GitXplorerGitXplorer
Z

bazel-sonarqube

public
52 stars
21 forks
12 issues

Commits

List of commits on branch master.
Verified
317b88ff21316583b918ff04bce7a340b0f2e97e

Add iOs Swift example and fix missing remote_coverage_tools in main MODULE.bazel (#30)

aadincebic committed 8 months ago
Verified
76f03d0dca0742879315761494ac8347faca1921

Make Github workflow for creating a release (#29)

aadincebic committed 8 months ago
Verified
b8e8dfe6bb7f0a6bce060b6227fef609c99bbc17

Update Sonar scanner CLI to 4.8.1.3023 (#28)

aadincebic committed 8 months ago
Verified
ddbd32cc312ef3637da6fd2625661f8ddfdb4a3a

Add support for bzlmod (#27)

aadincebic committed 8 months ago
Unverified
d6109e6627a00ad84c24c38df5d2d17159203f47

fix: remove deprecated JavaInfo field usage, support Bazel >= 7.0

ZZetten committed a year ago
Verified
452a2c80c4c12c4fb18fd7b6cae459d84b81f350

feat: Support sonarqube rule outside of top level directory (#22)

jjjjhhhlll committed a year ago

README

The README file for this repository.

Bazel-SonarQube integration

Utilities to help analyse Bazel projects with SonarQube.

Generated stardoc rule documentation

Example projects

Version compatibility

The SonarQubeCoverageGenerator utility is a direct copy of the equivalent lcov generator from Bazel upstream, and runs with Bazel's embedded "@remote_coverage_tools//:all_lcov_merger_lib" as a dependency. If using this to collect coverage info in SQ-compatible format, the version of this repository must be matched to the Bazel version being used.

The list below includes the last compatible commit of this repository for specific Bazel versions, otherwise the latest should work with the latest Bazel.

  • Bazel < 6.0 - 37261de24f80b661bbc4726e3382ef43e9d66a6e

Setup

The included rules require some dependencies. In your WORKSPACE:

load("@bazel_sonarqube//:repositories.bzl", "bazel_sonarqube_repositories")

bazel_sonarqube_repositories()

Coverage

To aggregate and convert Bazel coverage into SQ's generic coverage XML format:

bazel test <targets> --collect_code_coverage \
  --combined_report=lcov \
  --coverage_report_generator=@bazel_sonarqube//:sonarqube_coverage_generator

The output file (bazel-out/_coverage/_coverage_report.dat) may be given as the value to the analysis property sonar.coverageReportPaths, or added as a Bazel target to use in the analysis rules.

Test reports

Bazel already emits test reports in the required JUnit XML format, however the filenames expected by SonarQube differ slightly. These rules will copy the reports for any configured test targets into supported filenames.

See below for an example. Note that all three sq_project attributes must be set for successful test reporting: test_srcs, test_reports, test_targets.

Executing analysis

To execute a SonarQube analysis of a Bazel project, two rules are provided: sonarqube and sq_project.

The sonarqube rule creates an executable target which will generate SonarQube sonar-project.properties configuration files, and execute the CLI scanner.

The sq_project rule provides the generation of sonar-project.properties configuration, and can be used to create sub-module configurations to be included in a sonarqube target.

The sonarqube rule can then be instantiated:

filegroup(
    name = "git",
    srcs = glob(
        [".git/**"],
        exclude = [".git/**/*[*"],  # gitk creates temp files with []
    ),
    tags = ["manual"],
)

filegroup(
    name = "coverage_report",
    srcs = ["bazel-out/_coverage/_coverage_report.dat"], # Created manually
    tags = ["manual"],
    visibility = ["//visibility:public"],
)

filegroup(
    name = "test_reports",
    srcs = glob(["bazel-testlogs/**/test.xml"]), # Created manually
    tags = ["manual"],
    visibility = ["//visibility:public"],
)

load("@bazel_sonarqube//:defs.bzl", "sonarqube")

sonarqube(
    name = "sq",
    project_key = "com.example.project:project",
    project_name = "My Project",
    srcs = [
        "//path/to/package:java_srcs",
        "//path/to/another/package:py_srcs",
        "//path/to/yet/another/package:js_srcs",
    ],
    targets = [
        "//path/to/package:package",
    ],
    modules = {
        "//path/to/component:sq_mycomponent": "path/to/component",
    },
    coverage_report = ":coverage_report",
    scm_info = [":git"],
    tags = ["manual"],
    testonly = True,
)

The srcs and test_srcs attributes may refer to individual files or filegroup targets.

The targets attribute allows Bazel to utilise JavaInfo (from appropriate targets) to add project and dependency jars to the analysis classpath.

The modules attribute should reference (with relative paths) any sq_project targets which should be added as project modules in SonarQube.

The sq_project rule instantiation is very similar, here including the required attributes for test reporting (note that we share a single filegroup in the root BUILD file to export all test reports, but it is filtered by sq_project for only those reports matching test_targets):

load("@bazel_sonarqube//:defs.bzl", "sq_project")

sq_project(
    name = "sq_mycomponent",
    project_key = "com.example.project:component",
    project_name = "My Project :: Component",
    srcs = [
        "//path/to/component:java_srcs",
    ],
    targets = [
        "//path/to/component:component",
    ],
    test_srcs = ["//path/to/component:java_test_srcs"],
    test_targets = [
        "//path/to/component:FirstComponentTest",
        "//path/to/component:SecondComponentTest",
        "//path/to/component:TestSuite",
    ],
    test_reports = ["//:test_reports"],
    tags = ["manual"],
    visibility = ["//visibility:public"],
    testonly = True,
)

Analysis can then be executed:

bazel run //:sq -- -Dsonar.host.url=${SONAR_HOST_URL} -Dsonar.login=${SONAR_AUTH_TOKEN}

Note that during analysis, the sonarqube executable target will dereference its runfiles symlinks. This is necessary so the SCM info correctly resolves, allowing SonarQube to track new code and line ownership data.