Integrating Sonar cloud with Apex Salesforce

Manasi_Joshi · July 25, 2022, 6:54pm

I am creating pipeline for Apex code using Bitbucket

My code is in apex language

.yml File is as below:

image: gcc:6.5

clone:
  depth: full              # SonarCloud scanner needs the full history to assign issues properly

definitions:
  caches:
    sonar: ~/.sonar/cache  # Caching SonarCloud artifacts will speed up your build
  steps:
    - step: &build-test-sonarcloud
        name: Build, test and analyze on SonarCloud
        caches:
          - sonar
        script:
          - export SONAR_SCANNER_VERSION=4.7.0.2747
          - export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
          - export BW_OUTPUT=$HOME/.sonar/bw-output
          - mkdir -p $BW_OUTPUT
          - curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip
          - unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
          - export PATH=$SONAR_SCANNER_HOME/bin:$PATH
          - curl --create-dirs -sSLo $HOME/.sonar/sonar/build-wrapper-linux-x86.zip https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
          - unzip -o $HOME/.sonar/sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/

          - export PATH=$HOME/.sonar/build-wrapper-linux-x86:$PATH
          - build-wrapper-linux-x86-64 --out-dir $BW_OUTPUT sfdx force:apex:test:run --testlevel RunLocalTests --codecoverage --resultformat tap  --wait 2
          - sonar-scanner -Dsonar.cfamily.build-wrapper-output=$BW_OUTPUT

pipelines:                 # More info here: https://confluence.atlassian.com/bitbucket/configure-bitbucket-pipelines-yml-792298910.html
  branches:
    master:
      - step: *build-test-sonarcloud
  pull-requests:
    '**':
      - step: *build-test-sonarcloud

Error I am facing :

+ build-wrapper-linux-x86-64 --out-dir $BW_OUTPUT sfdx force:apex:test:run --testlevel RunLocalTests --codecoverage --resultformat tap  --wait 2
build-wrapper: execvp: No such file or directory
Skipping cache upload for failed step
Searching for test report files in directories named [test-results, failsafe-reports, test-reports, TestResults, surefire-reports] down to a depth of 4
Finished scanning for test reports. Found 0 test report files.
Merged test suites, total number tests is 0, with 0 failures and 0 errors.

ganncamp · July 26, 2022, 2:31pm

Hi,

Welcome to the community!

It’s not clear to me why you’re using the build-wrapper with Apex. The two don’t go together. Just skip the build-wrapper step and go straight to analysis.

HTH,
Ann

Manasi_Joshi · July 27, 2022, 4:07pm

Hi G Ann Campbell,
Thanks for your response.

I have referred that script from Sonrcloud Documentation.
There was one line as below:

build-wrapper-linux-x86-64 --out-dir $BW_OUTPUT <insert_your_clean_build_command>

I just replaced insert_your_clean_build_command with Salesforce build command.

Can you please guide me with actual script for SF - Sonar Integration?

ganncamp · July 27, 2022, 5:14pm

Hi,

That’s the example for analyzing C, C++ or Objective-C. Not Swift.

When you did the project onboarding, what did it give you?

Ann

Manasi_Joshi · July 28, 2022, 9:36am

Hi,

When I tried to integrate Salesforce Bitbucket repository, Sonar cloud provided some steps to follow. I followed those.
Want to integrate it to check code quality and test code coverage of Salesforce org.

Regards,
Manasi

ganncamp · July 28, 2022, 1:33pm

Hi Manasi,

Could you share the outcome of that? Because this should be fairly simple: check out the code; run your tests; & analyze. The docs have more details.

HTH,
Ann

Manasi_Joshi · July 28, 2022, 4:28pm

Hi,

I checked that documentation. But for Apex the sufficient details are not available is what I can see.
I am referring page: Apex | SonarCloud Docs
However if you can check the same for language JAVA, you can see detailed steps are given on link: Java | SonarCloud Docs

I am struggling in creating .yml file for my pipeline

Regards,
Manasi

ganncamp · July 28, 2022, 4:31pm

Hi Manasi,

With respect, you’re overcomplicating this. The docs are more elaborate for Java because they need to be. For Apex they don’t. Just check out the code and run SonarScanner. That’s really it.

