Difference between revisions of "Sonar + maven configuration + Jenkins"

 
(45 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
[[Category:Linux]]
 
[[Category:Linux]]
  
SonarQube requires quite some configuration to be fully useful!
+
This article explains '''how to configure your maven projects''' to produce reports + '''how to configure Jenkins''' with SonarQube, bringing both Unit and Integration tests coverage.
 +
 
 +
 
  
This article explains '''how to configure your maven projects''' to produce reports + '''how to configure Jenkins''' with SonarQube, bringing both Unit and Integration tests coverage.
+
=Requirements=
  
 +
* Testing libraries: '''jUnit 4.12 or +''' / optional, for static class mocking: '''Powermock 1.7.x or +'''
 +
* Maven must run on '''Java 8 or +'''
 +
* You must use '''Sonarqube 7.x or +'''
 +
* Jenkins must be '''v2.164.1 or +''' (LTS version)
  
  
 
=Principle=
 
=Principle=
  
==What are Unit / Integration tests ?==
+
TODO
 +
 
 +
You just have to define the configuration once, in the parent POM.
 +
 
 +
* Jenkins
 +
** Requirements: plugins / setup
 +
** Job configuration
 +
* Maven plugins list
 +
** Reports generation : unit / integration tests
 +
** Jacoco binaries : many unit tests "jacoco.exec" / 1 single aggregation for "jacoco-it.exec"
 +
** SonarQube plugin
 +
* Jenkins usage
  
TODO: nice picture
 
  
  
==Process overview==
 
  
To work well SonarQube requires a bit of Maven configuration + Jenkins build adjustment:
+
='''Maven plugins'''=
* Maven specific properties
 
* Maven build plug-ins
 
** Maven-jacoco (code coverage tool)
 
** Maven-surefire (unit tests reports)
 
** Maven-failsafe (integration tests reports)
 
* Maven jacoco dependency
 
  
  
Key points:
+
==Surefire UNIT Tests==
* SONAR is configured for ''JAVA'' language and it will use ''Jacoco'' as coverage tool.
 
* Each maven module will have its own Unit Tests results (Surefire reports + .exec file) inside its own <code>target</code> directory
 
* The Integration Tests results are common. Meaning, all modules will write in the same directory. That directory is relative to the maven execution.
 
  
 +
Surefire is for '''UNIT tests''' = tests that should only use: plain java / ''Mockito'' / ''PowerMock'' / etc.
  
  
=Maven configuration=
+
By default, the Surefire Plugin will automatically '''include''' all test classes with the following wildcard '''patterns''':
 +
* <code>**/Test*.java</code> - includes all of its subdirectories and all Java filenames that start with "Test".
 +
* <code>**/*Test.java</code> - includes all of its subdirectories and all Java filenames that end with "Test".
 +
* <code>**/*Tests.java</code> - includes all of its subdirectories and all Java filenames that end with "Tests".
 +
* <code>**/*TestCase.java</code> - includes all of its subdirectories and all Java filenames that end with "TestCase".
 +
If the test classes do not follow any of these naming conventions, then configure Surefire Plugin and specify the tests you want to include.
  
 +
See [https://maven.apache.org/surefire/maven-surefire-plugin/examples/inclusion-exclusion.html Maven Surefire plugin documentation]
  
==Sonar properties==
 
  
First of all you need to configure SONAR by setting up some properties and paths.  
+
(i) It is safer to '''exclude''' the integration tests '''patterns''' as well, depending on your own development setup:
 +
* <code>**/*TestAPI.java</code>
 +
* <code>**/*IntegrationTest.java</code>
  
Technical details:
 
* '''Surefire''' unit tests plugin
 
** Outputs in <code>${project.build.directory}</code>
 
** 1 XML file per test class in: <code>${sonar.junit.reportsPath}</code>
 
** SONAR report file (jacoco-ut.exec) will be available at <code>${sonar.out.unitTestsReport}</code>
 
* '''Failsafe''' integration tests plugin
 
** All outputs in the same directory, relative to the local execution: <code>${session.executionRootDirectory}</code>
 
  
 +
Results are saved '''in each Maven module''', in XML and TXT formats: <code>$module/target/surefire-reports/*</code>
  
POM.xml extract:
 
  
 
<syntaxhighlight lang="xml">
 
<syntaxhighlight lang="xml">
 +
 
     <properties>
 
     <properties>
        ...
+
         <!-- Set the reporting settings -->
 
+
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- Maven plugins -->
 
        <maven-surefire-plugin.version>2.18.1</maven-surefire-plugin.version>
 
        <maven-failsafe-plugin.version>2.18.1</maven-failsafe-plugin.version>
 
 
        <!-- Test frameworks -->
 
        <junit.version>4.12</junit.version>
 
 
        <!-- ==== SONARQUBE quality metrics ==== -->
 
        <maven.jacoco.version>0.7.4.201502262128</maven.jacoco.version>
 
        <!-- Global Sonar settings. Do not change them! -->
 
         <sonar.language>java</sonar.language>
 
        <sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
 
        <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
 
        <jacoco.lib.path>
 
            ${settings.localRepository}/org/jacoco/org.jacoco.agent/${maven.jacoco.version}/org.jacoco.agent-${maven.jacoco.version}-runtime.jar
 
        </jacoco.lib.path>
 
        <javaagent>${jacoco.lib.path}</javaagent>
 
        <!-- Don't let Sonar execute tests. We will let Maven do it during build phase -->
 
        <sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
 
        <!-- Report -->
 
        <!-- IMPORTANT: integration test path must be ABSOLUTE, especially for muli-modules projects -->
 
        <!--            ${session.executionRootDirectory} = directory from where the "mvn" command is run -->
 
        <!-- a) Where sonar will find the standard test reports -->
 
        <sonar.surefire.reportsPath>${project.build.directory}/surefire-reports</sonar.surefire.reportsPath>
 
        <sonar.failsafe.reportsPath>${session.executionRootDirectory}/target/failsafe-reports</sonar.failsafe.reportsPath>
 
        <!-- b) Sonar specific reports -->
 
        <sonar.jacoco.reportPath>${project.build.directory}/jacoco-unit.exec</sonar.jacoco.reportPath>
 
        <sonar.jacoco.itReportPath>${session.executionRootDirectory}/target/reports/jacoco-it.exec</sonar.jacoco.itReportPath>
 
 
     </properties>
 
     </properties>
</syntaxhighlight>
 
 
 
 
==Jacoco plugin (coverage agent)==
 
  
This is how you should configure this plugin:
 
  
<syntaxhighlight lang="xml">
 
 
     <build>
 
     <build>
 
         <plugins>
 
         <plugins>
             <!-- == Jacoco agent configuration == -->
+
             <!-- To run UNIT tests and generate execution reports. These reports are required for SonarQube -->
            <!-- This will auto-generate the right jacoco command for Unit | Integration tests -->
 
 
             <plugin>
 
             <plugin>
                 <groupId>org.jacoco</groupId>
+
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
+
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>${maven.jacoco.version}</version>
+
                 <version>2.22.1</version>
                 <executions>
+
                 <configuration>
                    <!-- Unit tests configuration -->
+
                     <excludes>
                     <execution>
+
                         <exclude>**/*TestAPI</exclude>
                         <id>prepare-unit-test-agent</id>
+
                         <exclude>**/*IntegrationTest</exclude>
                        <phase>process-test-classes</phase>
+
                     </excludes>
                         <goals>
+
                 </configuration>
                            <goal>prepare-agent</goal>
 
                        </goals>
 
                        <configuration>
 
                            <destFile>${sonar.surefire.reportsPath}</destFile>
 
                            <propertyName>jacoco.agent.ut.arg</propertyName>
 
                            <append>true</append>
 
                        </configuration>
 
                     </execution>
 
                    <!-- Integration tests configuration -->
 
                    <execution>
 
                        <id>prepare-integration-test-agent</id>
 
                        <phase>pre-integration-test</phase>
 
                        <goals>
 
                            <goal>prepare-agent</goal>
 
                        </goals>
 
                        <configuration>
 
                            <destFile>${sonar.jacoco.itReportPath}</destFile>
 
                            <propertyName>jacoco.agent.it.arg</propertyName>
 
                            <append>true</append>                  
 
                        </configuration>
 
                    </execution>
 
                </executions>
 
 
             </plugin>
 
             </plugin>
  
             <plugin> Surefire (UT) </plugin>
+
             ...
            <plugin> Failsafe (IT) </plugin>
 
