I had the challenge to set up code analysis on a codebase that is built on Jenkins as a build server. My team decided to use SonarQube as a tool for static analysis in order to detect bugs, code smells, security vulnerabilities and find some areas of improvement in our code, which by the way is written in C#.
What I had as available tools on the Jenkins server (installed in my workplace environment) were the following ones:
- MSBuild - for compiling and building the code;
- SonarScanner for MSBuild - for static analysis;
- vstest.console.exe - for running the unit tests;
- CodeCoverage.exe - for analyzing the output of the execution of the unit tests and calculate the code coverage and transform it into readable XML format;
Although I tried to install all of them including Jenkins server on my local machine and instead of CodeCoverage.exe tool which is available only with Visual Studio Enterprise edition I used dotCover from JetBrains, but the steps are similar and that is a story of its own and I'll skip it for now.
I'll write down for my future reference in case I need the same pipe.
Configure Job
The steps are the following.:
1. In the Configure Job page, in the Build section is placed build step "SonarScanner for MSBuild - Begin Analysis".
2. Then the next build step is executing the MSBuild command with its appropriate parameters such as the solution file etc...
3. Then the next build step is executing a windows batch with two commands. The first one which deletes the TestResults folder and its content. And the second one is running the vstest.console.exe with its appropriate parameters such as the unit test DLL's and /Logger: "trx" /Enablecodecoverage: true
4. Then the next build step is Windows Powershell where we're getting the TestResults.coverage file which is generated by the vstest.console.exe tool and placed in special folder $dir\$testdir\In\$env:computername\ (the $testdir is GUID-alike-name) and putting it in more meaningful folder such as TestResults and after that, we are executing the CodeCoverage.exe tool and producing the output: "TestResults\TestResults.coveragexml" which then is passed in the first step as a parameter to the SonarScanner (/d:sonar.cs.vscoveragexml.reportsPaths=TestResults\TestResults.coveragexml).
5. And the final build step is "SonarScanner for MSBuild - end analysis". Don't forget this step. It is important to close the flow.
Sonar server config
Before configured Jenkins job is executed, we need to set up the things on the Sonar server-side such as the quality gate and quality profile. But what is very important is to set up the keys that are passed from the SonarScanner and those are the unit tests and code coverage results. Therefore in the Administration section, we're placing values for the "Visual Studio Unit Tests (XML) Reports Paths" and "Visual Studio Test Reports Paths" as displayed in the print-screen below.
Sonar dashboard
And finally, after the Jenkins job finishes and a warm feeling in the chest comes as the satisfaction of the won struggle with the tools mentioned above. Now
