Sonarqube is a code quality inspection tool able to detect bugs, security vulnerabilities and various patterns of code smells. It is highly integrated with Maven and out of the box Java tools but if your are the DevOps guy of a team working on a python project, lost in the middle of Java projects, you might ask yourself: how can I keep my pipeline on tracks. If you are using pytest to run your tests, good news: sending coverage and reports in a Sonarqube friendly format will be fairly easy.
I won't go into the details on how to set things server side. Concerning your project, I'll assume the following structure (adapt to your needs)
your_project/ some_package/ ... __main__.py tests/ some_test.py sonar-project.properties
You should thus add the following
sonar-project.properties file at the root of the repository.
sonar.host.url=https://sonar.somewhere.com:8200 sonar.projectKey=some_key sonar.projectName=some_project sonar.projectVersion=1.0.0 sonar.sources=your_project sonar.sources=tests sonar.language=py sonar.sourceEncoding=UTF-8 # Test Results sonar.python.xunit.reportPath=pytest.xml # Coverage sonar.python.coverage.reportPaths=coverage.xml
Sonarqube expects coverage information and unit tests reports to be send in XML. Both coverage and pytest can export their results in the adequate format using
coverage run --source='./your_project' -m pytest tests --junitxml=pytest.xml coverage xml
This will produce a
pytest.xml and a
coverage.xml file during the pipeline execution. Add the following lines to your
.gitignore in case some messy developer runs these commands on his workstation.
#.gitignore pytest.xml coverage.xml
If the agent running the CI jobs or the docker image you use does not have SonarScanner installed, pre-compiled binaries can be found here. To scan your project and send the coverage and UT report to the server, just add the following command to your pipeline
./path/to/sonar-scanner -Dproject.settings=./sonar-project.properties -Dsonar.password=$password -Dsonar.login=$login
That's all folks