This project illustrates how to integrate SonarQube with Codemagic. The same steps apply if you are integrating with their cloud based Sonar Cloud.
If you are integrating with SonarCloud, you will first need to configure your app:
- Log into SonarCloud here
- Enter an organization key and click on Continue.
- Choose the Free plan and click on Create Organization.
- Click on My Account.
- Under the Security tab, generate a token by entering a name and clicking on Generate.
- Copy the token so you can use it as an environment variable in your Codemagic workflow.
- Click on the “+” button in the top-right corner, and select Analyze a new project to add a new project.
- Select the project and click on Set Up.
- Wait for the initial analysis to complete, then modify the Last analysis method.
- Turn off the SonarCloud Automatic Analysis.
You can now upload code analysis reports to SonarCloud from your CI/CD pipeline.
There are three environment variables that need to be added to your workflow for the SonarCloud integration: SONAR_TOKEN
, SONAR_PROJECT_KEY
, and SONAR_ORG_KEY
.
SONAR_TOKEN
is the token you created when setting up your accountSONAR_PROJECT_KEY
can be obtained from your project settings once it has been added to SonarCloudSONAR_ORG_KEY
is also obtained from your SonarCloud project settings
-
Open your Codemagic app settings, and go to the Environment variables tab.
-
Enter the desired Variable name, e.g.
SONAR_TOKEN
. -
Enter the required value as Variable value.
-
Enter the variable group name, e.g. sonarcloud_credentials. Click the button to create the group.
-
Make sure the Secure option is selected.
-
Click the Add button to add the variable.
-
Repeat the process to add all of the required variables.
-
Add the sonarcloud_credentials group in your
codemagic.yaml
file
environment:
groups:
- sonarcloud_credentials
To use SonarQube/SonarCloud with Android projects, you need to add the sonarqube plugin to the app/build.gradle
file:
plugins {
...
id "org.sonarqube" version "3.3"
...
}
For SonarQube to automatically detect pull requests when using Codemagic, you need to add an event in the triggering section of your codemagic.yaml
file as shown in the following snippet:
triggering:
events:
- pull_request
For triggering to work, you also need to set up webhook between Codemagic and your DevOps platform (Bitbucket, Github, etc.).
Caching the .sonar
folder would save build time on subsequent analyses. For this, add the following snippet to your codemagic.yaml
file:
cache:
cache_paths:
- ~/.sonar