4.24.0 |
1.5.20 | <2023-11-05 Sun> | Use jackson 2.15.3, junit jupiter 5.10.0, and mockito 5.7.0 |
1.5.19 | <2023-10-31 Tue> | Use karaf 4.4.4 |
1.5.18 | <2023-07-30 Sun> | Use liquibase 2.15.2 |
1.5.17 | <2023-07-08 Sat> | Use Java 17 |
1.5.16 | <2023-07-02 Sun> | Use liquibase 4.23.0 |
1.5.15 | <2023-04-26 Wed> | Use jackson 2.15.0 |
1.5.14 | <2023-04-24 Mon> | Use jackson 2.14.2 |
1.5.13 | <2023-04-23 Sun> | Build karaf feature files in the maven "compile" phase |
1.5.12 | <2023-03-06 Mon> | Use liquibase 4.19.0, pax-jdbc 1.5.5, postgresql jdbc 42.5.4, karaf 4.4.3 |
1.5.11 | <2022-12-04 Sun> | Use jackson 2.14.1 to fix CVE-2022-42003 and CVE-2022-42004 |
1.5.10 | <2022-11-26 Sat> | Use postgresql jdbc 42.5.1 to fix CVE-2022-41946 |
1.5.9 | <2022-11-01 Tue> | Use liquibase 4.17.1, postgresql jdbc 42.5.0 |
1.5.8 | <2022-10-20 Thu> | Add support for maintainability, security and reliability ratings |
1.5.7 | <2022-10-12 Wed> | Work with SonarQube with version >= 8 (no longer works with version 7.x and older) |
1.5.6 | <2022-10-09 Sun> | Github actions CI build, sonar report cleanup, support for sonar user token |
1.5.5 | <2022-08-21 Sun> | Use liquibase 4.15.0 |
1.5.4 | <2022-08-10 Wed> | Use maven-bundle-plugin 5.1.8, junit jupiter 5.9.0, mockito 4.6.1, and assertj 2.23.1 |
1.5.3 | <2022-08-10 Wed> | Use postgresql jdbc driver 42.4.1 |
1.5.2 | <2022-07-25 Mon> | Use karaf 4.4.1 |
1.5.1 | <2022-05-31 Tue> | Use jackson jackson 2.13.3 to fix security issue |
1.5.0 | <2022-05-29 Sun> | Use karaf 4.4.0 and OSGi 8 |
1.4.8 | <2022-02-21 Mon> | Use Java 11, karaf 4.3.6, junit 5.8.2, assertj 3.22.0 and mockito 4.3.1 |
1.4.7 | <2021-10-14 Thu> | Use karaf 4.3.3 and postgresql JDBC 4.2.24 |
1.4.6 | <2021-07-25 Sun> | Use PostgreSQL JDBC driver 42.2.23 |
1.4.5 | <2021-06-15 Tue> | Use jackson 12.3 |
1.4.4 | <2021-06-13 Sun> | Align dependency versions with other applications |
1.4.3 | <2021-06-01 Tue> | Get versions for the OSGi 7 framework and the OSGi compendium from the karaf BoM |
1.4.2 | <2021-04-19 Mon> | Get OSGi adapters dependency from a BoM |
1.4.1 | <2021-04-17 Sat> | Get maven dependency versions and maven plugin config from a parent POM |
1.4.0 | <2021-04-12 Mon> | Built with karaf 4.3.0 and OSGi 7 |
1.3.4 | <2021-03-21 Sun> | Bugfix: avoid loading junit and hamcrest in karaf |
1.3.3 | <2021-03-21 Sun> | Get maven dependencies from the karaf 4.2.11 BoM |
1.3.2 | <2020-10-10 Sat> | Use PostgreSQL JDBC driver 42.2.17 |
1.3.1 | <2020-09-26 Sat> | Use PostgreSQL JDBC driver 42.2.12 |
1.3.0 | <2020-07-24 Fri> | Remove use of cobertura, upgrade liquibase from 3.5.3 to 3.8.0 |
1.2.0 | <2020-04-20 Mon> | Use jackson-databind 2.9.10.3, make liquibase script work with h2 |
1.1.0 | <2019-11-14 Thu> | Use pax-jdbc-config to set up the database, build with openjdk 11, jackson security upgrade |
1.0.0 | <2017-12-18 Mon> | First release |
(this assumes that you have an apache karaf already installed on your development computer, as well as git, maven, and a Java development kit)
/Note/: You will need to have a suitable PostgreSQL database to write to for this servlet to be meaningful. See the sections Create the database and Using a database running on a different host for more detail. The database just have to be a blank, freshly created database, that the servlet can write to, either on localhost with the curent user, or using JDBC credentials configured from the karaf console (this is what's covered in Using a database running on a different host).
