How to configure a sonar-project.properties file in order to scan an Android Project from Gitlab?

keio · February 23, 2023, 11:41am

Hello,
I am a new user of SonarQube and I am trying to deploy it through Gitlab.
I am using gitlab-runner 15.5.0 with SonarScanner 4.8.0.2856 and trying to analyze an Android project that has the following structure:

/<repository-name>
    /src
    |    /androidTest       (root folder for Android instrumentation test sources and resources)
    |    |    /java         (root folder for instrumented Java test classes)
    |    |    /kotlin       (root folder for instrumented Kotlin test classes)
    |    |    /resources    (root folder for instrumented test resources)
    |    /docs              (root folder for all technical documentation files)
    |    |    /asciidoc     (root folder for all Asciidoc source files including plantuml diagrams and images)    
    |    /main              (root folder for all module sources and resources)
    |    |    /aidl         (root folder for Android IPC interface definitions)
    |    |    /java         (root folder for Java implementation classes and interfaces)
    |    |    /kotlin       (root folder for Kotlin implementation classes and interfaces)
    |    |    /res          (root folder for Android resources)
    |    |    /resources    (optional root folder for resources in case of a common JAR lib)
    |    /test              (root folder for all test sources and resources)
    |    |    /java         (root folder for Java unit test classes)
    |    |    /kotlin       (root folder for Kotlin unit test classes)
    |    |    /resources    (root folder for test resources)

I am having two stages in my pipeline, one that builds the project and creating the artifacts and one responsible for scanning the project:

stages:
  - build
  - scan

build-project:
  stage: build
  script: 
    - gradle clean build
  artifacts:
    paths:
      - build/reports
      - build/test-results

scan-project:
  stage: scan
  script:
     - sonar-scanner -Dsonar.coverage.jacoco.xmlReportPaths=build/reports/coverage/unitTest/debug/report.xml
  dependencies:
    - build-project

Currently I am having my sonar-project.proerties file as such:

# Required metadata
sonar.projectKey=<my project key>
sonar.projectName=<my project name>

# Paths to source directories
sonar.sources=src/main
sonar.tests=src/test, src/androidTest


#Android settings

sonar.android.resourcePaths=src/main/res 

# Instrumentation test coverage settings
sonar.android.tests=src/androidTest/java

# Comma-separated paths to directories containing test resources
sonar.test.exclusions=**/*.java,**/*.kt
sonar.test.inclusions=src/test/,src/androidTest/

# Custom rules
sonar.profile=Sonarqube_rules_Kotlin.xml

# quality gate rules
sonar.qualitygate.wait=true

# add coverage plugin
sonar.java.coveragePlugin=jacoco

# report paths
sonar.coverage.jacoco.xmlReportPaths=build/reports/coverage/unitTest/debug/report.xml

# Language of the source code
sonar.language=kotlin

I would like to ask if this is a correct configuration and what a best practice for writing my sonar-project.properties file should be?

Colin · February 24, 2023, 2:00pm

Hey there.

If you’re already using Gradle to build your code, I suggest using the SonarScanner for Gradle to analyze it. It save lot of manual (error-prone) configuration.

keio · March 1, 2023, 11:41am

Thanks for your reply. I suppose that, then the build.gradle file will contain all of these properties that were put on the sonar-project.properties file. Something like this:

plugins {
  id "org.sonarqube" version "3.3"
}

sonarqube {
  properties {
    // Required metadata
    property "sonar.projectKey", "<my project key>"
    property "sonar.projectName", "<my project name>"

    // Paths to source directories
    property "sonar.sources", "src/main"
    property "sonar.tests", "src/test,src/androidTest"

    // Android settings
    property "sonar.android.resourcePaths", "src/main/res"

    // Instrumentation test coverage settings
    property "sonar.android.tests", "src/androidTest/java"

    // Comma-separated paths to directories containing test resources
    property "sonar.test.exclusions", "**/*.java,**/*.kt"
    property "sonar.test.inclusions", "src/test/,src/androidTest/"

    // Custom rules
    property "sonar.profile", "Sonarqube_rules_Kotlin.xml"

    // Quality gate rules
    property "sonar.qualitygate.wait", "true"

    // Add coverage plugin
    property "sonar.java.coveragePlugin", "jacoco"

    // Report paths
    property "sonar.coverage.jacoco.xmlReportPaths", "build/reports/coverage/unitTest/debug/report.xml"

    // Language of the source code
    property "sonar.language", "kotlin"
  }
}

And then as a command from Gitlab I guess I need to do this?

scan-project:
  stage: scan
  
  script:
    - gradle sonarqube

Colin · March 1, 2023, 4:09pm

You should really not need to set anything more than sonar.projectKey and sonar.projectName. The rest that you list (except sonar.qualitygate.wait) either don’t exist, or are handled by the Scanner for Gradle itself.

Yes – but it should be done in the same context as gradle build (so that information from the build is avalible to gradle sonarqube)

keio · April 11, 2023, 12:47pm

i have set the sonar.projectKey and sonar.projectName (only those) in build.gradle as you suggested but the message I receive from gradle test sonar command in Gitlab CI is the following:


Please, make sure your "sonar.junit.reportPaths" property is configured properly

Colin · April 13, 2023, 12:11pm

Hey there.

Is this message prefixed with more details? Like:

Resource not found: com.sammy.service.JavaFareTest under the directory /Users/samuelifere/IdeaProjects/codingChallenges while reading test reports. Please, make sure your "sonar.junit.reportPaths" property is configured properly

keio · April 14, 2023, 10:23am

Hi! Yes this is the complete message

Resource not found: com.elektrobit.aak.aakeb.LanguageLayoutsTest under the directory /builds/aak/aak while reading test reports. Please, make sure your "sonar.junit.reportPaths" property is configured properly

Resource not found: com.elektrobit.aak.aakeb.SampleJavaUnitTest under the directory /builds/aak/aak while reading test reports. Please, make sure your "sonar.junit.reportPaths" property is configured properly

The thing is that this message is shown when i add sonar task in the gradle command. For example,

gradle clean check sonar or gradle clean test sonar. if sonar task is not added, the i don’t see the message.

Colin · April 15, 2023, 8:05am

Sure.

So I guess the next question is: does this Test exist in your compiled binaries?

keio · April 15, 2023, 1:40pm

Right thanks.

I can see it in the artifacts exported.

My next question regards instrumentation tests on emulator. I run gradle connectedAndroidTest but i see no coverage exported on SonarQube. For unit Tests i can see coverage but not for instrumented android tests.

I have this property set in my build.gradle


    property "sonar.coverage.jacoco.xmlReportPaths", "build/reports/coverage/unitTest/debug/report.xml, build/reports/coverage/unitTest/release/report.xml,build/outputs/androidTest-results/connected/TEST-Car_Goldfish-1680164256(AVD) - 12-_-.xml"
    property "sonar.androidLint.reportPaths", "build/reports/lint-results-debug.xml"
    property "sonar.android.resourcePaths", "src/main/res,src/main/assets,src/main/AndroidManifest.xml"