Automatic Code Review with SonarQube and Jenkins Part 1/2
A good way to improve code quality is to use code review. Often teams recoil from code review because it demands a lot of time. An alternative could be an automated code review system that checks your code for compliance with certain metrics and rules. With the Cloudogu EcoSystem you can implement such a system based on SCM-Manager, Jenkins and SonarQube. In this first part we will show you how to configure SCM-Manager and Jenkins. The second part will be about extending the system by integrating SonarQube.
Code Reviews based on Jenkins and Sonarqube
The automated code review system is designed to provide feedback quickly after a push. It checks whether the code can be build or not as well as for the success of unit tests. By integrating SonarQube you can define individual rules and metrics that need to be met in order to save changes to the master branch. In this system each developer uses his own branch for his changes and only if there is no violation (i.e the project can be build) the modifications are merged to the master branch.
After a push to the repository SCM-Manager invokes a build in Jenkins. Jenkins in turn merges the changes from the developer branch into the master branch and builds the project. If there are no problems during the build, Jenkins publishes the merged master branch to the central repository in SCM-Manager. If there are problems merge doesn’t get published. The developer gets the information that there was a problem during the build from Jenkins and the code needs to be modified to be published.
The automated code review system can be used for Git and Mercurial repositories.
Implementation for SCM-Manager and Jenkins
Because the automated code review is based on individual development branches for each developer it is necessary to install the scm-branchwp-plugin. After the installation of the plugin and the restart of SCM-Manager you can start granting permissions to the repository and branches:
- Each developer needs write permissions to the repository in the Permissions tab.
- Add permissions to the branches in the Branch Write Protection tab.
- The user that is configured in the Jenkins tab needs access to the master branch.
- Each developer needs access to his own development branch.
Hint: It isn’t necessary to add each user individually. You can use a group for all developers and a variable, e.g. username.
After this configuration is done, SCM-Manager is prepared for the automated code review process.
The necessary adjustments to the project configuration in Jenkins is done in the Configure screen of each project. Basically you have to perform three modifications:
- Enter the development branches with wildcards for the usernames in the Branches to build field.
- Click on Advanced beneath Branches to build, check the box Merge before build and enter master as Branch to merge to.
- Add Git Publisher as Post-build Action to the project and select the two checkboxes.
Hint: Git Publisher should be placed above Sonar as Post-build Action.
That’s it for the basic configuration of Jenkins to implement the automated code review.
SonarQube is next
This configuration of SCM-Manager and Jenkins provides the developer with feedback about the changes he made and the master branch gets protected from build braking changes. It is possible to extend the automated code review by adding metrics of the SonarQube analysis as a requirement that needs to be met to merge changes to the master branch. The necessary configuration we will show in the second part of this post.