SonarQube in Android â Implementation tips and challenges faced
SonarQube in Android â Implementation tips and challenges faced ę´ë ¨
Introduction
SonarQube is an open-source tool that helps developers and teams improve the quality of their code:
- Code quality analysis: Analyzes code quality for over 30 languages, frameworks, and IaC platforms
- Automatic reviews: Performs automatic reviews with static analysis of code to detect bugs and code smells
- Integration with DevOps platforms: Integrates with GitHub, GitLab, Azure, and Bitbucket
- Real-time feedback: Provides immediate feedback in your IDE as you write code
- Quality gates: Keeps code with issues from being released to production
Steps to implement
I followed this medium article (@niranjanky14
)Â while trying to implement SonarQube.
Step 1. Download SonarQube Free Edition from below link
Step 2. Download and install Docker from below link
Step 3. Open terminal and run the following command
docker pull sonarqube:latest
Note
If you get an error â Docker command not found, then export its path
export PATH="$PATH:/Applications/Docker.app/Contents/Resources/bin/"
Keep Docker Application open in your system while typing the command docker pull sonarqube:latest, otherwise you may get the following error
Cannot connect to the Docker daemon at
unix:///var/run/docker.sock
. Is the docker daemon running?
If Step 3 is successful, you will see the following
docker pull sonarqube:latest
#
# latest: Pulling from library/sonarqube
# a186900671ab: Download complete
# 4821edbf1831: Download complete
# 4bec9b5f92ec: Download complete
# b0c3c08b4553: Download complete
# 4f4fb700ef54: Download complete
# 666db0722bb8: Download complete
# 26811a6e12de: Download complete
# 6c88cd8dd883: Download complete
# Digest: sha256:0842dcd4c8f851ce44f8edaf45ac93f7c9079017d60d99f614663e60cef5efe9
# Status: Downloaded newer image for sonarqube:latest
# docker.io/library/sonarqube:latest
Step 4:Â After step 3, enter the following command to pull all the necessary postgres library
If Step 4 is successful, you will see the following results
docker run -d --name sonarqube-db \
-e POSTGRES_USER=sonar \
-e POSTGRES_PASSWORD=sonar \
-e POSTGRES_DB=sonarqube \
postgres:alpine
#
# Unable to find image 'postgres:alpine' locally
# alpine: Pulling from library/postgres
# 440196fcba86: Download complete
# c97ff27562e7: Download complete
# 2f5a5dbb159e: Download complete
# e64e42d2e378: Download complete
# 0a8fa91fd8dd: Download complete
# 368fad94fbf5: Download complete
# cf04c63912e1: Download complete
# 044d9972b6f9: Download complete
# 1c4b963fa70b: Download complete
# fc336a10ac24: Download complete
# Digest: sha256:14195b0729fce792f47ae3c3704d6fd04305826d57af3b01d5b4d004667df174
# Status: Downloaded newer image for postgres:alpine
# 44c04103a85884090a9cbe479c4dd3c2fa73f4d61c56c35cfaed5c474db52528
Step 5:Â Setup the SonarQube container with a link to PostgresSQL using the following command
On successful completion of Step 5, you will see a hash value. For me it was
docker run -d --name sonarqube \
-p 9000:9000 \
--link sonarqube-db:db \
-e SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonarqube \
-e SONAR_JDBC_USERNAME=sonar \
-e SONAR_JDBC_PASSWORD=sonar sonarqube
#
# b473d891d6f9e842fe2e7ba72b2b0493640ca44552250e6770d6d9468ad1c956
Once SonarQube is up and running, you can access the web interface by opening http://localhost:9000
 (or the appropriate IP address if running on a remote server) in your web browser.
The default login credentials for the first-time login are admin
 for both username and password. Youâll be prompted to change the password after the initial login.
Next, we can see how to configure SonarQube in Android Studio
Configuration
Step 1: In appâs build.gradle
, if we add SonarQube Plugin and other details like this
allprojects {
apply plugin: 'org.sonarqube'
sonar {
properties {
property "sonar.host.url", "http://localhost:9000"
property "sonar.test.inclusions", "src/test/**"
property 'sonar.profile', 'Android Lint'
property "sonar.sourceEncoding", "UTF-8"
property "sonar.projectName", "SonarTestApp"
property "sonar.projectKey", "SonarTestKey"
property "sonar.projectVersion", 1.0.0
property "sonar.login", "sqp_123123kj123k123j123kj123j1k23k123jk132j"
}
}
}
we may get the following error Plugin with id âorg.sonarqubeâ not found
So, we can try this instead (applying plugin outside allprojects and mentioning other details inside allprojects)
plugins {
id "org.sonarqube" version "4.0.0.2929"
}
allprojects {
sonar {
properties {
property "sonar.host.url", "http://localhost:9000"
property "sonar.test.inclusions", "src/test/**"
property 'sonar.profile', 'Android Lint'
property "sonar.sourceEncoding", "UTF-8"
property "sonar.projectName", "SonarTestApp"
property "sonar.projectKey", "SonarTestKey"
property "sonar.projectVersion", 1.0.0
property "sonar.login", "sqp_123123kj123k123j123kj123j1k23k123jk132j"
}
}
}
In the above code, property âsonar.projectVersionâ should match your projectâs versionName
.
Step 2: In gradle.properties
systemProp.sonar.host.url=http://localhost:9000
# (Optional, if not using credentials in build.gradle)
systemProp.sonar.login=your_sonar_username
systemProp.sonar.password=your_sonar_password
Step 3: Finally run your sonar analysis for your project using this command in Android Studio Terminal:
./gradlew sonarqube
You may get the following error if JDK is not installed.
Warning
The operation couldnât be completed. Unable to locate a Java Runtime.
I downloaded suitable JDK Version 17 as my Android Gradle plugin requires Java 17 to run. After installing JDK and typing the same command ./gradlew sonarqube
again
Build was getting failed due to an error.
:: warning
Execution failed for task â:app:sonarqubeâ. > Cannot get property â0.0â on null object
Solution? From Step 2, we should replace property "sonar.projectVersionâ
, 1.0.0
to âsonar.projectVersionâ
, 1.0
(as my projectâs versionName
is 1.0) like this
allprojects {
sonar {
properties {
property "sonar.host.url", "http://localhost:9000"
property "sonar.test.inclusions", "src/test/**"
property 'sonar.profile', 'Android Lint'
property "sonar.sourceEncoding", "UTF-8"
property "sonar.projectName", "SonarTestApp"
property "sonar.projectKey", "SonarTestKey"
property "sonar.projectVersion", 1.0
property "sonar.login", "sqp_123123kj123k123j123kj123j1k23k123jk132j"
}
}
}
:::
After all steps are successful, we will get BUILD SUCCESSFUL message in terminal
View SonarQube Reports:
- Open your SonarQube server URL (usually
http://localhost:9000
) in a web browser. - Log in with your SonarQube credentials.
- You should see your project listed and its code quality metrics.
Screenshots for my sample project has been attached for reference