SonarQube and PlatformIO

dpergarc · March 24, 2023, 1:45pm

Hi there,

We are new here in this forum (I am writing in behalf of my team), so first of all, forgive us if we are not writing in the right forum place, or it has been previously discussed already in other old topics.

Coming back to the main topic, we are developing a tailored-made solution with an ESP32 device in both C and C++ programming languages, using the Visual Code Studio and the PlatformIO framework, and we would like to execute a SonarQube instance which is in the company’s cloud already (a Developer Edition in fact) through jenkins in order to evaluate the code quality

Unlike projects which use interpreted languajes such as java, python, etc… the compiled projects need to be built along with the build-wrapper-linux-x86-64 tool, which both are usually called in the same sentence → build-wrapper-linux-x86-64 --out-dir build_wrapper_output_directory make clean all.

The use of CI/CD is not possible due to a gitlab limitations from our company - sad, but true. Apparently, the only way right now is to upload the code and use a build proces in the cloud itself (it has the build-wrapper-linux-x86-64 tool already).

The real issue is the third-party dependance libraries (ESP32 and other needed ones), which we do not know how to link all together in the same build process, and more important, we do not know how to avoid uploading all files to the repository in order to execute the makefile, which would be a bad practice for sure.

We would be glad to hear possible choices we could have in order to achieve the QA tasks.

Thank you very much beforehand, our apologies for the inconveniences, and looking forward to hearing from you.

Kind regards.
Daniel.

Colin · March 27, 2023, 1:39pm

Hey there.

There really seem to be two topics here – one is the ability for you to build your codebase outside your local environment, and the other is executing SonarQube analysis.

You can probably do the latter (at least manually) from your local machine pointing to the SonarQube instance following the documentation for SonarQube and C/C++ analysis. This won’t be automated or happen on every commit, but at least it’s some information.

Being able to do so “automatically” in Jenkins… you’re going to have to figure out that first problem, and we probably won’t be able to provide much help in doing so. Once you have, however, you should be able to apply the same process as you can do manually in an automated fashion on Jenkins.

dpergarc · March 28, 2023, 8:36am

Hi Colin,

Thank you very much for your reply, we were finally able to analyze the code, but ignoring the Jenkins instance (that is to say, we have generated a token from SonarQube, and executed the sonar-scanner pointng to the remote instance with it).

Since Jenkins is an instance managed by another team from our company, we should talk to them in order to install all packages needed for platformio framework (python, pip, etc…), but there a tons of security rules to pass, so I would not bet that we could automatize all processes, and we should have to execute that analysis for every single code change / commit / etc.

In any case, thank you very much for your support, it was very helpful.

Kind regards.
Daniel.