I’m working on a Spring Boot microservice that uses Flyway for managing database migrations. Our SQL migration files contain all the necessary DDL and DML commands for setting up and updating the database schema.
My question is:
- Is it recommended to include these SQL migration files in SonarCloud/SonarQube analysis?
- Or should we configure them to be ignored during the analysis?
On one hand, analyzing SQL could help us catch potential issues or improve overall code quality. On the other hand, these files are typically managed separately and might not follow the same coding standards as our application code.
Has anyone encountered this scenario? What are the best practices or recommended configurations for handling Flyway SQL migration files in SonarCloud?
Thanks in advance for any insights!
Hi @Julian_Campos
Thank you for reaching out to the community with your question. I’ve been involved in numerous discussions about this topic, and it’s great to see it brought up for broader insights.
Indeed, SQL is a language covered by SonarQube, and similar to any other programming language, it has its own set of best practices and needs regular maintenance. However, you do have the option to exclude these files from analysis if you deem it necessary. For example, SQL scripts that are executed only once, such as data migration scripts which might not require ongoing maintenance, could be candidates for exclusion.
I always encourage development teams to engage in a dialogue about this issue to define code quality objectives and prioritize improvement actions. If your team has the resources and is keen on maintaining high-quality SQL covered by unit tests, then it would be beneficial to include these files in the analysis. Conversely, if your current focus is addressing technical debt or refactoring in other areas, like Java business logic layers, you might prioritize those first. The decision really depends on the specific context of your project and the perspectives within your team.
For your information, I have even encountered teams that monitor the quality of their bash script code by using a SonarQube shell plugin—which shows the versatility and extent of what Sonar tools can cover.
I hope this provides some clarity on your query. Please feel free to reach out for further discussion. I’m also keen to hear if anyone in the community has different viewpoints or additional experience with this issue.
Abdel