Skip to main content

Development

Buy In SonarQube as A Quality Gate for Test Automation

SonarQube (formerly known as Sonar) is widely used as code quality management tool for various projects, providing the functionality to track and improve the quality of the source code. Such functions can also be employed in Test Automation to quantify measurements of the script quality as the nature of automated testing scripts is code.

SonarQube Features for Test Automation

  • Offer customized Metrics for various stakeholders

Every project has various stakeholders, such as the client, project managers, architect, developers and testers, who possess different techniques or knowledge for completing the project. Their focus on project quality is therefore diverse. The Quality Metrics for stakeholders from different groups are surely different, which provides a good circumstance to see the value of SonarQube as this tool offers customized Metrics for various users.  The following table shows a good example of SonarQube quality metrics for different project roles.

  • Support Multiple programming language for a project

Although written in Java, SonarQube can analyze the code in about 20+ different programming languages, including Java, Python, C/C++. Different programming languages can be automatically detected and corresponding language analyzers are invoked. Thus, even the target testing scripts consist of multiple different programming languages, Sonar is still able to track, analyze and create reports about the code quality.

  • Offer Testing rules with industry standards (Code analyzers)

In a bigger picture, SonarQube provides industry rule templates where users can customize quality rules as needed. For automated testing, there are a bunch of rules can be applied. Sample rules are provided in the following:


Other than inspecting existing project’s source code, for automated testing, Sonar may need to deactivate or update some rules upon certain requirements.

Example rules can be removed as below:

Example rules can be updated as below:

Apart from features given above, SonarQube also has great features like DevOps Integration, aggregated dashboards, Time Machine, all of those can help test automation project become more traceable and visible.

How to setup SonarQube by the integration with Database mysql

Setting up SonarQube is straightforward. However, the default database H2 embedded in SonarQube is not recommended for production use because it cannot be scaled.  For better maintenance and scalability, we would propose to replace H2 with another database like mysql. The following is an example of setting up mysql for SonarQube in windows platform.

Prerequisite

  • have Java (Oracle JRE 8 onwards or OpenJDK 8 onwards) installed on your machine.

Steps:

1.Install and set up Database with mysql

a.Download mysql from https://dev.mysql.com/downloads/windows/ and install, then start mysql

b.create a database for sonar, include creating administrator account for accessing the database. for instance, by running below sql, database named Sonar is created with user account sonar and password sonar:

2.Download SonarQube and unzip

3.Update the sonar.properties (located at ${ your sonarQube Path}\conf) for configuration on mysql connection.

4.start the server by clicking StartSonar.bat (located at ${ your sonarQube Path}}\bin\windows-x86-64), check if server is up by url http://localhost:9000/ (9000 is SonarQube’s default port number)

5.Download SonarQube Scanner, add the path into windows’ environment path

6.Update the sonar.properties (located at ${ your SonnarQube Scanner Path}\conf) for sonnarQube server connection along with mysql connection.

7.Go to the project code location and add SonarQube configuration file sonar-project.properties into the root directory of the project, please refer to https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner

8.Go to Command Prompt window and navigate to project path, say example of test automation project TestAutomation is under C:\Code\ , and run “sonar-scanner”command

9.After the sonar-scanner is completed, the Sonar analysis results can be found at http://localhost:9000/projects, as shown in the following:

Please note, if any quality rules need to be customized, please update before running sonar scanner.

More Tips & Tricks

  • SonarQube can’t 100% replace manual review as some complicated logical issues cannot be detected by machines yet.
  • The Best Practice for SonarQube is automating the analysis through CI tools like Jenkins
  • SonarQube provides SonarLint, which is an extension of popular IDEs, to check local code quality before the code is committed.
  • SonarQube can help on promoting builds to downstream environment automatically. For example, if the project code passed the automated smoke testing, the code can be deployed from current environment say Dev environment to the QA environment based on the scripts user created.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Categories
Follow Us