Enhancing Code Quality: Integrating SonarQube into Your CircleCI Pipeline

Introduction :-

In the ever-evolving landscape of software development, maintaining high code quality is paramount. It’s the bedrock on which stable, secure, and scalable applications are built. However, ensuring #codequality can be challenging, especially in a world where rapid development and continuous integration are the norm.

Enter #SonarQube, a powerful tool designed to help developers and teams enhance their code quality. #SonarQube doesn’t just scan code for bugs and vulnerabilities; it delves deep into the intricacies of code, identifying technical debt, duplications, and other issues that may compromise the long-term maintainability of your software.

Pre-requestisites:-

• #CircleCI application with #GitHub (project) configured.
• #GitHub Repository with CircleCI full access.
• #SonarQubeAccess

Procedure :-

Step-1: First Login to your #SonarQube and generate a token, then copy it.

Step-2 :- Next Login to your circleci application and go to the contexts and then create a environment variable for #Sonarqube token in your circleci Context.

Step-3 :- Open your circleci config using a visual editor and add below job to run #Sonarqube on your project code.

version: 2.1

orbs:
  sonarscanner: psl/[email protected]

jobs:
  # Sonarqube scanner   
  scan:
    docker:
      - image: YOUR DOCKER IMAGE
    working_directory: /tmp/workspace
    environment:
      ENV_FILE: /tmp/workspace/.circleenv
      DOCKER_BUILDKIT: "1"
      BUILDKIT_PROGRESS: plain       
    steps:
    - checkout  
    - attach_workspace:
          at: /tmp/workspace    
    - run:
        name: Install Sonarqube scanner 
        command: |
            sudo apt-get update
            sudo apt-get install -y openjdk-11-jdk
            wget -O sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip
            unzip sonar-scanner.zip
            rm sonar-scanner.zip
    - run:
        name: Run Sonarscanner
        command: |
            export PATH="$PATH:$PWD/sonar-scanner-4.6.2.2472-linux/bin"
            sonar-scanner \
            -Dsonar.projectKey=$CIRCLE_BRANCH:$CIRCLE_PROJECT_REPONAME \
            -Dsonar.host.url=https://sonarqube.com/ \
            -Dsonar.login=$SONAR_TOKEN  workflows:
 
 version: 2
  main:
    jobs:
       - scan:
         context: sonarqube        

Step-4:- Commit your changes and push the code to the Github repository. Circleci will automatically trigger the changes and runs the pipeline.

Step-5 :- Go to the circleci projects and check whether the pipeline got triggered or not.

Step-6 :- Once the Job Completes, Go a head and check whether sonarqube detects bugs and vulnerabilities in code.

Source-code Link :- “https://github.com/MahiraTechnology/Mahira-medium.git”

Conclusion :-

In the world of modern software development, #codequality is non-negotiable. It’s about creating maintainable, efficient, and secure codebases. #SonarQube, with its comprehensive code analysis, is a valuable ally on this journey.

Integrating #SonarQube into your #CircleCI pipeline empowers your team to detect and rectify issues early. This proactive approach saves time, resources, and elevates the overall quality of your codebase