Download the sonar-flow-plugin jar to your working directory. The jar can be found on the GitHub release page.
wget https://github.com/I8C/sonar-flow-plugin/releases/download/v0.1/sonar-flow-plugin-0.1.jarTo install this plugin just add the downloaded jar to your SonarQube server in the plugins folder /opt/sonarqube/extensions/plugins/. You will need to restart your server.
If you do not have a SonarQube server, you can quickly create one using docker. For this part we will use the sonarqube docker image from the docker hub and add the sonar-flow-plugin jar to it. More info about this image can be found on: https://hub.docker.com/_/sonarqube/
In the same directory as the downloaded jar, create a Dockerfile with the following content:
FROM sonarqube
COPY ./sonar-flow-plugin-0.1.jar /opt/sonarqube/extensions/plugins
This will use the official SonarQube image as base and add the jar to the plugins directory of the sonarqube server.
Next is to build this container and run it using following commands:
docker build -t i8c/wm-sonarqube .
docker run -d -p 9000:9000 -p 9092:9092 i8c/wm-sonarqubeNow you should have a running SonarQube server with the sonar-flow-plugin installed on port 9000 of your dockerhost.
The documentation for the scanner can be found here. Download the scanner to your filesystem and unzip it.
wget https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-2.6.1.zip
unzip sonar-scanner-2.6.1.zipNow configure the SonarQube scanner to point to your SonarQube server. This is done using the config file at sonar-scanner-2.6.1/conf/sonar-scanner.properties. The content of this file should look like this:
#No information about specific project should appear here
#----- Default SonarQube server
sonar.host.url=http://192.168.99.100:9000/
#----- Default source code encoding
sonar.sourceEncoding=UTF-8
Go in your filesystem to the webMethods Integration server package you want to check. And make a new file sonar-project.properties with following content:
# Must be unique in a given SonarQube instance
sonar.projectKey=sonar-flow-tutorial
# this is the name displayed in the SonarQube UI
sonar.projectName=Sonar flow plugin tutorial
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file.
sonar.sources=./ns
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
sonar.flow.ignore.toplevel=false
And finally run SonarQube Scanner script inside this directory.
../sonar-scanner-2.6.1/bin/sonar-scanner
Now go to your browser and go to http://<your SonarQube host ip>:9000. Here you'll see that the project "Sonar flow plugin tutorial" has been added and 2 code smells were detected in this Integration server package.
When you look at those 2 issues you'll see that I should have added a comment and removed the savePipeline flow.