 
 
 
         </plugins>
 
         </plugins>
 
     </build>
 
     </build>
Line 139: Line 87:
  
  
This will defined 2 properties, depending on the maven phase:
 
  
{| class="wikitable"
 
|-
 
! !! Phase !! ArgLine !! Value
 
|-
 
| Unit Tests || process-test-classes || jacoco.agent.ut.arg || -javaagent:${jacoco.lib.path}=destFile=${sonar.jacoco.'''reportPath'''},append=true
 
|-
 
| Integration Tests || pre-integration-test || jacoco.agent.it.arg || -javaagent:${jacoco.lib.path}=destFile=${sonar.jacoco.'''itReportPath'''},append=true
 
|}
 
  
These properties will be re-use in the corresponding maven plugin.  
+
==Failsafe INTEGRATION tests==
 +
 
 +
Failsafe will process the '''Integration Tests''' = tests that should use Spring test / black box tests / etc.
 +
 
 +
 
 +
By default, the Failsafe Plugin will automatically include all test classes with the following wildcard patterns:
 +
* <code>**/IT*.java</code> - includes all of its subdirectories and all Java filenames that start with "IT".
 +
* <code>**/*IT.java</code> - includes all of its subdirectories and all Java filenames that end with "IT".
 +
* <code>**/*ITCase.java</code> - includes all of its subdirectories and all Java filenames that end with "ITCase".
 +
If the test classes do not follow any of these naming conventions, then configure Failsafe Plugin and specify the tests you want to include.
  
  
 +
Results are saved '''in each Maven module''':
 +
* Results are saved in XML and TXT formats in <code>$module/target/failsafe-reports/*</code>
 +
* Results are saved in BINARY (jacoco format) in <code>$module/target/jacoco-it.exec</code>
  
==Surefire (UT tests)==
 
  
Surefire will process the Unit Tests.
+
Notes:
 +
* No tests will be run if <code>mvn clean install -DskipIntegrationTests</code>
 +
* The exclusion | inclusion list is something that depends on your own situation
  
!! Do not use Surefire for your integration tests because Surefire produce different outputs per maven module !!
 
Integration tests requires to use 1 output for all !
 
  
 
<syntaxhighlight lang="xml">
 
<syntaxhighlight lang="xml">
 +
 +
    <properties>
 +
        <!-- Set the reporting settings -->
 +
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 +
    </properties>
 +
 +
 
     <build>
 
     <build>
 
         <plugins>
 
         <plugins>
  
            <plugin> Maven-jacoco </plugin>
+
             <!-- To run INTEGRATION tests and generate execution reports. These reports are required for SonarQube -->
 
 
             <!-- == process UNIT tests == -->
 
 
             <plugin>
 
             <plugin>
 
                 <groupId>org.apache.maven.plugins</groupId>
 
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
+
                 <artifactId>maven-failsafe-plugin</artifactId>
                 <version>${maven-surefire-plugin.version}</version>
+
                 <version>2.22.1</version>
 
                 <configuration>
 
                 <configuration>
                     <!-- Do not run if no tests -->
+
                     <includes>
                    <skipTests>${skipTests}</skipTests>
+
                         <include>**/*TestAPI</include>
                    <!-- a) Surefire must create junit reports where sonar can find it later during analysis -->
+
                         <include>**/*IntegrationTest</include>
                    <reportsDirectory>${sonar.jacoco.reportPath}</reportsDirectory>
+
                     </includes>
                    <!-- b) Jacoco specific settings (command auto-generate by Sonar plugin) -->
 
                    <argLine>${jacoco.agent.ut.arg}</argLine>
 
                    <!-- Exclude integration tests -->
 
                    <excludes>
 
                         <exclude>**/*IT.java</exclude>
 
                         <exclude>**/*IntegrationTest.java</exclude>
 
                        <exclude>**/*Gwt.java</exclude>
 
                     </excludes>
 
 
                 </configuration>
 
                 </configuration>
 +
                <executions>
 +
                    <execution>
 +
                        <id>default-integration-test</id>
 +
                        <goals>
 +
                            <goal>integration-test</goal>
 +
                        </goals>
 +
                    </execution>
 +
                </executions>
 
             </plugin>
 
             </plugin>
  
             <plugin> Failsafe (IT) </plugin>
+
             ...
 
 
 
         </plugins>
 
         </plugins>
 
     </build>
 
     </build>
Line 195: Line 149:
  
  
Notes:
 
* No tests will be run if <code>mvn clean install -DskipTests</code>
 
* Each module has its own surefire-reports + Sonar report
 
* The exclusion list is something that depends on your own situation
 
  
 +
 +
==Jacoco code coverage==
 +
 +
Jacoco is a plugin that will:
 +
# Parse SUREFIRE and FAILSAFE results
 +
# Extract and generate code coverage reports (XML format)
 +
# Convert the XML into binaries (*.exec) for SonarQube
  
  
==Failsafe configuration (IT tests)==
+
Jacoco will generate the following binaries reports:
 +
* '''1 unit test report per project''', for every module: <code>$parent/$module/target/jacoco.exec</code>
 +
* '''1 centralized integration test report''': <code>$parent/target/jacoco-it.exec</code>
  
Failsafe will process the Integration Tests.
 
  
!! Do not use Surefire for your integration tests because Surefire produce different outputs per maven module !!
 
Integration tests requires to use 1 output for all !
 
  
 
<syntaxhighlight lang="xml">
 
<syntaxhighlight lang="xml">
 +
 +
    <properties>
 +
        <!-- Project configuration -->
 +
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 +
        <!-- Sonar -->
 +
        <!-- Tell sonar where to look for the binaries coverage files. Property inherited by submodules -->
 +
        <sonar.junit.reportPaths>${project.build.directory}/surefire-reports</sonar.junit.reportPaths>
 +
        <sonar.jacoco.reportPath>${project.build.directory}/jacoco.exec</sonar.jacoco.reportPath>
 +
        <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
 +
        <!-- Integration tests -->
 +
        <sonar.jacoco.itReportPath>${project.build.directory}/jacoco-it.exec</sonar.jacoco.itReportPath>
 +
    </properties>
 +
 +
 
     <build>
 
     <build>
 
         <plugins>
 
         <plugins>
 +
            ...
  
             <plugin> Maven-jacoco </plugin>
+
             <!-- JACOCO test coverage plugin.
            <plugin> Surefire (UT) </plugin>
+
                Use it to compile SUREFIRE (unit tests) and FAILSAFE (integration tests) reports for SonarQube
 
+
                (i) attach that plugin to Maven TEST phase
            <!-- == process INTEGRATION tests == -->
+
                Reports are generated in "${project.build.directory}/site/jacoco/*" by default
 +
                Good documentations:
 +
                    https://wiki.onap.org/display/DW/Implementing+Code+Coverage
 +
                    https://www.devcon5.ch/en/blog/2015/05/29/multi-module-integration-test-coverage-sonar-jacoco/
 +
                    https://www.eclemma.org/jacoco/trunk/doc/maven.html
 +
                -->
 
             <plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
+
                 <groupId>org.jacoco</groupId>
                 <artifactId>maven-failsafe-plugin</artifactId>
+
                 <artifactId>jacoco-maven-plugin</artifactId>
                 <version>${maven-failsafe-plugin.version}</version>
+
                 <version>0.8.3</version>
 
                 <configuration>
 
                 <configuration>
                     <!-- Do not run if no tests -->
+
                     <append>true</append>
                    <skipTests>${skipIntegrationTests}</skipTests>
+
                     <!-- Use offline bytecode (with powermock changes) -->
                    <!-- a) Failsafe must create junit reports where sonar can find it later during analysis -->
 
