文档更新说明
- 2017-09-17 v1.0 初稿
- 2017-09-28 v1.1 增加单元测试相关内容
- 2019-01-02 fix error
项目在研发过程中需要时刻关注代码质量,我们通常会使用 OCLint 工具来生成静态代码分析报告,使用 Slather 生成单元测试覆盖率报告,但这些报告相对来说都太过简陋,而 Sonar Qube 以一种可视化的方法来展示代码中存在的问题,本文将介绍如何使用 Sonar Qube 展示 OCLint 扫描后的报告。
安装软件
这里以 Ubuntu 16.04 为例介绍如何安装 SonarQube,SonarQube 运行依赖几个东西:JDK 和 MySQL,所以在安装 SonarQube 之前需要先安装这两个东西。
安装 JDK 和 MySQL
安装 JDK
- sudo add-apt-repository ppa:webupd8team/java
- sudo apt-get update
- sudo apt-get install oracle-java8-installer
执行上述命令后,在终端里面输入 java -version,如能正常显示 JDK 版本则说明安装成功。
安装 MySQL
- sudo apt-get update
- sudo apt-get install mysql-server
- sudo mysql_secure_installation
安装完毕后,在终端中输入 systemctl status mysql.service,如能有如下输出则说明安装成功:
安装 SonarQube
解压安装包至安装目录
安装包下载地址:https://www.sonarqube.org/downloads/
创建数据库及相应用户
新建数据库
- CREATE DATABASE sonar;
创建用户并赋予权限
- CREATE USER 'sonar' IDENTIFIED BY 'sonar’;
- GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar’;
- GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar’;
- FLUSH PRIVILEGES;
配置数据库访问参数
编辑 <install_directory>/conf/sonar.properties,根据使用的数据库类型配置相应的参数,这里选用了 MySQL 数据库,因而需要配置其用户名、密码以及 jdbc url。
image.png
配置 Web Server
同样编辑 <install_directory>/conf/sonar.properties,设置 Web Server host 主机的 ip、端口以及访问的上下文。
sonar.web.host=192.0.0.1
sonar.web.port=80
sonar.web.context=/sonar
上述配置完成后即可启动 SonarQube:
- On Linux/Mac OS:
bin/<YOUR OS>/sonar.sh start - On Windows:
bin/windows-x86-XX/StartSonar.bat
在实际使用中会出现MySQL 数据库无法访问的情况,通常有如下几种问题:
1.用户没有权限,加权限即可
mysql>GRANT ALL PRIVILEGES ON *.* TO 'sonar'@'%' IDENTIFIED BY 'sonar' WITH GRANT OPTION;
2.默认3306端口只允许本地访问,修改 /etc/mysql/mysql.conf.d/mysqld.cnf
注掉 bind-address = 127.0.0.1
上述软件安装完毕后,SonarQube 就搭建完成,在浏览器中输入 http://192.0.0.1/sonar 即可使用SonarQube 来检查代码质量。
SonarQube 默认并不支持对 Objective-C 代码质量扫描,官方提供的插件每年需要3000欧,对于普通开发者来说太贵,幸好 Github 上有开源的插件,下载好源码后使用 Maven 编译后将 jar 包放置 <install_directory>/extensions/plugins 目录中,重启 SonarQube后在系统控制面板中如能看到如下内容则说明安装成功。
image.png
编写脚本生成 OCLint 报告并上传至 SonarQube
软件安装
OCLint 所需软件请翻阅 OCLint 代码静态分析 ,OCLint 生成的 pmd 文件需要通过 sonar-scanner 上传至 SonarQube,下载地址:https://github.com/SonarSource/sonar-scanner-cli/releases
配置
sonar-project.properties
在项目根目录添加 sonar-project.properties,配置内容如下:
