Analyze source code with sonar - checkstyle

It is possible to take the source code directly from a svn repository and analyze it with sonar? Or configure sonar just to run a Checkstyle or pmd plugin for certain sources?
I need to do this on non-maven projects.

Sonar can run without maven entirely. Now there's sonar-runner

Yes, you just need to write a maven or ant script to check out the latest from SVN first, then run the sonar:sonar command.
It looks like Sonar forces you to create a pom.xml file and install maven2, even for a non-mavenized project: http://docs.sonarqube.org/display/SONAR/Analyzing+Source+Code
(fyi - Sonar is dead easy with a mavenized project, but in any setup the key will be in getting in the habit of looking at and using the results of Sonar to improve development. That's the hard part.)

Related

How to Set Maven Parameters in OpenShift

I'm completely new to OpenShift and so far ran in hundreds of bugs while trying to create my first application. Now I want to configure Maven to use my own goals. So far I tried:
adding a Jenkins and configuring the Maven Build - the Jenkins didn't take up the changes and finally stopped building altogether
adding a file .openshift/action_hook/pre_build with the content export MAVEN_ARGS="clean package -Popenshift" as explained here
adding a file .openshift/action_hook/build with the content mvn clean package -Popenshift as explained there
Evidently, the documentation is somewhat obsolete... so what is the correct way?
I finally managed to get the Jenkins to build with my goals. The misconception was that it would use the configured Maven goals INSTEAD of the default ones, when it would just use them additionally (he never had to, since the shell script failed). So deleting the script and adding a custom Maven build works.

How to integrate Parasoft (JTest) in Hudson?

I normally use JTest Parasoft as a plugin in Eclipse.
But now, I need to integrate JTest in Hudson, at a way that in the Post-build, JTest should run its tests over a Maven project.
So my questions are :
How to integrate JTest in Hudson? I found a plugin CppTest by Parasoft and not JTest...
How to specify the tests which should be run on the project? For example, configure JTest to run "Find unused code" which is included in "Static Analysis"...?
Thank you a lot.
Jtest has fully functional command line interface so generally integration should not be a problem.
As for your questions:
1) there is a Jtest plugin for Maven, so you will be able to trigger your post-build action easily. It's thoroughly described on http://build.parasoft.com .
2) you can specify the Test Configuration of your choice by using -Dparasoft.config option (i.e.: mvn parasoft:jtest -Dparasoft.config="user://Unused Code").
You can find all the parameters which can be used with parasoft:jtest goal described here: http://build.parasoft.com/docs/maven-parasoft-plugin/jtest-mojo.html .
We have integrated Jenkins with Jtest (Linux)
Downloaded the Jtest installers and installed in Jenkins server (in slaves too if you have slaves attached)
Env variables for same has been set (JTEST_HOME)
And now without any entries for Jtest in Pom or build.xml files, we
can directly call the jtestcli commands either in invoke shell
section or use Jtest goals with maven too.
We need to make sure that we have maven-parasoft-plugin 3.12 and Jtest dependencies available in maven repo (for maven projects) and we should have parasoft-ant-3.12.jar available which we need to place in ant lib folder (for ant projects).

Why does the sonar plugin in jenkins build everything again?

I installed Jenkins on my build machine and in the Jenkins config checked the box to run sonar analysis on my maven based project. It works but if I look at the log my entire project is built twice. Once from maven and once for sonar (still using maven). Any idea what I am doing wrong here?
Sonar analysis is performed through a maven plugin. So, whenever you start a sonar analysis, maven will run through all phases that come before the sonar phase, meaning that it will also run the compile and the test phase.
This means, if you want to do a Sonar analysis, you can make a Free-Style Job in Jenkins, configure no Build Step, and only activate the Sonar button. That should work, and should only build your code project once.

Hudson + Maven + Emma/Sonar = Build Cycle Runs 2x

I have a bunch of Maven projects building in Hudson with Sonar sitting in the side-lines. Sonar gives me Sonar stats, FindBugs stats, and code-coverage.
I've noticed that regardless of if I use Sonar or if I use EMMA via Maven directly, the entire build cycle runs twice. This includes init (which in my case, reinitializes the database -- expensive) and unit tests (a few hundred -- also expensive).
How can I prevent this? I did a lot of reading, and it seems like this is due to the design of code-coverage plugins -- to keep uninstrumented classes separated from instrumented ones.
I've tried configurations like:
Maven runs: deploy, EMMA
Maven runs: deploy; deploy to Sonar on completion
The sonar documentation recommends running the sonar plugin in 2 stages:-
mvn clean install -Dtest=false -DfailIfNoTests=false
mvn sonar:sonar
The tests are bypassed in the first phase and run implicitly in the second stage.
A one line alternative is to run the following command:-
mvn clean install sonar:sonar -Dmaven.test.failure.ignore=true
but this will run the tests twice - as you have found.
To add to #Strawberry's answer, you could reuse the unit test reports instead of running them again. Refer to the section Reuse existing unit test reports in the sonar documentation
Once this is done, you can configure the following in Hudson
clean deploy sonar:sonar

Execute command in Hudson as Post-build Actions

I am new in Hudson.
I would like to execute a 'sourcecodeanalyzer' command in Hudson as Post-build Actions to generate an html report. Please let me know is this at all possible, if yes let me know the Hudson configuration steps to execute the command.
Your earliest response in this regard will be extremely helpful.
Thanks in advance.
Yes, it is almost certainly possible.
You will need to configure the Hudson project to have either a post-build action or a build step that runs your source code analyzer.
You've not stated in your question precisely which analyzer - it may be that Hudson already has a plug-in installed for it, in which case it may be listed on the Config page for the project at the bottom under Post-build Actions.
If not, next check to see if there's a plug-in available for the analyzer that hasn't been installed. From the main Hudson page select Manage Hudson, then Manage Plugins, and choose the Available tab. If there is a plug-in available it's definitely a good idea to use it as they are generally very well integrated with Hudson itself.
As a last resort you'll have to configure a build step to run the analyzer. Configure the project, then choose "Add build step". The drop-down that appears depends on your environment (Windows or Linux) but should include the ability to run a shell command or batch file. You can configure your analyzer there.
(If you're building Windows Visual Studio applications, a more flexible way that I've used is to use the MSBuild plug-in for builds, and have an MSBuild script that builds the application and then runs analysis tools. This can automate pretty much everything: mine builds the application, builds an acceptance test database, runs the acceptance tests and copies the result HTML to a page linked from the project.)
You could create a new job with a "Execute Shell" build step. Type in the command you wish to run in the text box. Then all you have to do is trigger this job by selecting:
"Build after other projects are built"
And select the trigger job from the list.
Hope this helps!
As a follow up to Jeremy's post. If you don't see the ability to add post build steps, you might work with maven jobs. In that case you need the Hudson M2 Extra Steps Plugin. This will give you pre and post build steps.
I use the 'Post build task' plugin to delete some resources after a build. You could call any shell script or command lines. If you want you could make the call depends on some logging output.
there is one best way to solve this:
Upgrade to Fortify SCA 2.6.x (as of writing, latest version is 2.6.5).
Download the Fortify Maven Plugin version 2.6 from https://customerportal.fortify.com and install it into your Hudson server's Maven repository.
Update your project's pom to carry out the Fortify scan. There is an example provided with the Maven plugin.
Currently , I am experiment with sonar plug in. It looks great check the details here
http://sonar.codehaus.org/a-new-hudson-plugin-for-a-closer-integration-with-sonar/
http://wiki.hudson-ci.org/display/HUDSON/Sonar+plugin