I want to run SonarQube as software as a service for my code review. In other words, I don't want a dedicated machine to host sonar for me.
Is there any cloud service available to do so?
Also, I want to integrate it with my build definition in VSTS and generate report.
How to do it?
You appear to be looking for SonarCloud, which is free for open source projects, but paid for private projects.
Related
I've been looking through the site and I have found some information with regards to this topic, but most of the information is old and possibly outdated.
example: Continuous Integration tools
We are: We're a SaaS product with a microservice (200+) architecture.
We have: We currently do our building through bamboo, and we use nexus as an artifact manager with proper versioning. We deploy those artifacts using bamboo to many different machines. For our frontend deployment we build our code through continua and use AWS codedeploy to handle the deployment. We use Bitbucket and Jira for our development. We have done a POC with bitbucket pipelines but we were lacking proper version management there as well as proper environment management. Setting up 10 servers for every repository manually is just something that we don't want to do.
We want: Since bamboo is EOL next year and since there are many alternatives with different levels of complexity we are currently unsure about the tools that are most suited to our needs. We are currently running everything on dedicated linux machines, but we want to switch to docker containers in AWS in the near future. Support for running gulp scripts etc. would be great since that could help us move from continua and bamboo to one single solution.
The setup of bamboo has been a struggle in the past due to difficulties with the software itself. A nice balance between features and complexity would be best. Does anybody have experience with one or more of the options out there? Some that come to mind are CircleCi, teamCity, GitLab, Jenkins and AWS codePipeline.
Many thanks,
Kenny
Bamboo doesn't EOL next year, but Atlassian forces to switch from perpetual licenses to DC licences to be renewed every year. You can get discount prices when switch to Server to DC licenses. See details at https://www.atlassian.com/licensing/data-center
I would propose Kraken CI. It is open-source and can work on-premise but in the cloud as well. In the cloud, it has support for AWS and Azure, and can do autoscaling depending on a number of tasks.
If you are interested please contact me.
I have a simple problem, with a simple answer probably, but I can't find what is it. We want to deploy SonarQube along with Checkstyle and some other tools, but we can't find out is it meant for a centralized, server deployment, or on each developer machine? All tutorials show installations on separate machines and being used in the localhost, while there is a public instance example, and the requirements and specs certainly look service-like.
On the other hand, I'm not getting how do the developers submit their code for checks if it is on a server.
So, in short, how is it deployed? Any checklist or something similar would be of great help.
The SonarQube "runtime" architecture has several elements:
SonarQube server. It contains a database (e.g., MySql) and an
embedded web server (Tomcat). The SonarQube server stores the
results of analyses (the metrics), but does not execute the code
analyses. This server provides a web UI that shows the dashboard of
the projects, various metrics and drill down into code, admin options. It uses a pluggable architecture--you can add/remove funcitionality via plug-ins.
Program that runs code analysis on the developer machine. There are options: (a) if they are using Eclipse or IntelliJ, they can use the respective SonarLint plug-in, which provides configuration properties, menu options to run analysis, a view to show violations, etc.; (b) developers can also run code analysis via maven (mvn sonar:sonar) or gradle (gradlew sonarqube); (c) developers can execute the various code analyses through a program called SonarQube Runner.
All these options of programs that run the analysis on the developer machine need to be configured to communicate with a SonarQube server. For example, when you run code analysis in IntelliJ using SonarLint, the metrics will be uploaded to the server. This server is typically shared by all developers, but it can also be localhost.
Program that runs code analysis on the CI/CD server. The job/pipeline that builds a software project can be configured to run SonarQube code analysis. It can be done via maven or gradle just like on the developer's machine, or via a plug-in. There are SonarQube CI plug-ins for Jenkins, Hudson, Bamboo, and others. Depending on the size of your project, you may want to configure the code analysis to run once a day only, and not upon each code commit or changes to dependencies. The SonarQube code analysis executed on the CI server will likewise send the generated metrics to the SonarQube server.
The SonarQube architecture documentation is very poor (not to say absent), so it's hard to get the big picture. I hope this helps.
SonarQube (formerly just "Sonar") is a server-based system. Of course you can install it on your local machine (the hardware requirements are minimal). But it is a central server with a database.
Analyses are performed by some Sonar "client" software, which could be the sonar runner, the sonar ant task, the sonar Eclipse plugin etc. The analysis results can be automatically uploaded to the server, where they can be accessed via the sonar Web application.
