Have code quality analysis in your Android Project
Developers should be proud of doing good code. But how can a developer recognises if it’s good enough?
And if a tool can help you with:
- Percentage/Number of duplication of code
- Size and Complexity of your code
- Possible issues/code smell in your code
- Test coverage of your Unit Tests
Most of you already know that SonarQube Server shows you all of these helpful analytic results, therefore this article has the goal to show you the importance of having a code quality reports and how you can configure it.
What is SonarQube?
SonarQube is a tool that “provides the capability to not only show health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality systematically”
Important SonarQube measures
Issues
SonarQube issues can be classified in these types:
1.BLOCKER
- High probability to impact the behaviour of the application like memory leaks, null pointers, etc
- Should be immediately solved
- Should make your build failing in your Continuous Integration system
2. CRITICAL
- High probability to impact the behaviour of the application but less than Blocker issues, like wrong visibility of a setter, wrong handling caught exception, etc
- Should be immediately reviewed
- Should notify the team that is number of critical issues is increasing
3. MAJOR
“Quality flaw which can highly impact the developer productivity: duplicated blocks, unused parameters, etc”
4. MINOR
“Quality flaw which can slightly impact the developer productivity: lines should not be too long, “switch” statements should have at least 3 cases,etc”
5. INFO
Neither a bug nor a quality flaw, just a finding, like a missing TODO in code.
SonarQube always gives you an explanation about each issue, a “Noncompliant Code Example” and most of the times a proper solution.
More info about issues here.
You can also define your own rules with what you think that it’s acceptable number of issues in your project, going to SonarQube > Quality Gates > “Select your project “.
How to configure it?
1. SonarQube server installation
- Download SonarQube here.
- Extract your sonarqube-{version}.zip
- Inside $SONAR_DOWNLOAD_DIR/sonarqube-{version}/bin you can see all the SO distributions:
> cd /$SONAR_DOWNLOAD_DIR/sonarqube-{version}/bin
> ls -l
drwxr-xr-x@ 3 x x 170 Oct 24 16:10 linux-x86–32
drwxr-xr-x@ 3 x x 170 Oct 24 16:10 linux-x86–64
drwxr-xr-x@ 3 x x 204 Nov 8 12:27 macosx-universal-64
drwxr-xr-x@ 3 x x 306 Oct 24 16:10 windows-x86–32
drwxr-xr-x@ 3 x x 306 Oct 24 16:10 windows-x86–64
...Please, select your distribution and follow the installation for Linux or Windows. If you are confortable with Linux, just create a symbolic link from /$SONAR_DOWNLOAD_DIR/sonarqube-{version}/bin/<linux-distribution>/sonar.sh
OR just make a quick test running directly:
> cd $SONAR_DOWNLOAD_DIR/sonarqube-{version}/bin/<linux-distribution>
> ./sonar.sh start
Starting SonarQube...
Started SonarQube.Now you should see an empty dashboard in your http://localhost:9000
2. Add Sonar Qube Scanner Gradle Plugin
- Add the plugin in your global build.gradle
apply plugin: 'org.sonarqube'2. Add in your project build.gradle
buildscript {
repositories {
...
maven {
url "https://plugins.gradle.org/m2/"
}
}dependencies {
classpath 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6'
}
}
You can check other latest release version here.
4. Sonar Project Configuration
4.1 Base configuration
- Go to your Android Project and add in your app/gradle.build file, a project configuration like this example:
sonarqube{
properties {
property "sonar.projectKey", "projectName"
<--more keys-->
}
}Example of more keys
sonar.projectVersion=<you can read your branch here with gradle>#credential by default
sonar.login=admin
sonar.password=admin#your base project directory
sonar.projectBaseDir=.#define a key for your project. Everytime that you push a new version of code, SonarQube will compare it according yout projectKey (usually this key doesn't change along of the time)
sonar.projectKey=Example-Proj-android#name that will appear in the list of your projects in sonarqube
sonar.projectName=Example-Proj-android##project sources
sonar.sources=app/src/main/java
sonar.java.source=app/src/main/java
#directory of project's binaries. Look inside your build/intermediates/class dir
sonar.java.binaries=app/build/intermediates/classes/prod/debug/com/example/android/architecture/blueprints/todoapp#(optional),directories if you want to exclude something
sonar.exclusions=app/something
Be aware that depending of your buildVariants and flavors configuration, those directories change for each project. Please run ./gradlew build and check your directories to confirm your project directories.
2. Testing configuration
If you have Unit Tests in your project and you want to see your test coverage/number of your unit tests, these are the keys to add in sonar-project.properties.
##testing area
sonar.tests=app/src/test/java
sonar.junit.reportsPath=app/build/test-results/testUnitTest#if you have Jacoco configured in your project (this will be necessary to show the code coverage)
sonar.jacoco.reportPath=app/build/jacoco/testUnitTest.exec
5. Push your reports to SonarQube
- Apply sonarqube-gradle-plugin in your gradle config.
- Run your tests ./gradlew clean testUnitTest
- Push your reports in your SonarQube server
> ./gradlew sonarqube -Dsonar.host.url=http://localhost:9000/This last step can easily be added to your Continuos Integration process, to avoid repeating it all the time. More information here.
If you are using Kotlin in your project, please add sonar-kotlin plugin to your SonarQube.
Conclusion
“Quality is an investment in the future”
