All articles

Android Developers: Code Review with SonarQube

When developing mobile apps, complexity increases as soon as you want to create something “out-of-the-box”.  On large projects, quality analysis tools are life savers. SonarQube is an open source platform for continuous inspection of code quality. Today, it supports more than 25 languages, but initially, SonarQube was developed to only analyze Java code. It has been extended since, and we are lucky it has the ability to analyze Android applications, especially through a plugin : Android Lint

SonarQube is a really great platform to start a continuous quality analysis. In projects, you will be able to monitor :

-Duplicated code
-Coding standards
-Unit tests
-Code coverage
-Code complexity
-Potential bugs
-Custom metrics

Monitoring can be done across languages, platforms, project and time, all while it’s running as a web server. Moreover it can be extended by plugins and integrated to your continuous integration flow, with Jenkins, etc.

This tutorial aims to introduce an easy way to test SonarQube locally, on your Android’s project.

Setup

In this tutorial, I introduce you to the latest version of SonarQube (5.1 at 17 June 2015) using a Linux machine. Please, be careful: with this configuration, your database will be embedded and it should be used for evaluation purposes only. According to SonarSource’s team, “The embedded database will not scale, it will not support upgrading to newer versions of SonarQube, and there is no support for migrating your data out of it into a different database engine.”

In your destination folder:


mkdir sonarqube 
cd sonarqube 
wget http://dist.sonar.codehaus.org/sonarqube-5.1.zip 
unzip sonarqube-5.1.zip 
cd sonarqube-5.1/ 

 

Ok, now we got Sonarqube on our local machine. Next, step, we launch SonarQube :

sh bin/{linux-version}/sonar.sh console

 

So, for me, it will be :

sh bin/linux-x86-64/sonar.sh console

Wait for the “Process[web] is up” Don’t close your terminal during the session 😉

Now, open your browser and go to: http://localhost:9000/
And now you have the first page of SonarQube ! Yes, it’s… empty

Be-Bound Code Review with SonarQube

The login/password are by default :

admin
admin

We are finished with SonarQube setup. Easy, no? The next step will be to setup your build.gradle file to be able to launch the analysis.

1- Java Testing 

We begin with Java testing: by default, SonarQube is set to analyze Java project.

Open your Android project and add this to your build.gradle  :

 



apply plugin: 'sonar-runner' 

sonarRunner { 
    sonarProperties { 
        property "sonar.host.url", "http://localhost:9000" // Address of Sonar server 
        property "sonar.sources", "src" // Sources 
        property "sonar.projectName", "Sonar Tutorial" // Name of your project 
        property "sonar.projectVersion", "0.2-SNAPSHOT" // Version of your project 
        property "sonar.projectDescription", "A wonderful project to analyse" // Description of your project 
    } 
} 

I think it’s pretty clear, isn’t it?

Last step, in Android Studio, launch the following command  from your terminal window:

 ./gradlew sonarRunner

Until you get this kind of message :

 INFO: ------------------------------------------------------------------------ 
 
INFO: EXECUTION SUCCESS 
 
INFO: ------------------------------------------------------------------------ 
 
Total time: 11.341s
 
Final Memory: 18M/754M 
 
INFO: ------------------------------------------------------------------------ 
 
BUILD SUCCESSFUL 
 
Total time: 16.792 secs 

Open your browser to:
http://localhost:9000/

And…

Code Review with SonarQubeCode Review with SonarQube

It’s really user friendly. You have major metrics on your project’s page, like duplications proportion or issues by criticality (Blocker, Critical, Major, Minor, Info). If you click these items, you can check the issues and you have clear explanations (how, where, why) along with examples of noncompliant code and suggestions for compliant solutions. It’s very useful during a stabilization phase. If your application can be built and if you have no issues -Blocker, Critical, Major, you are headed in the right direction! The next step should be unit testing, but I’ll save that for another tutorial.

2- Android Lint Testing

Now, we will set up SonarQube to be able to analyze Android’s project. Go to :

– Settings
– Update Center
– Available Plugins
– Android

Add this plugin. When it’s done, go to your terminal where SonarQube was started, and shut down the process [ctrl +c]. Restart with the same command that you used earlier :

sh bin/{linux-version}/sonar.sh console

Open your Android project and add this at your build.gradle:

 sonarRunner { 
    sonarProperties { 
        property "sonar.host.url", "http://localhost:9000" // Address of Sonar server 
        property "sonar.sources", "src" // Sources 
        property "sonar.projectName", "Sonar Tutorial" // Name of your project 
        property "sonar.projectVersion", "0.2-SNAPSHOT" // Version of your project 
        property "sonar.projectDescription", "A wonderful project to analyse" // Description of your project 
        property "sonar.profile", "Android Lint" // To use the profile Android Lint 
        property "sonar.import_unknown_files", true // To allow Sonar to verify the XML's files 
    }  

 

Code Review with SonarQube

In Android Studio, launch the following command from your terminal window:

./gradlew sonarRunner 

Until you have this message :

INFO: ------------------------------------------------------------------------ 
INFO: EXECUTION SUCCESS 
INFO: ------------------------------------------------------------------------ 
Total time: 10.812s 
Final Memory: 16M/677M 
INFO: ------------------------------------------------------------------------ 

BUILD SUCCESSFUL 

Total time: 16.243 secs

 

Now your project has been analyzed by SonarQube and Android Lint. Open your http://localhost:9000/ and check the results !

You can see the profile: Android Lint.

If you proceed to analyze day by day, you will be able to follow the progression of your code, with useful metrics like complexity ratio, etc, over time.

Enjoy discovering this new tool!