In this exercise, you are going to configure integration between the build system and SonarQube. SonarQube is a well established technical debt management system. Keeping tabs on your technical debt gives you objective measures that you can use to make informed decisions about maintenance, refactoring and enhancements to your code base.
This exercise assumes you have completed the exercises to create a Team Project and have set up the Docker private VSTS agent. You should also have created a VSTS Team Build for MyShuttle2. This exercise uses a team project named jdev-labs, though your team project name may differ.
Create a SonarQube Endpoint in VSTS
In this task you will create a Generic SonarQube Endpoint in VSTS. This endpoint abstracts authentication from the build tasks. After obtaining a token from SonarQube, you will create the endpoint in VSTS.
Connect to the virtual machine using the user credentials specified during the creation of the VM in Azure.
Open Chrome and browse to
http://localhost:9000to open SonarQube. Click on Login.
Log in as the administrator using username
Open a new tab in Chrome and browse to
youraccountis the account you created in VSTS).
Click on the
jdevteam project to navigate to it.
Click on the gear icon and select Services to navigate to the service endpoint configuration page. Click + New Service Endpoint and select Generic from the list of options. Enter the following information and click OK.
Property Value Notes Connection name
Azure VM SonarQube
Display name for the endpoint Server URL
The URL for the SonarQube server. Use the Azure internal network IP address so that the build agent running in the Docker container can reach Sonarqube User name
This could be anything - it will not be used for SonarQube since the token is sufficient Password/Token Key
The default password for admin user in SonarQube
Create a SonarQube Project
In this task you will create a SonarQube project.
In Chrome, go back to SonarQube (http://localhost:9000) and log in as administrator if you are not already logged in.
Click on Administration in the toolbar and then click on the Projects tab.
Click Create Project.
MyShuttle2for both the name and key of the project (name is the display name and key is the unique identifier within SonarQube).
Modify the Build to Integrate with SonarQube
In this task you will modify the MyShuttle2 build to integrate with SonarQube.
In VSTS, click on Build & Release and then Builds to view your builds. Click on the MyShuttle2 build. Click on … to the right of the build definition, then click Edit.
Click on the Maven task and scroll down to the Code Analysis section.
Select the Run SonarQube Analysis option and configure the remaining settings as follows:
Parameter Value Notes SonarQube Endpoint
The generic Service Endpoint to SonarQube you just created SonarQube Project Name
The name of the project in SonarQube SonarQube Project Key
The key of the project in SonarQube SonarQube Project Version
A major version number Include full analysis report… Checked Waits for SonarQube analysis to complete before proceeding Fail the build on quality gate failure… Checked Fails the build if SonarQube quality gates fail
Save and queue the build.
When the build completes, there will be a new SonarQube section in the summary page. Click on the build number and scroll below issues to see the SonarQube status.
Click on the Detailed Report link to open the project in SonarQube.
You can click on the MyShuttle2 project to get details of the analysis for the project.
Updating a Quality Gate
In this task you will update a quality gate in SonarQube and see that failing the quality gate fails the build. You will then update the gate to warn rather than fail.
In SonarQube (http://localhost:9000) click on the Quality Gates in the top toolbar. Click on “SonarQube Way” (the default quality gate) to see its settings. Click on the “Add Condition” dropdown at the bottom of the list of rules and select Coverage.
Enter 50 for the Warning value and 30 for the Error value and click Add.
Back in VSTS, queue another MyShuttle2 build.
When the build completes, it should have a failed result. Click on the build number and look for the SonarQube section in the summary page.
Go back to SonarQube and edit the Quality Gate that you just modified. Clear the Error value so that you only get a warning if the coverage < 50% instead of failing the build. Click Update. Additionally, under the Coverage on New Code metric, set the 80% value to a warning message instead of error and click Update. In the Reliability Rating on New Code metric, change the error threshold from A to blank (click on the “X” next to the A), then click Update.
Queue a new build and see that now the build succeeds, but there is a Quality Gate warning.