                    <reportsDirectory>${sonar.failsafe.reportsPath}</reportsDirectory>
 
                    <!-- JVM settings -->
 
                    <argLine>-Xmx1024m -XX:maxPermSize:256m</argLine>
 
                    <forkCount>1</forkCount>
 
                    <reuseForks>true</reuseForks>
 
                    <!-- <runOrder>alphabetical</runOrder> -->
 
                     <!-- Sonar specific settings (command auto-generate by Sonar plugin) -->                 
 
                    <argLine>${jacoco.agent.it.arg}</argLine>
 
                    <includes>
 
                        <include>**/*IntegrationTest.java</include>
 
                        <include>**/*IT.java</include>
 
                    </includes>
 
 
                     <excludes>
 
                     <excludes>
                         <exclude>**/*Gwt.java</exclude>
+
                         <exclude>*</exclude>
 
                     </excludes>
 
                     </excludes>
 
                 </configuration>
 
                 </configuration>
                <!-- Only run failsafe when required -->
 
 
                 <executions>
 
                 <executions>
 +
                    <!-- Support for PowerMock tests -->
 +
                    <!-- See https://www.igorkromin.net/index.php/2018/03/06/quick-look-at-jacoco-vs-cobertura-performance-and-coverage-results/ -->
 +
                    <execution>
 +
                        <id>jacoco-instrument</id>
 +
                        <goals>
 +
                            <goal>instrument</goal>
 +
                        </goals>
 +
                    </execution>
 +
                    <execution>
 +
                        <id>jacoco-restore-instrumented-classes</id>
 +
                        <goals>
 +
                            <goal>restore-instrumented-classes</goal>
 +
                        </goals>
 +
                    </execution>
 +
 +
                    <!-- ## UNIT TESTS ## -->
 +
                    <!-- Configure JaCoCo runtime agent. It is passed as VM argument when Maven SUREFIRE plugin is executed. -->
 +
                    <execution>
 +
                        <id>pre-unit-tests</id>
 +
                        <goals>
 +
                            <goal>prepare-agent</goal>
 +
                        </goals>
 +
                    </execution>
 +
                    <!-- Create reports -->
 +
                    <execution>
 +
                        <id>report-unit-tests</id>
 +
                        <goals>
 +
                            <goal>report</goal>
 +
                        </goals>
 +
                    </execution>
 +
                    <!-- ## INTEGRATION TESTS ## -->
 +
                    <!-- Configure JaCoCo runtime agent. It is passed as VM argument when Maven FAILSAFE plugin is executed. -->
 +
                    <execution>
 +
                        <id>pre-integration-tests</id>
 +
                        <goals>
 +
                            <goal>prepare-agent-integration</goal>
 +
                        </goals>
 +
                        <configuration>
 +
                            <!-- Only 1 destination file to aggregate ALL integration tests reports -->
 +
                            <!-- the "session.executionRootDirectory" = parent folder that is being build by Jenkins -->
 +
                            <destFile>${session.executionRootDirectory}/target/jacoco-it.exec</destFile>
 +
                            <append>true</append>
 +
                        </configuration>
 +
                    </execution>
 +
                    <!-- Create reports -->
 
                     <execution>
 
                     <execution>
                         <id>integration-test</id>
+
                         <id>report-integration-tests</id>
                        <phase>integration-test</phase>
 
 
                         <goals>
 
                         <goals>
                             <goal>integration-test</goal>
+
                             <goal>report-integration</goal>
                            <goal>verify</goal>
 
 
                         </goals>
 
                         </goals>
 
                     </execution>
 
                     </execution>
Line 259: Line 264:
  
  
Notes:
 
* No tests will be run if <code>mvn clean install -DskipIntegrationTests</code>
 
* Only 1 report for all modules, that depends on the <code>${session.executionRootDirectory}</code>
 
* The exclusion | inclusion list is something that depends on your own situation
 
* The JVM settings can be arranged
 
  
  
==Maven dependencies==
 
  
At last, you need to add the jacoco dependency:
+
==SonarQube plugin==
 +
 
 +
SonarQube released a maven plugin to work with SONAR. This plugin already includes most of the configuration and default behavior is correct.
 +
* Sonar will read Jacoco "exec" binaries files
 +
* Sonar will process the ''Surefire'' & ''Failsafe'' reports
  
  
 
<syntaxhighlight lang="xml">
 
<syntaxhighlight lang="xml">
 +
 +
    <properties>
 +
        <!-- Sonar -->
 +
        <sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
 +
        <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
 +
        <sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
 +
    </properties>
 +
 +
 +
    <build>
 +
        <plugins>
 +
            ..
 +
 +
            <!-- SonarQube engine -->
 +
            <plugin>
 +
                <groupId>org.sonarsource.scanner.maven</groupId>
 +
                <artifactId>sonar-maven-plugin</artifactId>
 +
                <!-- Do not forget to change version in JenkinsFile as well -->
 +
                <version>3.6.0.1398</version>
 +
            </plugin>
 +
        </plugins>
 +
    </build>
 +
</syntaxhighlight>
 +
 +
 +
 +
 +
 +
='''Maven complete POM''' example=
 +
 +
This is how the '''parent POM''' should look like to use SonarQube with correct coverage in dedicated PROFILE.
 +
 +
To execute: <code>mvn clean install -Pquality_control</code>
 +
 +
 +
<syntaxhighlight lang="xhtml">
 +
 +
    <properties>
 +
        <!-- Project configuration -->
 +
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 +
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 +
        <java.version>1.8</java.version>
 +
    </properties>
 +
 
     <dependencies>
 
     <dependencies>
         ...
+
         ...
         <!-- SonarQube dependencies -->
+
         <!-- jUnit -->
 
         <dependency>
 
         <dependency>
            <groupId>org.jacoco</groupId>
+
            <groupId>junit</groupId>
            <artifactId>org.jacoco.agent</artifactId>
+
            <artifactId>junit</artifactId>
            <version>${maven.jacoco.version}</version>
+
            <version>${junit.version}</version>
            <classifier>runtime</classifier>
+
            <scope>test</scope>
            <scope>test</scope>
+
         </dependency>    
         </dependency>
 
