In this post, I will share how to set up SonarQube via Docker and use it to analyse your code. When working in a team you might want to set up a shared SonarQube instance somewhere. In case you would like to use Sonar locally, using Docker is quite easy and straight forward. You can also easily connect PHPStorm if you like.
run SonarQube in a Docker container
Let go and make sure you have Docker installed.
$ docker run -d --name sonarqube -p 9009:9000 sonarqube
By default, you can log in as admin with password admin, see authentication documentation. In the snipped above, I choose for another port than 9000, since I am a PHP developer and rather use my port 9000 for Xdebug.
Verify that SonarQube is running by visiting the server at http://0.0.0.0:9009/.
the next time you want to start SonarQube use the following command:
docker start sonarqube
Pro tip: If the SonarQube container does not run, that could be due to local changes required by Elastic Search
install the SonarQube runner
The SonarQube runner is installed locally and takes care of analysing and transferring your code to SonarQube.
- first install the binary for your operating system via the documentation. (pro tip: make sure
<install_directory>/binis in your $PATH so you can execute it from everywhere)
- next create a settings file based on your SonarQube container in Docker, place the file in
the following settings should work if you followed along, add them to your
#Configure here general information about the environment, such as SonarQube server connection details for example #No information about the specific project should appear here #----- Default SonarQube server sonar.host.url=http://localhost:9009 #----- Default source code encoding #sonar.sourceEncoding=UTF-8
setup a project in SonarQube
Next, you will set up a project in SonarQube, and link it to your project by configuring it by adding a
- start sonar in your browser: (http://0.0.0.0:9009/) and log in with admin / admin
- add a project by clicking the + and choose "create new project" see ...
- enter a name for your project and click generate to generate a token for this project.
- in your project root create a file with the name
- add the following lines to your properties file:
# Required metadata sonar.projectKey=<project token name from step 3> sonar.projectName=<user friendly project name> sonar.projectVersion=1.0 #Sonar server stuff sonar.login=<enter the generated token key> # Path to the parent source code directory.Plank Dock # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. # Since SonarQube 4.2, this property is optional if sonar.modules is set. # If not set, SonarQube starts looking for source code from the directory containing # the sonar-project.properties file. sonar.sources=<path to the source files> # Encoding of the source code sonar.sourceEncoding=UTF-8 # Additional parameters #sonar.my.property=value
- to test run
run SonarQube runner on your project
So in the previous chapter, you ran the
sonar-scanner command, if it did not report any errors, you can no go and view the results in SonarQube.
Visit sonar in your browser and take a look at the metrics. You can select the checks and quality levels by tweaking the Quality profiles and setup the Quality gates. It makes sense to go an try it our in your workflow and see what settings work best for your use case.