Update 30 June 2015
Part 2 is here with further instructions
Sonar Source is a an open source, browser based tool to manage code quality. You download and install it, setup some language specific plugins then let it loose on your codebase.
It basically reports on data generated by doing a static analysis of your code on things like:
- Duplicate code
- Comment coverage
- Coding rules
- Unit tests
- Code complexity etc
Installing it on a Mac is relatively painless, but there are quite a few steps to follow. Luckily brew comes to the rescue, so simply install it along with sonar-runner:
brew install sonar
brew install sonar-runner
The way it works is, Sonar itself is just a reporting tool. It needs data to report on. Sonar-runner is the tool that actually does the static analysis of your codebase and then stores that data in a local datastore. You have several options to use, I chose MySQL.
Make sure MySQL is running and create a new database to hold the data generated by sonar-runner. I called mine _sonarsource:
CREATE DATABASE sonar_source;
Create a new user (sonar/sonar) and set privileges:
CREATE USER 'sonar'@'localhost' IDENTIFIED BY 'sonar';
GRANT ALL PRIVILEGES ON sonar_source.* TO 'sonar'@'localhost';
Now you need to set the sonar configuration options, make sure you enter the correct database name (_sonarsource in our case). You can comment out most options except credentials and mysql (so comment out the embedded database):
You also need to specify in the sonar-runner properties file which database to connect to:
For me I uncommented out the MySQL connection details, and changed the databaes name in the connection string to _sonarsource
You should now be able to launch sonar, it’s a web based tool so everything is managed in a browser. Open a terminal and type:
That works because sonar is in your path (via brew). The command will launch sonar so navigate to http://localhost:9000 in your browser of choice. Login (admin/admin) and have a look around. Sonar takes around 20 seconds to fully start, so be patient.
Settings -> Configuration -> Update Center
Click on the Available Plugins tab and install what you need. I installed:
You’ll need to restart sonar for the installation(s) to take effect.
Now in the terminal, go to the root directory of a project you want sonar to inspect, and create a project specific properties file:
Here’s a sample file:
# required metadata
sonar.projectName=My Project Name
# optional description
sonar.projectDescription=Describe your project here
# path to source directories (required)
# path to test source directories (optional)
# path to project binaries (optional), for example directory of Java bytecode
# optional comma-separated list of paths to libraries. Only path to JAR file is supported.
# The value of the property must be the key of the language.
# Additional parameters
Finally in the root directory of your project you can now execute the sonar-runner by typing:
This is the step that’s actually examining your code, it only took about 10 seconds for me. Once that’s finished go back to the sonar webpage (localhost:9000) and you should magically have a project setup to review.
It’s a fantastic tool, so keep exploring :)
Update 6th May 2013
If you want to exclude certain files that are included in your sonar.sources property you can use wildcard matches. Note that although you can do this in the web console, that would be persisted in the local datastore but not in any project version control. I recommend putting this exclusion property in your sonar-project.properties file.
So, if you wanted to include everything in the scripts directory except the vendor folder:
Out of memory errors
If sonar-runner is parsing a large codebase you might get an error like the following:
Caused by: java.util.concurrent.ExecutionException: java.lang.OutOfMemoryError: Java heap space
Note: you can get more verbose output from the runner by adding the e flag:
You can increase the Java heap size by running the following:
export SONAR_RUNNER_OPTS="-Xmx512m -XX:MaxPermSize=512m"