Android Lint on SonarQube

SonarQube

For those who know SonarQube (formerly named Sonar), you can go to the next part.

For the others, SonarQube is an open source tool that manage code quality. This tool is well known by java/jee developers in Western Europe (mainly France and Swiss), but it seems completely unknown across the Atlantic. It is a pity because it is a very good tool.

As you can see in the following picture, this is a web-based dashboard describing the code quality of your application.

sonarqube

It is based on Findbugs, PMD, Checkstyle and Sonar self rules to analyze the code and display metrics (and details : you can see exactly where you got problems in your code). You also have tests indicators (number of tests, execution time, code coverage). It gives you general metrics about your code (number of lines, number of comments, duplicated code, complexity, …).

But the most interesting is that everything is recorded all along the project life, so you can see the evolution and make sure you get better :

Historical

Like I said before, this is a tool we used to since several years on java project. It works perfectly well with maven and gradle.
But what about Android and its quality analysis tool : Lint ?

Android Sonar Plugin

Android Sonar Plugin

A bit of history…

Eight months ago, I decided to provide a Sonar plugin to add the Android Lint violation checks in Sonar. With Stéphane Nicolas, we created the first version on github (deprecated). We had some help from Florian Roncari et Thomas Bores, and after a conf call with Freddy Mallet (from Sonarsource), the plugin has been integrated to the Sonar Community Plugins. More recently, Julien Henry (from SonarSource) made a really good job of refactoring on the plugin to match the Sonar standards. Thanks to him !

How-to

Pre-requisites : You need SonarQube, maven or gradle. I won’t give any details on installation of theses tools, they all have good documentations.

Installation : To install the plugin, go to your SonarQube update center (http://sonarhost:sonarport/updatecenter/available), find the « Android » plugin and install it OR git clone https://github.com/SonarCommunity/sonar-android.git, mvn clean install, retrieve the jar in the target folder and put it in /sonarpath/extensions/plugins. Restart sonar and that’s it ! Easy :) !

Thus, you’ll have all the Android Lint rules (158 exactly) available in your SonarQube instance :

sample report

Usage : In your maven or gradle build, you need to specify some information in order to communicate with the sonar server.

For maven, I suggest to put the following configuration in your settings.xml (generally in $MAVEN_HOME/conf/settings.xml or $HOME/.m2/settings.xml) :

<settings>
    <profiles>
        <profile>
            <id>sonar</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <!-- Example for MySQL-->
                <sonar.jdbc.url>jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8</sonar.jdbc.url>
                <sonar.jdbc.username>sonar</sonar.jdbc.username>
                <sonar.jdbc.password>sonar</sonar.jdbc.password>
 
                <!-- Optional URL to server. Default value is http://localhost:9000 -->
                <sonar.host.url>http://myserver:9000</sonar.host.url>
            </properties>
        </profile>
     </profiles>
</settings>

Then you can execute maven to analyse your application. Specify the profile Android Lint to use the Lint ruleset :

mvn sonar:sonar -Dsonar.profile="Android Lint"

For gradle, there is a plugin to execute sonar : sonar-runner. Like maven, it needs the same information. In your build.gradle, add the following :

apply plugin: 'sonar-runner'
 
sonarRunner {
    sonarProperties {
        property "sonar.host.url", "http://myserver:9000"
        property "sonar.jdbc.url", "jdbc:mysql://localhost:3306/sonar?useUnicode=true&amp;characterEncoding=utf8"
        property "sonar.jdbc.driverClassName", "com.mysql.jdbc.Driver"
        property "sonar.jdbc.username", "sonar"
        property "sonar.jdbc.password", "sonar"
    }
}

You also need to specify some project information, either in a sonar-project.properties file or directly in the build.gradle :

# required metadata
sonar.projectKey=pjk
sonar.projectName=pjn
sonar.projectVersion=1.0
 
# path to source directories (required)
sonar.sources=src/main/java
 
# The value of the property must be the key of the language.
sonar.language=java
 
# Encoding of the source code
sonar.sourceEncoding=UTF-8
 
# Additional parameters
sonar.profile=Android Lint

Finally, run gradle to build the sonar dashboard :

gradle sonarRunner

Result : Here you can see a live report generated with a sample project on nemo (a sonar instance with many open sources projects) :
sample report

Conclusion

SonarQube is a really great tool that go with you all along the project. It ensures to keep a good level of quality in your code and thus to provide a more robust app. Before you could get java problems (probable bugs, coding conventions problems, …), now you also can get android problems ! At OCTO, on nearly all our projects, we add a nightly build on our continuous integration server (jenkins) that run the sonar check. And all the morning, during the standup meeting, we have a look at the report to check if our app is healthy. Give it a try !

Share

2 comments

  1. Hi Jérôme,

    First, thanks for the effort to provide this android plugin!!!

    Running sonarQube 4.3.1 and android-sonar 1.0:
    - lint is processed through maven but no other files than *.java are displayed on my sonar instance (unlike your screenshot);
    - lint is not processed at all through gradle.
    (Java checks work out of the box)

    I can’t see what I’m missing. So, should I conclude I’m too dumb to configure and run sonar-android?

    Cheers,

    Renaud

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*