Optimizing MR Process Using Sonarqube
Continuous code quality and smell monitoring are essential aspects of a project lifecycle. As time goes on, developers are likely to forego code quality to complete the project on hand. This situation is terrible for the project’s health as a whole. When a developer creates sloppy code, the code becomes a liability for the project. A bad code now will become a bug later.
Thus, ensuring that every code submitted to the project conforms to a set coding standard is important. One such tool to help with this task is Sonarqube. Sonarqube is a code analyzer. It analyzes our code using SAST technology against typical code smell, security vulnerability, etc. It also collects the project test code coverage.
All things considered, Sonarqube is a great product. It also comes with a free pricing tier, making it ideal for students to use in their projects. But, its free offering lacks one major feature needed in a collaborative environment, per-MR analysis.
In a collaborative coding environment, you need to ensure that a code submitted by your teammates is of good quality before that code is merged into the codebase. This analysis is available in Sonarqube starting from the developer editions, which are not free. That is why I have created a simple program to simulate its feature.
Notes: This script is created for use in a Gitlab environment. But the basic idea should be applicable anywhere. As a matter of fact, you can comment out all the GitLab parts, and it will “probably” work.
What this script does is very simple. It created an endpoint for your CI/CD pipeline to call, which, when called, will create a project in your specified Sonarqube instance for the MR that the pipeline is being run at. It then returns the newly created project id to the pipeline to be used by the Sonarscanner. The script will also ensure that every request contains a secret key, which you define, to block unauthenticated requests. It will also create a comment on the MR pages, linking the analysis result.
How to use this script
To use this script, you need to call the script in your CI/CD pipeline, then feeds its response to the Sonarscanner, which will scan your and send the result to the Sonarqube server. Here I provide a sample implementation using Gitlab CI/CD.
What this script enables you to:
- Detect and helps you fix any clean code issues your code may have before being submitted to the codebase.
- Improve the quality of the code review process by empowering the reviewers with analysis of the code to be reviewed.
- Detect code that needs to be refactored because of its length, complexity, and duplication before being submitted to the codebase.
- Shows the code coverage of the code that is submitted
While this script can help you achieve the above, it still has ways to improve. The script linked above is only a proof-of-concept level code and has many features to implement. One of the most important is the ability to delete the Sonarqube project when the MR is closed.