SonarCloud Set Up

There are different ways to set up and use SonarCloud, it’s an enterprise level product for analysing source code to maintain code quality.

OppiaMobile Server

We use the sonar-scanner tool on the command line to analyse the Oppia server source code and submit the results to SonarCloud.

First we create the test coverage report, using the Coverage tool, using:

$ coverage erase
$ coverage run --branch --source=activitylog,api,av,content,gamification,integration,oppia,profile,quiz,reports,summary,viz manage.py test
$ coverage xml -i

Then copy the generated django-oppia/coverage.xml file into the django-oppia/tests/ directory.

Then we run the sonar-scanner using:

/sonar-scanner \
  -Dsonar.projectKey=XXXXXXX \
  -Dsonar.organization=XXXXXXX \
  -Dsonar.sources=. \
  -Dsonar.host.url=https://sonarcloud.io \
  -Dsonar.login=XXXXXXX \
  -Dsonar.exclusions=docs/_build/**/*,tests/**/*,oppiamobile/settings_secret.py \
  -Dsonar.python.coverage.reportPath=./tests/coverage.xml

If you are running with your own SonarCloud account, you’ll need to use your projectKey, organisation and login.

OppiaMobile Android App

The Oppia app source code analysis can be found at: https://sonarcloud.io/project/overview?id=DigitalCampus_oppia-mobile-android

To run the analysis for the app, follow these steps:

  1. First, you previously need to generate the code coverage. (see: Generating App Code Coverage).

  2. Then, from the root of the app code directory, run:

    ./gradlew sonarqube

Note

You will need to set up the secret sonarcloud token for the previous command to work. There are three different ways to do it:

  1. Create an environment variable:

    SONAR_TOKEN=<your_sonarcloud_token>

  2. Create a file named sonarqube.properties in the root of the app code directory. Include the following line inside the file:

    sonar.login=<your_sonarcloud_token>

  3. Include the parameter in the gradlew command:

    ./gradlew sonarqube -Dsonar.login=<your_sonarcloud_token>

Note

If you want to generate sonarcloud analysis for your own sonarcloud project, make sure to update sonarqube.gradle file so it includes the information of your project.