 
     </dependencies>
 
     </dependencies>
 +
 +
    <profiles>
 +
        <profile>
 +
            <id>quality_control</id>
 +
            <activation>
 +
                <activeByDefault>true</activeByDefault>
 +
            </activation>
 +
            <properties>
 +
                <!-- SonarQube and Jacoco tests reports -->
 +
                <surefire.version>2.22.2</surefire.version>
 +
                <jacoco.version>0.8.3</jacoco.version>
 +
                <!-- Sonar global configuration -->
 +
                <sonar.language>java</sonar.language>
 +
                <sonar.sourceEncoding>${project.reporting.outputEncoding}</sonar.sourceEncoding>
 +
                <sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
 +
                <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
 +
                <sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
 +
                <!-- Dependencies checks (OWASP) reports -->
 +
                <!-- sonar.dependencyCheck.reportPath>${project.build.directory}/dependency-check-report.xml</sonar.dependencyCheck.reportPath -->
 +
                <!-- Tell sonar where to look for the UNIT coverage files. Property inherited by submodules -->
 +
                <sonar.junit.reportPaths>${project.build.directory}/surefire-reports</sonar.junit.reportPaths>
 +
                <sonar.jacoco.reportPath>${project.build.directory}/jacoco.exec</sonar.jacoco.reportPath>
 +
                <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
 +
                <!-- Integration tests -->
 +
                <sonar.jacoco.itReportPath>${project.build.directory}/jacoco-it.exec</sonar.jacoco.itReportPath>
 +
            </properties>
 +
 +
            <!-- To generate units and integrations test reports -->
 +
            <build>
 +
                <plugins>
 +
                    <!-- To run UNIT tests and generate execution reports. These reports are required for SonarQube -->
 +
                    <plugin>
 +
                        <groupId>org.apache.maven.plugins</groupId>
 +
                        <artifactId>maven-surefire-plugin</artifactId>
 +
                        <version>${surefire.version}</version>
 +
                        <configuration>
 +
                            <excludes>
 +
                                <exclude>**/*TestAPI</exclude>
 +
                                <exclude>**/*IntegrationTest</exclude>
 +
                            </excludes>
 +
                        </configuration>
 +
                    </plugin>
 +
 +
                    <!-- To run INTEGRATION tests and generate execution reports. These reports are required for SonarQube -->
 +
                    <plugin>
 +
                        <groupId>org.apache.maven.plugins</groupId>
 +
                        <artifactId>maven-failsafe-plugin</artifactId>
 +
                        <version>${surefire.version}</version>
 +
                        <configuration>
 +
                            <includes>
 +
                                <include>**/*TestAPI</include>
 +
                                <include>**/*IntegrationTest</include>
 +
                            </includes>
 +
                        </configuration>
 +
                        <executions>
 +
                            <execution>
 +
                                <id>default-integration-test</id>
 +
                                <goals>
 +
                                    <goal>integration-test</goal>
 +
                                </goals>
 +
                            </execution>
 +
                        </executions>
 +
                    </plugin>
 +
 +
                    <!-- JACOCO test coverage plugin.
 +
                        Use it to compile SUREFIRE (unit tests) and FAILSAFE (integration tests) reports for SonarQube
 +
                        (i) attach that plugin to Maven TEST phase
 +
                        Reports are generated in "${project.build.directory}/site/jacoco/*" by default
 +
                        Good documentations:
 +
                            https://wiki.onap.org/display/DW/Implementing+Code+Coverage
 +
                            https://www.devcon5.ch/en/blog/2015/05/29/multi-module-integration-test-coverage-sonar-jacoco/
 +
                            https://www.eclemma.org/jacoco/trunk/doc/maven.html
 +
                        -->
 +
                    <plugin>
 +
                        <groupId>org.jacoco</groupId>
 +
                        <artifactId>jacoco-maven-plugin</artifactId>
 +
                        <version>${jacoco.version}</version>
 +
                        <configuration>
 +
                            <append>true</append>
 +
                            <!-- Use offline bytecode (with powermock changes) -->
 +
                            <excludes>
 +
                                <exclude>*</exclude>
 +
                            </excludes>
 +
                        </configuration>
 +
                        <executions>
 +
                            <!-- Support for PowerMock tests -->
 +
                            <!-- See https://www.igorkromin.net/index.php/2018/03/06/quick-look-at-jacoco-vs-cobertura-performance-and-coverage-results/ -->
 +
                            <execution>
 +
                                <id>jacoco-instrument</id>
 +
                                <goals>
 +
                                    <goal>instrument</goal>
 +
                                </goals>
 +
                            </execution>
 +
                            <execution>
 +
                                <id>jacoco-restore-instrumented-classes</id>
 +
                                <goals>
 +
                                    <goal>restore-instrumented-classes</goal>
 +
                                </goals>
 +
                            </execution>
 +
                            <!-- ## UNIT TESTS ## -->
 +
                            <!-- Configure JaCoCo runtime agent. It is passed as VM argument when Maven SUREFIRE plugin is executed. -->
 +
                            <execution>
 +
                                <id>pre-unit-tests</id>
 +
                                <goals>
 +
                                    <goal>prepare-agent</goal>
 +
                                </goals>
 +
                            </execution>
 +
                            <!-- Create reports -->
 +
                            <execution>
 +
                                <id>report-unit-tests</id>
 +
                                <goals>
 +
                                    <goal>report</goal>
 +
                                </goals>
 +
                            </execution>
 +
                            <!-- ## INTEGRATION TESTS ## -->
 +
                            <!-- Configure JaCoCo runtime agent. It is passed as VM argument when Maven FAILSAFE plugin is executed. -->
 +
                            <execution>
 +
                                <id>pre-integration-tests</id>
 +
                                <goals>
 +
                                    <goal>prepare-agent-integration</goal>
 +
                                </goals>
 +
                            </execution>
 +
                            <!-- Create reports -->
 +
                            <execution>
 +
                                <id>report-integration-tests</id>
 +
                                <goals>
 +
                                    <goal>report-integration</goal>
 +
                                </goals>
 +
                            </execution>
 +
                            <!-- ## MERGE ALL TESTS reports ## -->
 +
                            <execution>
 +
                                <id>merge</id>
 +
                                <goals>
 +
                                    <goal>merge</goal>
 +
                                </goals>
 +
                                <configuration>
 +
                                    <!-- Only 1 destination file to aggregate ALL integration tests reports -->
 +
                                    <!-- the "session.executionRootDirectory" = parent folder that is being build by Jenkins -->
 +
                                    <destFile>${session.executionRootDirectory}/target/jacoco-it.exec</destFile>
 +
                                    <fileSets>
 +
                                        <fileSet implementation="org.apache.maven.shared.model.fileset.FileSet">
 +
                                            <directory>${project.build.directory}</directory>
 +
                                            <includes>
 +
                                                <include>**/*.exec</include>
 +
                                            </includes>
 +
                                        </fileSet>
 +
                                    </fileSets>
 +
                                </configuration>
 +
                            </execution>
 +
                        </executions>
 +
                    </plugin>
 +
 +
                    <!-- SonarQube engine -->
 +
                    <plugin>
 +
                        <groupId>org.sonarsource.scanner.maven</groupId>
 +
                        <artifactId>sonar-maven-plugin</artifactId>
 +
                        <!-- Do not forget to change version in JenkinsFile as well -->
 +
                        <version>3.6.0.1398</version>
 +
                    </plugin>
 +
                </plugins>
 +
            </build>
 +
        </profile>
 +
 +
 +
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 +
='''Jenkins'''=
  
Now your Maven configuration is complete at last.
 
  
 +
==Jenkins plugins==
  
=Jenkins configuration=
 
  
Now that you can generate these reports, especially the integration results, you need to configure Jenkins to use them!
+
To work with SonarQube, Jenkins requires the following plugins to be installed and enabled:
 +
* Maven Integration plugin
 +
* SonarQube scanner for Jenkins. See [https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins SonarQube documentation]
  
[[File:SonarQube jenkins configuration.png|900px|Jenkins SonarQube configuration]]
 
  
 +
Actions:
 +
* Log into Jenkins as an administrator
 +
* Go to '''Manage Jenkin''' > '''Manage plugins'''
  
To set up the Sonar Jenkins plugin to process already generated JaCoCo data files, the following properties must be specified in the "Additional properties" text box, under the Sonar installation being configured:
 
  
* <code>-Dsonar.dynamicAnalysis=reuseReports</code> ==> Tells SonarQube to reuse existing reports for unit tests execution and coverage reports
 
* <code>-Dsonar.jacoco.itReportPath={ABSOLUTE_PATH_TO_JENKINS}/workspace/target/reports/jacoco-it.exec</code> => integration tests report to process
 
  
 +
[[File:Jenkins settings plugins 2.PNG|1024px|Jenkins settings # Maven Integration plugin]]
  
 +
[[File:Jenkins settings plugins 1.PNG|1024px|Jenkins settings # SonarQube scanner for Jenkins]]
  
  
=Real life example=
 
  
You can check out one of my GitHub project:
 
* https://github.com/guihome-diaz/Languages > pom.xml
 
  
 +
==Global configuration==
  
Even better, you can check out this excellent tutorial:
+
* Log into Jenkins as an administrator
* https://github.com/dgageot/coverage
+
* Go to '''Manage Jenkins''' > '''Configure System'''
 +
* Scroll to the '''SonarQube servers section'''
 +
* Check ''Enable injection of SonarQube server configuration as build environment variables''
  
  
 +
[[File:Jenkins settings global.PNG|1024px|Jenkins Global configuration # SonarQube]]
  
=Appendices=
 
  
  
==Run tests in specific order==
 
  
If for some reasons you need to run your tests in a particular order you can say do so in Maven and/or Java
+
==Job configuration==
  
'''Reminder''' : if you have to run your tests in a particular order then you should refactor your tests! These tricks should not let you escape from that!
+
Now that you can generate these reports, especially the integration tests results, you need to configure Jenkins to use them!
  
  
===Maven===
+
===Maven build (legacy)===
  
The <code>runOrder</code> is a nice trick.
+
This explain how to configure a '''Maven build''' (legacy) with SonarQube Runner.
  