Ann

Manasi_Joshi · July 28, 2022, 4:35pm

Hi,

Can we have a call to discuss this?

Regards,
Manasi

ganncamp · July 28, 2022, 5:29pm

Hi Manasi,

We don’t do calls. Have you tried running the scanner?

Ann

Manasi_Joshi · July 28, 2022, 5:58pm

As per attachment, I am creating Bitbucket Pipeline.
3rd step is to create a bitbucket-pipelines.yml file. There I have doubts. What code I need to add there if I want to analyze Apex code.

For rest all languages I can see sample snippet for .yml file but its not there for Apex.

Regards,
Manasi

ganncamp · July 28, 2022, 7:36pm

Hi Manasi,

Are you saying it cuts off prematurely for Apex? Can you share a screenshot of the full page?

Thx!
Ann

Manasi_Joshi · July 29, 2022, 9:02am

Hi,

Here is the full screenshot.
Here I need to update the script according to Apex.

Regards,
Manasi

ganncamp · July 29, 2022, 1:13pm

Hi,

The screenshot shows that you have been given the steps you need.

Really. That’s all. Just the sonarcloud-scan and then you can check the Quality Gate status with sonarcloud-quality-gate.

Ann

Manasi_Joshi · July 29, 2022, 2:59pm

That script is not generic for each technology. Maven, C, C++ , Java etc will be having different script as per my understanding.

Please correct me if I am wrong.

Regards,
Manasi

ganncamp · July 29, 2022, 3:15pm

Hi,

Manasi,

Yes, Java/Maven/Grade has a different script. C/C++/Objective-C have a different script. C# has a different script. All the rest have exactly the same script.

You are overcomplicating this. Why do you so distrust the instructions given to you by the UI and by me repeatedly?

Ann

Manasi_Joshi · July 30, 2022, 5:55pm

I added the same snippet with some modifications to resolve yml file related errors.
Its giving me error: Container ‘docker’ exceeded memory limit.

Script is:

clone:
depth: full # SonarCloud scanner needs the full history to assign issues properly

definitions:
services:
docker:
memory: 2048

steps:
- step: &build-test-sonarcloud
name: Build, test and analyze on SonarCloud
size: 2x # Double resources available for this step.

    script:
      - pipe: sonarsource/sonarcloud-scan:1.4.0
      - pipe: sonarsource/sonarcloud-quality-gate:0.1.6

pipelines:
default:
- step: *build-test-sonarcloud

ganncamp · August 1, 2022, 11:46am

Hi,

What do you make of that error?

Ann

Manasi_Joshi · August 1, 2022, 2:09pm

HI,

Modified script is:

clone:
  depth: full    # SonarCloud scanner needs the full history to assign issues properly

definitions:
  services:
    docker:
      memory: 5120
  # caches:
   # sonar: ~/.sonar/cache  # Caching SonarCloud artifacts will speed up your build
  steps:
    - step: &build-test-sonarcloud
        name: Build, test and analyze on SonarCloud
        # caches:
          # - node
          # - sonar
        size: 2x # Double resources available for this step.


        script:
          - pipe: sonarsource/sonarcloud-scan:1.4.0
          - pipe: sonarsource/sonarcloud-quality-gate:0.1.6
  
pipelines:
  default:
    - step: *build-test-sonarcloud

Error I am facing is:

Quality Gate failed: Could not fetch quality gate status: b'{"errors":[{"msg":"Analysis with id \\u0027None\\u0027 is not found"}]}'

pipelineLog-{47f970a4-c91a-4d25-a3ae-a6d856de67ed}.txt (23.0 KB)

Full log is attached

ganncamp · August 1, 2022, 3:38pm

Hi,

So you successfully ran analysis! Congrats!

Can you create a new thread for the problem retrieving Quality Gate status, and provide all the details, including your pipeline code and the fact that it’s exactly what was provided by the onboarding?

Ann