##########################
# Required configuration #
##########################
sonar.projectKey=tztHuaTaiZLMobile
sonar.projectName=tztHuaTaiZLMobile
sonar.projectVersion=4.3.0
sonar.language=objc
# Project description
sonar.projectDescription=tztHuaTaiZLMobile
# Path to source directories
sonar.sources=tztHuaTaiZLMobile
# Path to test directories (comment if no test)
# sonar.tests=testSrcDir
# Destination Simulator to run tests
# As string expected in destination argument of xcodebuild command
# Example = sonar.swift.simulator=platform=iOS Simulator,name=iPhone 6,OS=9.2
sonar.objectivec.simulator=iOS Simulator,name=iPhone 7,OS=10.3.1
# Xcode project configuration (.xcodeproj or .xcworkspace)
# -> If you have a project: configure only sonar.objectivec.project
# -> If you have a workspace: configure sonar.objectivec.workspace and sonar.objectivec.project
# and use the later to specify which project(s) to include in the analysis (comma separated list)
# sonar.objectivec.project=myApplication.xcodeproj
sonar.objectivec.workspace=tztMobileApp_HTSC.xcworkspace
# Scheme to build your application
sonar.objectivec.appScheme=tztHuaTaiZLMobile
# Scheme to build and run your tests (comment following line of you don't have any tests)
# sonar.objectivec.testScheme=myApplicationTests
##########################
# Optional configuration #
##########################
# Encoding of the source code
sonar.sourceEncoding=UTF-8
# JUnit report generated by run-sonar.sh is stored in sonar-reports/TEST-report.xml
# Change it only if you generate the file on your own
# The XML files have to be prefixed by TEST- otherwise they are not processed
# sonar.junit.reportsPath=sonar-reports/
# Cobertura report generated by run-sonar.sh is stored in sonar-reports/coverage.xml
# Change it only if you generate the file on your own
# sonar.objectivec.coverage.reportPattern=sonar-reports/coverage*.xml
# OCLint report generated by run-sonar.sh is stored in sonar-reports/oclint.xml
# Change it only if you generate the file on your own
sonar.objectivec.oclint.report=build/sonar-reports/oclint.xml
# FauxPas report generated by run-sonar.sh is stored in sonar-reports/fauxpas.json
# Change it only if you generate the file on your own
# sonar.objectivec.fauxpas.report=sonar-reports/fauxpas.json
# Paths to exclude from coverage report (tests, 3rd party libraries etc.)
# sonar.objectivec.excludedPathsFromCoverage=pattern1,pattern2
sonar.objectivec.excludedPathsFromCoverage=.*Tests.*,.*Specs.*
# Project SCM settings
# sonar.scm.enabled=true
# sonar.scm.url=scm:git:https://...
编写脚本生成 OCLint 报告并上传 SonarQube
在项目根目录添加 scripts 目录,并在该目录下新建shell脚本,脚本内容如下:
#!/bin/sh
function testIsInstalled() {
hash $1 2>/dev/null
if [ $? -eq 1 ]; then
echo >&2 "ERROR - $1 is not installed or not in your PATH"; exit 1;
fi
}
echo "change to parent folder"
cd ..
echo "check xcodebuild, oclint installed is installed"
testIsInstalled xcodebuild
testIsInstalled xcpretty
testIsInstalled oclint
echo "xcodebuild clean"
xcodebuild clean -workspace DemoApp.xcworkspace \
-scheme tztHuaTaiZLMobile
echo "xcodebuild analyze | tee xcodebuild.log | xcpretty --report json-compilation-database"
xcodebuild -workspace DemoApp.xcworkspace \
-configuration Debug \
-scheme DemoApp analyze COMPILER_INDEX_STORE_ENABLE=NO | tee xcodebuild.log | \
xcpretty -r json-compilation-database
echo "mv compilation_db.json compile_commands.json"
mv ./build/reports/compilation_db.json ./compile_commands.json
echo "check folder existence"
if [ ! -d "build/sonar-reports" ]; then
mkdir -p build/sonar-reports
fi
echo "oclint-json-compilation-database"
oclint-json-compilation-database \
-v \
-- \
-report-type pmd -o build/sonar-reports/oclint.xml \
-max-priority-1=99999 -max-priority-2=99999 -max-priority-3=99999 \
-rc LONG_METHOD=300 \
-rc LONG_VARIABLE_NAME=50 \
-rc LONG_CLASS=3000 \
-rc NCSS_METHOD=300 \
-rc NESTED_BLOCK_DEPTH=8 \
echo "upload generated oclint report to sonar qube server"
sonar-scanner -X
echo "clean up"
rm -rf .scannerwork
rm -rf xcodebuild.log
rm -rf compile_commands.json
rm -rf build/sonar-reports/oclint.xml
结果展示
报告上传后,SonarQube 会根据报告内容生成可视化的界面,描述每一项存在的问题,如可能存在的 Bug、代码缺陷、需要重构的代码块等等。
本项目分析完毕后效果如下图所示:
image.png
fix error
1.oclint: error: one compiler command contains multiple jobs:
运行环境:MacOS 10.14.2, XCode Version 9.4, OCLint 0.13.
xcodebuild执行命令中添加COMPILER_INDEX_STORE_ENABLE=NO参数选项。
1.cd current project folder
2.xcodebuild -target Target -configuration Debug -scheme Scheme -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 6' CLANG_ENABLE_MODULE_DEBUGGING=NO CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO ENABLE_BITCODE=NO COMPILER_INDEX_STORE_ENABLE=NO | tee xcodebuild.log | xcpretty -r json-compilation-database --output compile_commands.json
3.oclint-json-compilation-database -- -max-priority-1 '10' -max-priority-2 '2000' -max-priority-3 '5000' -report-type pmd -o pmd.xml
2.pre-commit can not execute fastlane in SourceTree
>>> source ~/.bash_profile
>>> open ~/Applications/SourceTree.app
3.CocoaPods requires your terminal to be using UTF-8 encoding and it aborts to run pod
>>> export LANG=en_US.UTF-8