<syntaxhighlight lang="xml">
 
    <build>
 
        <plugins>
 
            <plugin>
 
                SUREFIRE or FAILSAFE
 
  
                <configuration>
+
In the '''Build Environment''' section > check ''Prepare SonarQube Scanner environment''
                    <!-- JVM settings -->
+
 
                    <argLine>-Xmx1024m -XX:maxPermSize:256m</argLine>
+
[[File:Jenkins_build_maven_1.PNG|770px|Jenkins Build configuration #1]]
                    <forkCount>1</forkCount>
+
 
                    <reuseForks>true</reuseForks>
+
 
                     <runOrder>alphabetical</runOrder>
+
 
                     <!-- Jacoco execution -->                  
+
Then, set the '''Build''' command line:
                     <argLine>${jacoco.agent.it.arg}</argLine>
+
 
                     ...
+
[[File:Jenkins_build_maven_2.PNG|1024px|Jenkins Build configuration #2]]
                 </configuration>
+
 
             </plugin>
+
 
 +
Adjust the SonarQube server URL + path to integration tests reports!
 +
 
 +
* Maven build: <code>clean install</code> or <code>clean deploy</code>
 +
* Use SonarQube
 +
** Enable plugin: <code>$SONAR_MAVEN_GOAL</code>  
 +
** Set SonarQube server URL: <code>-Dsonar.host.url=http://localhost:9000/sonarqube</code>
 +
** Give path of Integration tests: <code>-Dsonar.jacoco.itReportPath=/var/lib/jenkins/workspace/Flow.e.r.s/target/jacoco-it.exec</code>
 +
 
 +
 
 +
 
 +
 
 +
=JenkinsFile (Pipelines)=
 +
 
 +
'''Requirements''': have a local SonarQube instance configured in Jenkins, called "''sonarqube''"
 +
 
 +
<syntaxhighlight lang="groovy">
 +
pipeline {
 +
 
 +
    parameters {
 +
        booleanParam(defaultValue: false, description: 'Enable quality control', name: 'qualityControlEnabled')
 +
        booleanParam(defaultValue: false, description: 'Enable Maven dependencies checks (missing declaration / unused libraries / etc.)', name: 'mvnDependenciesChecksEnabled')
 +
        booleanParam(defaultValue: false, description: 'Enable OWASP checks (search for known vulnerabilities in libraries)', name: 'owaspChecksEnabled')
 +
    }
 +
 
 +
 
 +
    stages {
 +
        stage('Checkout') {
 +
            steps {
 +
                checkout scm
 +
            }
 +
        }
 +
 
 +
        stage('MVN dependencies checks') {
 +
            when {
 +
                expression { params.mvnDependenciesChecksEnabled }
 +
            }
 +
            steps {
 +
                withMaven(
 +
                        maven: 'Maven 3.5.2',
 +
                        mavenLocalRepo: '.repository'
 +
                ) {
 +
                     echo "MVN dependencies checks [unused / missing / bad scope / etc.]"
 +
                    sh "mvn org.apache.maven.plugins:maven-dependency-plugin:analyze-report"
 +
                }
 +
            }
 +
        }
 +
 
 +
        stage('OWASP vulnerabilities checks') {
 +
            when {
 +
                expression { params.owaspChecksEnabled }
 +
            }
 +
            steps {
 +
                withMaven(
 +
                        maven: 'Maven 3.5.2',
 +
                        mavenLocalRepo: '.repository'
 +
                ) {
 +
                    echo "OWASP vulnerabilities checks [lib. with security issue(s)]"
 +
                     sh "mvn org.owasp:dependency-check-maven:check"
 +
                    // sh "mvn org.owasp:dependency-check-maven:aggregate"
 +
 
 +
                    // Publish report in Jenkins
 +
                    dependencyCheckPublisher failedTotalHigh: '0', unstableTotalHigh: '1', failedTotalNormal: '2', unstableTotalNormal: '5'
 +
                }
 +
            }
 +
        }
 +
 
 +
        stage('Build') {
 +
            /*
 +
            when {
 +
                //  optional: my condition(s)
 +
            }
 +
            */
 +
            steps {
 +
                withMaven(
 +
                        maven: 'Maven 3.5.2',
 +
                        mavenLocalRepo: '.repository'
 +
                 ){
 +
                     script {
 +
                        if (params.qualityControlEnabled) {
 +
                            // On human request only
 +
                            echo "Building with QUALITY controls from ${BRANCH_NAME} ..."
 +
                            sh "mvn clean install -Pquality_control"
 +
                        } else {
 +
                            // Default case - for automatic builds
 +
                            echo "Standard build"
 +
                            sh "mvn clean install"
 +
                        }
 +
                     }
 +
                }
 +
            }
 +
        }
 +
 
 +
        stage('SonarQube') {
 +
            when {
 +
                expression { params.qualityControlEnabled }
 +
            }
 +
            steps {
 +
                withMaven(
 +
                        maven: 'Maven 3.5.2',
 +
                        mavenLocalRepo: '.repository'
 +
                 ){
 +
                    withSonarQubeEnv('sonarqube') {
 +
                        echo "Static code analysis with SonarQube runner"
 +
                        // TODO ensure the version of the plugin matches the one in the PARENT pom
 +
                        sh "mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar -Dsonar.projectName=\"my_project ($BRANCH_NAME)\" -Dsonar.projectKey=my_project:$BRANCH_NAME -Pquality_control"
 +
                    }
 +
                }
 +
            }
 +
        }
 +
    }
 +
 
 +
    post {
 +
        always {
 +
            echo 'Cleaning workspace'
 +
             deleteDir()
 +
        }
 +
    }
  
        </plugins>
 
    </build>
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
===Java===
 
  
Since jUnit 4.11 you can set the order of your tests.
+
See [https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins#AnalyzingwithSonarQubeScannerforJenkins-AnalyzinginaJenkinspipeline SonarQube documentation]
 +
 
 +
='''SonarQube'''=
 +
 
 +
 
 +
By default there will be '''1 sonarqube''' entry for every Jenkins '''artifactId'' that is build (parent name).
 +
 
 +
 
 +
==How to see the code coverage by module?==
 +
 
 +
To have a quick glance of the project's modules:
 +
 
 +
* SonarQube > project > '''Code'''
 +
 
 +
[[File:Sonarqube results 2.PNG|1024px|SonarQube view results #1]]
 +
 
 +
 
 +
* SonarQube > project > '''Measures''' > ''Expand'' '''coverage'' > '''Conditions coverage'''
 +
 
 +
[[File:Sonarqube results 1.PNG|1024px|SonarQube view results #2]]
 +
 
 +
 
 +
 
 +
==How to see measures by module?==
 +
 
 +
By default SonarQube display measures for all the project's modules. This is sometimes not convenient... The old "code" dashboard has been removed, but you can still see the measure by sub-module with a little trick.
 +
 
 +
 
 +
1. Select a module to analyze from the "code" menu
 +
 
 +
[[File:Sonarqube module selection 1.PNG|1024px|SonarQube select module, step 1]]
 +
 
 +
 
 +
2. Notice the SonarQube URL and the selection parameter
 +
 
 +
[[File:Sonarqube module selection 2.PNG|800px|SonarQube select module, step 2]]
 +
 
 +
 
 +
3. Copy that <code>&selected=..</code> parameter
 +
 
 +
 
 +
4. Parse the value on the measures page
 +
 
 +
[[File:Sonarqube module selection 3.PNG|925px|SonarQube select module, step 3]]
 +
 
 +
 
 +
5. All good! You can browse the measures for that particular module.
 +
 
 +
 
 +
 
 +
==SonarQube plugins==
 +
 
 +
Go to SonarQube > Administration > Marketplace > "All"
 +
 
 +
 
 +
I advised you to install:
 +
* Code smells
 +
* FindBugs
 +
* Git
 +
* JaCoCo (mandatory)
 +
* PMD
 +
 
 +
 
 +
 
 +
=How to disable rule(s) in SonarQube=
 +
 
 +
(i) This operation is only for logged user with administrators rights.
 +
 
 +
 
 +
==Quality profile==
 +
 
 +
First of all you have to create a custom quality profile.
 +
* Go to '''Quality profiles'''
 +
* Click on the '''wheel''' of the quality profile you'd like to adjust > '''copy'''
 +
* Name the new profile > Click on the '''wheel''' top right > '''set as default'''
 +
 
