Running SonarQube for some applications inside a monorepo

Hi!
I’m trying to run SonarQube for some applications inside a nx.dev monorepo (all are Node Serverless applications), but I can only get a single one to write the reports. This is what I’ve tried so far:

sonar.properties (I’ve added blank spaces for readability)

sonar.host.url=http://localhost:9000 
sonar.login=admin
sonar.password=admin
sonar.projectKey=myproject
sonar.sourceEncoding=UTF-8

# Comma-separated paths: https://docs.sonarqube.org/latest/analysis/analysis-parameters/
sonar.sources=apps/backend/foo/src,apps/backend/bar/src
sonar.tests=apps/backend/foo/src,apps/backend/bar/src
sonar.exclusions=**/node_modules/**
sonar.test.inclusions=apps/backend/foo/src/**/*.spec.ts,apps/backend/bar/src/**/*.spec.ts

sonar.javascript.lcov.reportPaths=reports/ut_report.xml
sonar.testExecutionReportPaths=reports/ut_report.xml

I’ve set the two env vars jest-junit-reporter requires:

➜  myrepo git:(sonar_research) ✗ echo $TEST_REPORT_FILENAME
./reports/ut_report.xml
➜  myrepo git:(sonar_research) ✗ echo $TEST_REPORT_PATH
./reports

Then I tried to run two tests (from two different applications):

➜ myrepo git:(sonar_research) ✗ node '/myrepo/node_modules/.bin/jest' '/myrepo/apps/backend/foo/src/tests/foo.spec.ts' -c '/myrepo/apps/backend/foo/jest.config.js' --ci --testResultsProcessor="/myrepo/node_modules/jest-junit-reporter"; node '/myrepo/node_modules/.bin/jest' '/myrepo/apps/backend/bar/src/tests/bar.spec.ts' -c '/myrepo/apps/backend/bar/jest.config.js' --ci --testResultsProcessor="/myrepo/node_modules/jest-junit-reporter"

But only the second one generates its reports. So, I’m wondering: is there any way to run the tests (and then Sonar) for only some parts of the monorepo?
Does the Enterprise Edition supports this behavior?

Relevant versions are:

  • SonarQube: Community Edition - Version 9.2.4 (build 50792)
  • SonarScanner: 4.5.0.2216
  • jest-junit-reporter: 1.1.0
  • nx.dev: 12.10.0
  • Node: v12.20.1

Hi,

Welcome to the community!

Sorry, but running your tests is outside the scope of this community.

Fortunately, SonarQube analysis is not. :smiley:

The first step is to pick a different project key for each project in the monorepo, then pass it in to analysis with the correct properties to identify the isolated subset of code that corresponds to the project. And that you can do in any edition.

What Enterprise Edition($$) is support for PR decoration in monorepos.

 
HTH,
Ann

Hi Ann, thanks for your quick reply. How can I set different keys for different submodules? If I try to add two of them in my sonar-project.properties (which is placed at the root level of the monorepo), like this:

sonar.host.url=http://localhost:9000 
sonar.login=admin
sonar.password=admin
sonar.projectKey=foo
sonar.projectKey=bar
...

and then I add other sonar-project.properties files, one per project, then the last key is the one Sonar picks (which makes sense), and the whole monorepo gets analyzed (which is what I don’t want to happen). How should I pass the desired keys as parameters to the scanner?

Hi,

You’re going to need a properties file per sub-project (presumably in a subdirectory…?). Or you’ll need to pass the properties in on the analysis command line using -Dproperty.name=value.

 
HTH,
Ann

Is there any chance that the command line properties don’t work for npm’s scanner? I’ve run:

npm run sonar -Dsonar.projectKey=insurance

and I get an error that says:

ERROR: You must define the following mandatory properties for 'Unknown': sonar.projectKey

Hi,

The npm scanner isn’t ours, so I don’t know much (anything) about it. Perhaps there’s a different format for command line arguments for npm?

And here are the docs for our SonarScanner in case you want to switch horses.

 
Ann

Hi,
I’ve tried to install (hopefully) the official scanner via Homebrew, and then I’ve run an analysis with

sonar-scanner -Dsonar.projectKey=insurance

where insurance is the projectKey I’ve defined in a subdirectory of the monorepo.
However, this seems to analyze the entire monorepo, rather than a specific subdirectory. I suspect this is the case, because inside code (for my project insurance) I can also see other subdirectories, which are the ones I’d like to exclude.
So, maybe these steps aren’t enough to analyze only parts of my monorepo? What could I be missing here?
Thanks!

Hi,

Is sonar.projectKey the only parameter you provided? Is there perhaps a sonar-project.properties file with more? Because sonar.sources defaults to ., so if you launch analysis from project root without specifying a narrowed sonar.sources, then analyzing your entire project is the expected behavior.

You might take a look at the docs I linked. They give you the (real) official scanner download and some direction on getting started with analysis.

 
HTH,
Ann

Thanks! By adding the property sonar-sources to the command, I was able to get the expected behavior. This is the final command:

$ sonar-scanner -Dsonar.projectKey=insurance -Dsonar.sources=./apps/backend/insurance

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.