Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it Possible to Run SonarQube Analysis Through Pre-commit Hooks

I have read several posts on stackoverflow that stated, that the usage of sonar as a pre-commit analysis tool is inefficient, due to the fact that it has to run compilation of the whole project, run its analysis etc.

However, the manual for sonarqube state that there is a sonar.inclusions property for setting the list of files to run analysis on. So I was thinking about running analysis on files that have been changed/modified as a pre-commit hook and failing the commit in case too many issues were added.

As I understood, it is possible to fetch the list of modified and added files through svnlook; there is also the ability to point sonar analyzer to a concrete .properties file (say, the file pointing to a configuration that has only coding rules and cyclomatic complexity and LCOM4 metrics).

However, I fail to understand how to obtain the result of Sonar analysis within the pre-commit hook script and provide, say, a link to the analysis result. Is it at all possible? Are there any real-world, or at least remotely relevant examples of such practices?

Thanks in advance.

like image 687
jiallombardo Avatar asked Sep 29 '13 17:09

jiallombardo


People also ask

Which is used to run the SonarQube analysis?

Developers code in their IDEs and use SonarLint to run local analysis. Developers push their code to their favorite SCM. The Continuous Integration Server triggers an automatic build, and the execution of the Sonar Scanner required to run the SonarQube Analysis.

What are pre-commit hooks used for?

The pre-commit hook is run first, before you even type in a commit message. It's used to inspect the snapshot that's about to be committed, to see if you've forgotten something, to make sure tests run, or to examine whatever you need to inspect in the code.

How do you run a pre-commit hook?

If you want to manually run all pre-commit hooks on a repository, run pre-commit run --all-files . To run individual hooks use pre-commit run <hook_id> . The first time pre-commit runs on a file it will automatically download, install, and run the hook.


1 Answers

However, I fail to understand how to obtain the result of Sonar analysis within the pre-commit hook script and provide, say, a link to the analysis result. Is it at all possible?

From pre-commit, no. At least not if you want your commit to complete. If pre-commit returns anything to the client, the commit is rejected.

pre-commit should only be used for checking the a commit to validate that requirements have been met - check that a commit message has been supplied, if you integrate with a bug tracker make sure that a valid bug ID has been entered, maybe do some security checks that the built-in path-based authorization can't handle.

All hook scripts should be as short and efficient as possible. A long-running pre-commit especially will hold up both the committer and anyone else trying to commit behind him.

For your usage, a post-commit hook may work (except it can't send feedback to the client, so you won't be able to provide a URL), but a better solution would be to use a continuous integration server. This tool will monitor the repository for changes and perform actions you tell it to each time a qualifying commit happens. Use that system to perform your checks and send an email with the results.

like image 183
alroc Avatar answered Sep 26 '22 21:09

alroc