 +
 
 +
[[File:Create quality profile.png|750px|SonarQube # create quality profile]]
 +
 
 +
 
 +
 
 +
==Disable / Enable rule for quality profile==
 +
 
 +
* Go to '''Rules'''
 +
* Search for the rule you want to modify
 +
* Click on the rule name
 +
 
 +
[[File:Disable rule 1.PNG|1024px|SonarQube # disable rule screen 1]]
 +
 
 +
* Scroll down to the quality profile view
 +
* Disable rule for particular quality profile(s)
 +
 
 +
[[File:Disable rule 2.PNG|1024px|SonarQube # disable rule screen 2]]
 +
 
 +
 
 +
 
 +
 
 +
=Other=
 +
 
 +
==jUnit tests ordering==
 +
 
 +
Since jUnit 4.11 you can set the order of your tests. '''If you have to use that it means something is probably wrong with your tests design'''!
 +
 
  
 
* Set order to the Class level: https://github.com/junit-team/junit/wiki/Test-execution-order
 
* Set order to the Class level: https://github.com/junit-team/junit/wiki/Test-execution-order
* Set custom order: http://memorynotfound.com/run-junit-tests-method-order/  
+
* Set custom order: http://memorynotfound.com/run-junit-tests-method-order/
 +
 
  
  
Line 363: Line 788:
 
=References=
 
=References=
  
This article is based on my daily work in VEHCO.
+
This article is based on my daily work in VEHCO + European Parliament + LuxTrust.
  
To update to SonarQube I used the following articles and code examples:
+
This article is based on a lot of research and code browsing. Following articles are very good:
* http://www.aheritier.net/maven-failsafe-sonar-and-jacoco-are-in-a-boat/
+
* [https://wiki.onap.org/display/DW/Implementing+Code+Coverage ONAP wiki: how to setup code coverage for a lot of languages: including java, python & javascript]
* VERY good GitHub example, provided by the same author: https://github.com/dgageot/coverage
+
* [https://www.devcon5.ch/en/blog/2015/05/29/multi-module-integration-test-coverage-sonar-jacoco/ Multi module integration test coverage with Sonar and Jacoco]
 +
* [https://www.eclemma.org/jacoco/trunk/doc/maven.html Jacoco official documentation]
 +
 
 +
PowerMock support
 +
* [https://www.igorkromin.net/index.php/2018/02/20/jacoco-reports-missing-code-coverage-for-tests-using-powermock/ How to include PowerMock tests coverage into JaCoCo]
 +
* [https://snmaddula.github.io/tuning-jacoco-for-powermock/ PowerMock with Jacoco]
 +
 
 +
 
 +
Other article that are relevant for older versions of Sonar (versions < 6.x with Java 7)
 
* http://stackoverflow.com/questions/26253277/jacoco-agent-for-integration-tests-on-remote-machine
 
* http://stackoverflow.com/questions/26253277/jacoco-agent-for-integration-tests-on-remote-machine
 
+
* Nice tutorial: https://www.petrikainulainen.net/programming/maven/creating-code-coverage-reports-for-unit-and-integration-tests-with-the-jacoco-maven-plugin/
Jenkins configuration:
 
* http://blog.ccbill.com/2014/07/code-coverage-with-surefire-and-jacoco.html
 

Latest revision as of 08:18, 22 May 2019


This article explains how to configure your maven projects to produce reports + how to configure Jenkins with SonarQube, bringing both Unit and Integration tests coverage.


Requirements

  • Testing libraries: jUnit 4.12 or + / optional, for static class mocking: Powermock 1.7.x or +
  • Maven must run on Java 8 or +
  • You must use Sonarqube 7.x or +
  • Jenkins must be v2.164.1 or + (LTS version)


Principle

TODO

You just have to define the configuration once, in the parent POM.

  • Jenkins
    • Requirements: plugins / setup
    • Job configuration
  • Maven plugins list
    • Reports generation : unit / integration tests
    • Jacoco binaries : many unit tests "jacoco.exec" / 1 single aggregation for "jacoco-it.exec"
    • SonarQube plugin
  • Jenkins usage



Maven plugins

Surefire UNIT Tests

Surefire is for UNIT tests = tests that should only use: plain java / Mockito / PowerMock / etc.


By default, the Surefire Plugin will automatically include all test classes with the following wildcard patterns:

  • **/Test*.java - includes all of its subdirectories and all Java filenames that start with "Test".
  • **/*Test.java - includes all of its subdirectories and all Java filenames that end with "Test".
  • **/*Tests.java - includes all of its subdirectories and all Java filenames that end with "Tests".
  • **/*TestCase.java - includes all of its subdirectories and all Java filenames that end with "TestCase".

If the test classes do not follow any of these naming conventions, then configure Surefire Plugin and specify the tests you want to include.

See Maven Surefire plugin documentation


(i) It is safer to exclude the integration tests patterns as well, depending on your own development setup:

  • **/*TestAPI.java
  • **/*IntegrationTest.java


Results are saved in each Maven module, in XML and TXT formats: $module/target/surefire-reports/*


    <properties>
        <!-- Set the reporting settings -->
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    </properties>


    <build>
        <plugins>
            <!-- To run UNIT tests and generate execution reports. These reports are required for SonarQube -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-surefire-plugin</artifactId>
                <version>2.22.1</version>
                <configuration>
                    <excludes>
                        <exclude>**/*TestAPI</exclude>
                        <exclude>**/*IntegrationTest</exclude>
                    </excludes>
                </configuration>
            </plugin>

            ...
        </plugins>
    </build>



Failsafe INTEGRATION tests

Failsafe will process the Integration Tests = tests that should use Spring test / black box tests / etc.


By default, the Failsafe Plugin will automatically include all test classes with the following wildcard patterns:

  • **/IT*.java - includes all of its subdirectories and all Java filenames that start with "IT".
  • **/*IT.java - includes all of its subdirectories and all Java filenames that end with "IT".
  • **/*ITCase.java - includes all of its subdirectories and all Java filenames that end with "ITCase".

If the test classes do not follow any of these naming conventions, then configure Failsafe Plugin and specify the tests you want to include.


Results are saved in each Maven module:

  • Results are saved in XML and TXT formats in $module/target/failsafe-reports/*
  • Results are saved in BINARY (jacoco format) in $module/target/jacoco-it.exec


Notes:

  • No tests will be run if mvn clean install -DskipIntegrationTests
  • The exclusion | inclusion list is something that depends on your own situation


    <properties>
        <!-- Set the reporting settings -->
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    </properties>


    <build>
        <plugins>

            <!-- To run INTEGRATION tests and generate execution reports. These reports are required for SonarQube -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-failsafe-plugin</artifactId>
                <version>2.22.1</version>
                <configuration>
                    <includes>
                        <include>**/*TestAPI</include>
                        <include>**/*IntegrationTest</include>
                    </includes>
                </configuration>
                <executions>
                    <execution>
                        <id>default-integration-test</id>
                        <goals>
                            <goal>integration-test</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>

            ...
        </plugins>
    </build>



Jacoco code coverage

Jacoco is a plugin that will:

  1. Parse SUREFIRE and FAILSAFE results
  2. Extract and generate code coverage reports (XML format)
  3. Convert the XML into binaries (*.exec) for SonarQube


Jacoco will generate the following binaries reports:

  • 1 unit test report per project, for every module: $parent/$module/target/jacoco.exec
  • 1 centralized integration test report: $parent/target/jacoco-it.exec


    <properties>
        <!-- Project configuration -->
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <!-- Sonar -->
        <!-- Tell sonar where to look for the binaries coverage files. Property inherited by submodules -->
        <sonar.junit.reportPaths>${project.build.directory}/surefire-reports</sonar.junit.reportPaths>
        <sonar.jacoco.reportPath>${project.build.directory}/jacoco.exec</sonar.jacoco.reportPath>
        <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
        <!-- Integration tests -->
        <sonar.jacoco.itReportPath>${project.build.directory}/jacoco-it.exec</sonar.jacoco.itReportPath>
    </properties>


    <build>
        <plugins>
            ... 

