SonarQube Integration with iOS
What is SonarQube?
SonarQube is an open source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells and security vulnerabilities on 20+ programming languages.
Sonar Swift
The Swift plugin developed by Backelite has helped people to integrate Sonar in Swift projects. It covers the following points.
Code coverage: This is one of the measurements available in Sonarqube, that describes how many lines of your code are executed while the automated tests are running.
Sonar-Swift will give you the chunk of the code that is executed, as well as allow you to drill into the data and see exactly which lines of code were and were not executed during a particular test.
Having code coverage setup in your project helps to keep your code maintainable and easy to change and having a test suite that covers most or all of your application means that you will have more security that something is not going to collapse in production.
Maintainability: Sonar maintainability is the number of code smells plus the technical debt you have in your code according to a set of predefined rules (based on the Lint you’re using). Sonar provides a simple rating for each section which allow you to quickly see how well the app being analyzed is performing.
Reliability: Reliability is equated to correctness, the number of bugs found and fixed, how consistent the application is in delivery and confidence in known outcomes of code routines
Security: Regarding security, Sonar covers the number of vulnerabilities that can be found in the project. The effort to fix all vulnerability issues is shown in minutes.
Setting up Sonar for Swift
Step 1. Download and setup SonarQube
1. Download SonarQube: https://www.sonarqube.org/downloads/
2. Unzip downloaded file.
3. Move downloaded file under /Applications/ folder.
4. Rename it to SonarQube and delete version suffix.
Please Note: Sonar version 7.9 and above require JAVA 11
Step 2. Download and Setting up SonarScanner
1. Download SonarScanner: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner and click on Mac OS X 64 bit. Download Mac OS X specific SonarScanner
2. Unzip downloaded file.
3. Move downloaded file under /Applications/ folder.
4. Rename it to SonarScanner and delete version suffix.
Step 3. Updating .bash_profile with new path
1. Start Terminal and run following command.
$ cd ~/
$ vi .bash_profile
2. Above commands will open your bash_profile in vi editor.
3. Use down-arrow key to jump to last line.
4. Use left-right arrows to navigate to last character.
5. Press i to enable insert mode.
6. Copy & paste following lines.
# Sonar Setting
export PATH=$PATH:/Applications/SonarScanner/bin
export PATH=$PATH:/Applications/SonarQube/bin
7. Press esc key and : will appear at bottom-left corner in vi editor.
8. Enter wq! to save & quit.
Step 4: Setting up SonarSwift from Backlite
1. Download : https://github.com/Backelite/sonar-swift/releases
2. Download jar. In my case, I downloaded backelite-sonar-swift-plugin-0.4.4.jar
3. Move this jar file under following folder.
/Applications/SonarQube/extensions/plugins/
Step 5: Starting up SonarQube
1. Run following command to start SonarQube server.
sh /Applications/SonarQube/bin/macosx-universal-64/sonar.sh console
2. You should see console as follows if everything goes well.
Running SonarQube…
wrapper | → Wrapper Started as Console
wrapper | Launching a JVM…
jvm 1 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
jvm 1 | Copyright 1999–2006 Tanuki Software, Inc. All Rights Reserved.
jvm 1 |
jvm 1 | 2019.03.12 11:49:46 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /Applications/SonarQube/temp
jvm 1 | 2019.03.12 11:49:46 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
jvm 1 | 2019.03.12 11:49:47 INFO app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key=’es’, ipcIndex=1, logFilenamePrefix=es]] from [/Applications/SonarQube/elasticsearch]: /Applications/SonarQube/elasticsearch/bin/elasticsearch -Epath.conf=/Applications/SonarQube/temp/conf/es
jvm 1 | 2019.03.12 11:49:47 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
jvm 1 | 2019.03.12 11:49:47 INFO app[][o.e.p.PluginsService] no modules loaded
jvm 1 | 2019.03.12 11:49:47 INFO app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
jvm 1 | 2019.03.12 11:49:54 INFO app[][o.s.a.SchedulerImpl] Process[es] is up
Step 6: Logging In
1. Go to browser. Open following URL.
http://localhost:9000/about
2. Click on Log in.
3. Use admin as username, admin as password.
Sonar swift setup is done. Now will integrate this one with your XCode project.
Integrate with XCode project
- Create a demo XCode project and make sure you checked Include Unit Tests and Include UI Tests
Note: Please keep signing team as ‘None’
2. If required create and install Pod for the project. It will create xcworkspace
3. Edit project scheme, Select Test and Check Gather code coverage for all target.
4. Download sonar-project.properties file from this URL and keep into your project root directory OR create sonar-project.properties file in your project directory and copy that given link content into it.
- Update your Sonar server url, username and password. (Here we have used localhost Sonar)
sonar.host.url=http://localhost:9000
sonar.login=admin
sonar.password=admin - Add sonar project details
sonar.projectKey=com.company.app (This key will add you sonar server)
sonar.projectName=SonarDemoApp (This will be project name on sonar)
sonar.projectDescription=This is the Sonar demo application for the code quality check - Add project language. Comment if you have a project with mixed ObjC / Swift
sonar.language=swift - Path to source directories
sonar.sources=. (This will include all the directories from project root directory) - Exclude directories
sonar.test.inclusions=**/*Test*/**
sonar.test.inclusions=*.swift
sonar.exclusions=**/*.xml,Pods/**/*,Reports/**/* - Path to test directories (comment if no test)
sonar.tests=SonarDemoTests,SonarDemoUITests - Destination Simulator to run surefire
sonar.swift.simulator=platform=iOS Simulator,name=iPhone 7,OS=12.1 - Xcode project configuration (.xcodeproj)
sonar.swift.project=SonarDemo.xcodeproj
sonar.swift.workspace=SonarDemo.xcworkspace - Specify your appname
sonar.swift.appName=SonarDemo - Scheme to build your application
sonar.swift.appScheme=SonarDemo - Configuration to use for your scheme. if you do not specify that the default will be Debug
sonar.swift.appConfiguration=Debug - Reports generated by run-sonar.sh is stored in sonar-reports/
sonar.junit.reportsPath=sonar-reports/TEST-report.xml
sonar.swift.coverage.reportPattern=sonar-reports/coverage-swift*.xml
sonar.swift.swiftlint.report=sonar-reports/*swiftlint.txt
sonar.swift.tailor.report=sonar-reports/*tailor.txt
5. Download run-sonar-swift.sh file from this URL and keep into your project root directory
6. Run ./run-sonar-swift.sh -v from terminal on your project root directory, It will run the sonar script and and upload the code analysis report on sonar server.
7. Refresh sonar page, It will show the project statistics as shown below
8. It will show the code coverage
9. It will also show code smell and vulnerability
Demonstration video
Please find below demonstration video which will help you to understand the integration.
Demo project
Please find below demo project for the reference.
Thanks for going through. Feel free to add comments, If face any issue or want to know more about it. Cheers…