How do I set up my .rubocop.yml in SonarCloud?

Template for a good new topic, formatted with Markdown:

  • ALM used GitHub
  • CI system used Circle CI
  • Languages of the repository: Ruby

When I open a PR and it realize that the automatic verification of SonarCloud does not take my Rubocop configuration, I have already tried to understand the documentation, but, I just found something for SonarQube, which I do not use. Can someone help me?

I’m not sure what you want to do.

The ruby analyzer has a sonar.ruby.rubocop.reportPaths property which you can use to import a Rubocop json report containing issues raised by rubocop. It doesn’t try to read rubocop configuration.

Hi Pierre, what I’m trying to do is make Sonarcloud identify the Code Smells at the opening of the PRs, and I realized that it doesn’t identify the offenses that Rubocop points out when the PR is opened. Can you give me any suggestions on how to solve this as SonarCloud, or am I just going to get it with Code Climate anyway?

1 Like

I suggest that you update your CI process so that:

  • Rubocop analysis generates a json report. See the Rubocop documentation.
  • SonarCloud analysis is fed a sonar.ruby.rubocop.reportPaths parameter which points to the Rubocop json report.

Sorry, I’m not a Ruby developer and I never used Circle CI nor Code Climate.
Maybe someone else on this community forum can help you better than me.

@marcelotoledo did you find a workaround? I am also trying to solve for this without using any additional tools (pronto etc).

This seems like an old post but here is my 2 cents since I am working on this at the moment if people might still face the problems. We are running rubocop with sonarqube (self hosted) and doing something similar to what Pierre suggested.

Apart from that, we have Rubocop integrated to our code editor and we run a pre-commit hook which:

  • runs the rubocop scan in parallel
  • autocorrects all the issues that is auto-correctable
  • runs all our unit tests to make sure the auto-correct does not break anything

This ensures that the developers are doing their part before even creating a PR, and the rubocop scan that is sent to sonarqube is valid. Hope this answer helps others.