The latest version of the sonar-collector is available from docker hub.
/Note/: The docker image is actually provisioned at startup time by the latest sonar-collector release to maven central, so don't be mislead by the creation date of the image. The most recent relase to maven central is what will be run.
he values that can be overridden by setting environment variables on container start, are | ||||
Variable | Default value | Description | ||
JDBC_DRIVER_FEATURE | postgresql | Karaf feature to load the driver | ||
JDBC_DRIVER_NAME | PostgreSQL JDBC Driver | Identify correct driver for OSGi service dependency injection | ||
JDBC_URL | jdbc:postgresql:///sonar-collector | |||
JDBC_USER | No default to make it possible to have no username | |||
JDBC_PASSWORD | No default to make it possible to have no password |
RDBMS type | Karaf feature | JDBC_DRIVER_NAME | example JDBC_URL | Default port |
---|---|---|---|---|
PostgreSQL | postgresql | PostgreSQL JDBC Driver | jdbc:postgresql://somehost.company.com/sonar-collector | 5432 |
Derby (aka. JavaDB) | pax-jdbc-derby | derby | jdbc:derby://somehost.company.com:1527/sonar-collector | 1527 |
H2 | pax-jdbc-h2 | H2 JDBC Driver | jdbc:h2:tcp://somehost.company.com/~/sonar-collector | 9092 |
MSSQL | pax-jdbc-mssql | Microsoft JDBC Driver for SQL Server | jdbc:sqlserver://somehost.company.com:1433;databaseName=sonar-collector | 1433 |
mariadb | pax-jdbc-mariadb | mariadb | jdbc:mariadb://somehost.company.com:3306/sonar-collector | 3306 |
mysql | pax-jdbc-mysql | mysql | jdbc:mysql://somehost.company.com:3306/sonar-collector | 3306 |
(This procedure doesn't require development tools or building the project yourself. The servlet, and its attached karaf feature has been deployed to maven central)
This describes how to install and run the program on a debian GNU/linux system.
As root, do the following command:
apt-get update
apt-get install postgresql
(sonar-collector has been deployed to maven central, which is a repository that is builtin to karaf)
The above example shows connecting to a PostgreSQL database running on localhost, authenticating with ident authentication (ie. no password).
This example shows how to connect to a PostgreSQL database running on a different host, authenticating using username and password.
The "config:update" command will cause the sonar collector to be restarted, it will pick up the new configuration, and connect to the remote server, and if the "sonar-collector" database exists as a blank database, create the schema and be ready to store data there.
Side note: The configuration will be stored in standard .properties file format, in the file /etc/karaf/no.priv.bang.sonar.collector.webhook.SonarCollectorServlet.cfg and be persistent across restarts and reinstallations of the karaf .deb package (the .deb package will only uninstall/reinstall unchanged known files in this directory, and won't touch unknown files at all).
Note that PostgreSQL out of the box on debian only accepts domain connections and localhost connections.
To make PostgreSQL listen on all network connections, two files must be edited and the PostgreSQL daemon must be restarted.
WARNING! This is not regularily tested (i.e. won't be tested before releases) and I don't plan to actually use sonar-collector with anything except PostgreSQL myself.
Procedure:
sonar-collecttor
In a hosted SonarQube the webhook can be set globally across all projects.
Procedure:
sonar-collector
If you get 401 when sonar-collector is doing web api callbacks to sonar to get numbers that aren't in the webhook call, then you can add a sonar user token to use with the sonar web api.
This utility is licensend under the Apache license v. 2. See the LICENSE file for details.
Then just trigger an analysis in the locally installed SonarQube and debug when the breakpoint is triggered:
mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent package sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.login=a51f2ab9a8790abd91773f0a7d2f6d2dc9d97975
(as the sonar.login argument, use the token that SonarQube returns when using the setup wizard of the quick start)
Precondition: docker running on the build server