            <!-- JACOCO test coverage plugin.
                 Use it to compile SUREFIRE (unit tests) and FAILSAFE (integration tests) reports for SonarQube
                 (i) attach that plugin to Maven TEST phase
                 Reports are generated in "${project.build.directory}/site/jacoco/*" by default
                 Good documentations:
                    https://wiki.onap.org/display/DW/Implementing+Code+Coverage
                    https://www.devcon5.ch/en/blog/2015/05/29/multi-module-integration-test-coverage-sonar-jacoco/
                    https://www.eclemma.org/jacoco/trunk/doc/maven.html
                 -->
            <plugin>
                <groupId>org.jacoco</groupId>
                <artifactId>jacoco-maven-plugin</artifactId>
                <version>0.8.3</version>
                <configuration>
                    <append>true</append>
                    <!-- Use offline bytecode (with powermock changes) -->
                    <excludes>
                        <exclude>*</exclude>
                    </excludes>
                </configuration>
                <executions>
                    <!-- Support for PowerMock tests -->
                    <!-- See https://www.igorkromin.net/index.php/2018/03/06/quick-look-at-jacoco-vs-cobertura-performance-and-coverage-results/ -->
                    <execution>
                        <id>jacoco-instrument</id>
                        <goals>
                            <goal>instrument</goal>
                        </goals>
                    </execution>
                    <execution>
                        <id>jacoco-restore-instrumented-classes</id>
                        <goals>
                            <goal>restore-instrumented-classes</goal>
                        </goals>
                    </execution>

                    <!-- ## UNIT TESTS ## -->
                    <!-- Configure JaCoCo runtime agent. It is passed as VM argument when Maven SUREFIRE plugin is executed. -->
                    <execution>
                        <id>pre-unit-tests</id>
                        <goals>
                            <goal>prepare-agent</goal>
                        </goals>
                    </execution>
                    <!-- Create reports -->
                    <execution>
                        <id>report-unit-tests</id>
                        <goals>
                            <goal>report</goal>
                        </goals>
                    </execution>
                    <!-- ## INTEGRATION TESTS ## -->
                    <!-- Configure JaCoCo runtime agent. It is passed as VM argument when Maven FAILSAFE plugin is executed. -->
                    <execution>
                        <id>pre-integration-tests</id>
                        <goals>
                            <goal>prepare-agent-integration</goal>
                        </goals>
                        <configuration>
                            <!-- Only 1 destination file to aggregate ALL integration tests reports -->
                            <!-- the "session.executionRootDirectory" = parent folder that is being build by Jenkins -->
                            <destFile>${session.executionRootDirectory}/target/jacoco-it.exec</destFile>
                            <append>true</append>
                        </configuration>
                    </execution>
                    <!-- Create reports -->
                    <execution>
                        <id>report-integration-tests</id>
                        <goals>
                            <goal>report-integration</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>

        </plugins>
    </build>



SonarQube plugin

SonarQube released a maven plugin to work with SONAR. This plugin already includes most of the configuration and default behavior is correct.

  • Sonar will read Jacoco "exec" binaries files
  • Sonar will process the Surefire & Failsafe reports


    <properties>
        <!-- Sonar -->
        <sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
        <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
        <sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
    </properties>


    <build>
        <plugins>
            ..

            <!-- SonarQube engine -->
            <plugin>
                <groupId>org.sonarsource.scanner.maven</groupId>
                <artifactId>sonar-maven-plugin</artifactId>
                <!-- Do not forget to change version in JenkinsFile as well -->
                <version>3.6.0.1398</version>
            </plugin>
        </plugins>
    </build>



Maven complete POM example

This is how the parent POM should look like to use SonarQube with correct coverage in dedicated PROFILE.

To execute: mvn clean install -Pquality_control


    <properties>
        <!-- Project configuration -->
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        ...  
        <!-- jUnit -->
        <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
             <version>${junit.version}</version>
             <scope>test</scope>
        </dependency>      
    </dependencies>

    <profiles>
        <profile>
            <id>quality_control</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <!-- SonarQube and Jacoco tests reports -->
                <surefire.version>2.22.2</surefire.version>
                <jacoco.version>0.8.3</jacoco.version>
                <!-- Sonar global configuration -->
                <sonar.language>java</sonar.language>
                <sonar.sourceEncoding>${project.reporting.outputEncoding}</sonar.sourceEncoding>
                <sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
                <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
                <sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
                <!-- Dependencies checks (OWASP) reports -->
                <!-- sonar.dependencyCheck.reportPath>${project.build.directory}/dependency-check-report.xml</sonar.dependencyCheck.reportPath -->
                <!-- Tell sonar where to look for the UNIT coverage files. Property inherited by submodules -->
                <sonar.junit.reportPaths>${project.build.directory}/surefire-reports</sonar.junit.reportPaths>
                <sonar.jacoco.reportPath>${project.build.directory}/jacoco.exec</sonar.jacoco.reportPath>
                <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
                <!-- Integration tests -->
                <sonar.jacoco.itReportPath>${project.build.directory}/jacoco-it.exec</sonar.jacoco.itReportPath>
            </properties>

            <!-- To generate units and integrations test reports -->
            <build>
                <plugins>
                    <!-- To run UNIT tests and generate execution reports. These reports are required for SonarQube -->
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-surefire-plugin</artifactId>
                        <version>${surefire.version}</version>
                        <configuration>
                            <excludes>
                                <exclude>**/*TestAPI</exclude>
                                <exclude>**/*IntegrationTest</exclude>
                            </excludes>
                        </configuration>
                    </plugin>

                    <!-- To run INTEGRATION tests and generate execution reports. These reports are required for SonarQube -->
                    <plugin>
                        <groupId>org.apache.maven.plugins</groupId>
                        <artifactId>maven-failsafe-plugin</artifactId>
                        <version>${surefire.version}</version>
                        <configuration>
                            <includes>
                                <include>**/*TestAPI</include>
                                <include>**/*IntegrationTest</include>
                            </includes>
                        </configuration>
                        <executions>
                            <execution>
                                <id>default-integration-test</id>
                                <goals>
                                    <goal>integration-test</goal>
                                </goals>
                            </execution>
                        </executions>
                    </plugin>

                    <!-- JACOCO test coverage plugin.
                         Use it to compile SUREFIRE (unit tests) and FAILSAFE (integration tests) reports for SonarQube
                         (i) attach that plugin to Maven TEST phase
                         Reports are generated in "${project.build.directory}/site/jacoco/*" by default
                         Good documentations:
                            https://wiki.onap.org/display/DW/Implementing+Code+Coverage
                            https://www.devcon5.ch/en/blog/2015/05/29/multi-module-integration-test-coverage-sonar-jacoco/
                            https://www.eclemma.org/jacoco/trunk/doc/maven.html
                         -->
                    <plugin>
                        <groupId>org.jacoco</groupId>
                        <artifactId>jacoco-maven-plugin</artifactId>
                        <version>${jacoco.version}</version>
                        <configuration>
                            <append>true</append>
                            <!-- Use offline bytecode (with powermock changes) -->
                            <excludes>
                                <exclude>*</exclude>
                            </excludes>
                        </configuration>
                        <executions>
                            <!-- Support for PowerMock tests -->
                            <!-- See https://www.igorkromin.net/index.php/2018/03/06/quick-look-at-jacoco-vs-cobertura-performance-and-coverage-results/ -->
                            <execution>
                                <id>jacoco-instrument</id>
                                <goals>
                                    <goal>instrument</goal>
                                </goals>
                            </execution>
                            <execution>
                                <id>jacoco-restore-instrumented-classes</id>
                                <goals>
                                    <goal>restore-instrumented-classes</goal>
                                </goals>
                            </execution>
                            <!-- ## UNIT TESTS ## -->
                            <!-- Configure JaCoCo runtime agent. It is passed as VM argument when Maven SUREFIRE plugin is executed. -->
                            <execution>
                                <id>pre-unit-tests</id>
                                <goals>
                                    <goal>prepare-agent</goal>
                                </goals>
                            </execution>
                            <!-- Create reports -->
                            <execution>
                                <id>report-unit-tests</id>
                                <goals>
                                    <goal>report</goal>
                                </goals>
                            </execution>
                            <!-- ## INTEGRATION TESTS ## -->
                            <!-- Configure JaCoCo runtime agent. It is passed as VM argument when Maven FAILSAFE plugin is executed. -->
                            <execution>
                                <id>pre-integration-tests</id>
                                <goals>
                                    <goal>prepare-agent-integration</goal>
                                </goals>
                            </execution>
                            <!-- Create reports -->
                            <execution>
                                <id>report-integration-tests</id>
                                <goals>
                                    <goal>report-integration</goal>
                                </goals>
                            </execution>
                            <!-- ## MERGE ALL TESTS reports ## -->
                            <execution>
                                <id>merge</id>
                                <goals>
                                    <goal>merge</goal>
                                </goals>
                                <configuration>
                                    <!-- Only 1 destination file to aggregate ALL integration tests reports -->
                                    <!-- the "session.executionRootDirectory" = parent folder that is being build by Jenkins -->
                                    <destFile>${session.executionRootDirectory}/target/jacoco-it.exec</destFile>
                                    <fileSets>
                                        <fileSet implementation="org.apache.maven.shared.model.fileset.FileSet">
                                            <directory>${project.build.directory}</directory>
                                            <includes>
                                                <include>**/*.exec</include>
                                            </includes>
                                        </fileSet>
                                    </fileSets>
                                </configuration>
                            </execution>
                        </executions>
                    </plugin>