In an environment with many developers, you should run a build server (e.g. Hudson or Jenkins), which performs automatic sonar analyses as part of the nightly build. Other schedules are possible, but the developers should know when they can expect updates of the server-side analysis results. The results of the automated analysis can be displayed in the individual developer's Eclipse editor by way of the sonar Eclipse plugin.
The architectural documentation on Sonar is quite sparse. I've looked for a picture to visualize what I just described, but could not find one ...
We are trying to install a CI Platform with (Jenkins,sonar,eclipse ...).
So that every developer can make analysis on his code before commit, I'm wondering between two alternatives :
running local analysis with the sonar plugin.
install the different plugins that sonar use (findbug,pmd,checkstyle ...) and configure them to meet the sonar configuration.
I'm not sure which alternative to use? I used to work with findbugs,pmd, checkstyle in eclipse and they look great.
Can you tell me which is the best alternative?
Thanks in advance.
Regards.
With Sonar plugin you can manage the violations like:
Create a review
Mark a violations as false positive or fixed
View the hot classes and hot violations
View yours reviews
If you use separate plugins you have to go sonar web to do that.
The great advance of sonar is the reviews.
Other question is how many projects you have and will have. I currently work with more than 70 projects and many profiles. Is more simple to me run analysis with one plugin, because I need just add the server and find the project. With other plugin you need add the link for each project in each plugin configuration.
Why not install the Sonar Eclipse plugin?
This was designed to solve the following problems:
Sonar does not support parallel analysis of the same project. This issue rules out the option of each developer running Sonar locally. (See SONAR-2761, SONAR-3306)
You don't really want developers uploading metrics and source code into the Sonar database. They could be working on an uncommitted workspace and would therefore cause both inaccuracies and confusion if Sonar is being used for code review.
Sonar is really designed to be run from a continuous integration server (like Jenkins), building code that has been submitted onto a shared codestream (or branch)
The big advantages of using the Eclipse plugin are:
True local analysis, no updates of the Sonar database
Configuration of the other tools is retrieved from the Sonar server and jars automatically downloaded.
Centralized management of Sonar quality profiles
Can anyone advise what is the equivalent of hudson for c# application?
I used to use hudson as a build server for java performing auto deployment for java web and batch job application at scheduled timing and email notify technical team
I like to ask how can i do the same for c# application.
And is there any standard plugins like static code analysis tool in the build server which i can used to scan through the codes
In addition to the great tools mentioned by jamesj, TeamCity works pretty well too. I prefer it to CruiseControl, from a configuration usability perspective, and it is free given you stay within certain constraints.
If you've already invested in TFS as a source control, though, make sure you are getting your money's worth and use it for your builds and deployments too.
If you like Hudson, take a look at Jenkins. I've seen folks using it for .NET builds as well, though I haven't personally used it, and according to their page Jenkins used to be called Hudson, so it would probably be familiar to you.
TFS is great for continuous integration, but you can also use CruiseControl.NET with NAnt. Both of these should be able to run batch jobs, send emails and run automated deployments
StyleCop and FxCop both do static checking and both can be integrated into your build process.
I'm developing a project in C# using VS2010. I'm using svn 1.7 for my version control. What I want is a (FREE) tool that runs on the build server and checks for fresh commits. If the commit breaks the trunk then I want email notifications sent (I have a sendmail openbsd server on the network I can use). I also want this tool (or another tool) to run all my MSTest tests periodically and send emails if there is a failed test.
Any suggestions? I already built my own crude windows service to check for failed builds. But this was before I heard that tools for this sort of thing already exist. I could easily have this thing run all my tests with mstest.exe and then parse the xml results files, but I'm wondering if my time would be better spent just installing and configuring a proper tool for all of this.
There will be at most 4 developers.
Thanks in advance for the help!
I have some experience with TeamCity and Hudson/Jenkins.
I found TeamCity fairly easy to setup and it seems to meet your needs of:
MSTest integration out of the box
Email notifications
TeamCity is free for up to 20 build configurations and has an easy to use Web/GUI interface.
Have a look at CruiseControl.Net
built in support for Subversion
no limits on number of build configurations
email notifications using the 'Email Publisher'
web interface and desktop build notifications via CCTray