                    <!-- SonarQube engine -->
                    <plugin>
                        <groupId>org.sonarsource.scanner.maven</groupId>
                        <artifactId>sonar-maven-plugin</artifactId>
                        <!-- Do not forget to change version in JenkinsFile as well -->
                        <version>3.6.0.1398</version>
                    </plugin>
                </plugins>
            </build>
        </profile>

Jenkins

Jenkins plugins

To work with SonarQube, Jenkins requires the following plugins to be installed and enabled:


Actions:

  • Log into Jenkins as an administrator
  • Go to Manage Jenkin > Manage plugins


Jenkins settings # Maven Integration plugin

Jenkins settings # SonarQube scanner for Jenkins



Global configuration

  • Log into Jenkins as an administrator
  • Go to Manage Jenkins > Configure System
  • Scroll to the SonarQube servers section
  • Check Enable injection of SonarQube server configuration as build environment variables


Jenkins Global configuration # SonarQube



Job configuration

Now that you can generate these reports, especially the integration tests results, you need to configure Jenkins to use them!


Maven build (legacy)

This explain how to configure a Maven build (legacy) with SonarQube Runner.


In the Build Environment section > check Prepare SonarQube Scanner environment

Jenkins Build configuration #1


Then, set the Build command line:

Jenkins Build configuration #2


Adjust the SonarQube server URL + path to integration tests reports!

  • Maven build: clean install or clean deploy
  • Use SonarQube
    • Enable plugin: $SONAR_MAVEN_GOAL
    • Set SonarQube server URL: -Dsonar.host.url=http://localhost:9000/sonarqube
    • Give path of Integration tests: -Dsonar.jacoco.itReportPath=/var/lib/jenkins/workspace/Flow.e.r.s/target/jacoco-it.exec



JenkinsFile (Pipelines)

Requirements: have a local SonarQube instance configured in Jenkins, called "sonarqube"

pipeline {

    parameters {
        booleanParam(defaultValue: false, description: 'Enable quality control', name: 'qualityControlEnabled')
        booleanParam(defaultValue: false, description: 'Enable Maven dependencies checks (missing declaration / unused libraries / etc.)', name: 'mvnDependenciesChecksEnabled')
        booleanParam(defaultValue: false, description: 'Enable OWASP checks (search for known vulnerabilities in libraries)', name: 'owaspChecksEnabled')
    }


    stages {
        stage('Checkout') {
            steps {
                checkout scm
            }
        }

        stage('MVN dependencies checks') {
            when {
                expression { params.mvnDependenciesChecksEnabled }
            }
            steps {
                withMaven(
                        maven: 'Maven 3.5.2',
                        mavenLocalRepo: '.repository'
                ) {
                    echo "MVN dependencies checks [unused / missing / bad scope / etc.]"
                    sh "mvn org.apache.maven.plugins:maven-dependency-plugin:analyze-report"
                }
            }
        }

        stage('OWASP vulnerabilities checks') {
            when {
                expression { params.owaspChecksEnabled }
            }
            steps {
                withMaven(
                        maven: 'Maven 3.5.2',
                        mavenLocalRepo: '.repository'
                ) {
                    echo "OWASP vulnerabilities checks [lib. with security issue(s)]"
                    sh "mvn org.owasp:dependency-check-maven:check"
                    // sh "mvn org.owasp:dependency-check-maven:aggregate"

                    // Publish report in Jenkins
                    dependencyCheckPublisher failedTotalHigh: '0', unstableTotalHigh: '1', failedTotalNormal: '2', unstableTotalNormal: '5'
                }
            }
        }

        stage('Build') {
            /*
            when {
                 //  optional: my condition(s)
            }
            */
            steps {
                withMaven(
                        maven: 'Maven 3.5.2',
                        mavenLocalRepo: '.repository'
                ){
                    script {
                        if (params.qualityControlEnabled) {
                            // On human request only
                            echo "Building with QUALITY controls from ${BRANCH_NAME} ..."
                            sh "mvn clean install -Pquality_control"
                        } else {
                            // Default case - for automatic builds
                            echo "Standard build"
                            sh "mvn clean install"
                        }
                    }
                }
            }
        }

        stage('SonarQube') {
            when {
                expression { params.qualityControlEnabled }
            }
            steps {
                withMaven(
                        maven: 'Maven 3.5.2',
                        mavenLocalRepo: '.repository'
                ){
                    withSonarQubeEnv('sonarqube') {
                        echo "Static code analysis with SonarQube runner"
                        // TODO ensure the version of the plugin matches the one in the PARENT pom
                        sh "mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar -Dsonar.projectName=\"my_project ($BRANCH_NAME)\" -Dsonar.projectKey=my_project:$BRANCH_NAME -Pquality_control"
                    }
                }
            }
        }
    }

    post {
        always {
            echo 'Cleaning workspace'
            deleteDir()
        }
    }


See SonarQube documentation

SonarQube

By default there will be 1 sonarqube' entry for every Jenkins artifactId that is build (parent name).


How to see the code coverage by module?

To have a quick glance of the project's modules:

  • SonarQube > project > Code

SonarQube view results #1


  • SonarQube > project > Measures' > Expand coverage > Conditions coverage

SonarQube view results #2


How to see measures by module?

By default SonarQube display measures for all the project's modules. This is sometimes not convenient... The old "code" dashboard has been removed, but you can still see the measure by sub-module with a little trick.


1. Select a module to analyze from the "code" menu

SonarQube select module, step 1


2. Notice the SonarQube URL and the selection parameter

SonarQube select module, step 2


3. Copy that &selected=.. parameter


4. Parse the value on the measures page

SonarQube select module, step 3


5. All good! You can browse the measures for that particular module.


SonarQube plugins

Go to SonarQube > Administration > Marketplace > "All"


I advised you to install:

  • Code smells
  • FindBugs
  • Git
  • JaCoCo (mandatory)
  • PMD


How to disable rule(s) in SonarQube

(i) This operation is only for logged user with administrators rights.


Quality profile

First of all you have to create a custom quality profile.

  • Go to Quality profiles
  • Click on the wheel of the quality profile you'd like to adjust > copy
  • Name the new profile > Click on the wheel top right > set as default


SonarQube # create quality profile


Disable / Enable rule for quality profile

  • Go to Rules
  • Search for the rule you want to modify
  • Click on the rule name

SonarQube # disable rule screen 1

  • Scroll down to the quality profile view
  • Disable rule for particular quality profile(s)

SonarQube # disable rule screen 2



Other

jUnit tests ordering

Since jUnit 4.11 you can set the order of your tests. If you have to use that it means something is probably wrong with your tests design!




References

This article is based on my daily work in VEHCO + European Parliament + LuxTrust.

This article is based on a lot of research and code browsing. Following articles are very good:

PowerMock support


Other article that are relevant for older versions of Sonar (versions < 6.x with Java 7)