SonarQube is the leading tool for continuously inspecting the Code Quality and Security of your codebases and guiding development teams during Code Reviews. It is popularly used by developers across to write cleaner and safer code.
With the need to have a self-hosted instance of SonarQube for continuous and automatic code analysis, this is how we achieved it.
Pre-requisites: Docker, DigitalOcean(or any other preferred cloud provider) and a common macOS/Linux terminal knowledge will suffice.
Let’s start !
Steps
1. Create a Digital Ocean Droplet
Login/signup to your DigitalOcean account and from the control panel, create a Droplet. The bare minimum configuration that fulfils SonarQube’s requirements lands us with an Ubuntu machine with 4 GB of RAM. A run-down on the specifications is as follows:
- Image: Distribution — Ubuntu 20.04 (LTS) x64
- Plan: Shared CPU — Basic(Regular Intel) – $20/month (4 GB/2 vCPU, 80 GB SSD disk, 4TB transfer).
Note: The cheaper versions might not work because SonarQube requires at least 2 GB of RAM and 1GB of RAM for the OS. Read more on the minimum requirements here. - Block Storage: None
- Datacenter Region: Choose one that suits you.
- VPC Network: No VPC
- Additional Options: Left all options unticked
- Authentication: SSH keys.
Note: It is highly recommended that you use SSH keys to authenticate. Click on “New SSH Key” and follow the instructions on the screen to create and add an SSH key to your DigitalOcean account. - Finalize and Create: Just create one Droplet. You may also want to Enable backups.
Note the additional cost.
Further help on creating a droplet can be found here.
2. Connect to the droplet through the terminal
Once the droplet is up, click on it to get its IP. Open a terminal on your machine and connect to the droplet using SSH as –
ssh root@<droplet_ip_address>Once your authenticity is verified, you would be able to access the remote machine.
Preferably a good first step would be to cater to the updates.
sudo apt update
sudo apt ugrade3. Install Docker
Based on the docker documentation, following are the steps for installation:
▹ Remove any old versions of Docker:
sudo apt-get remove docker docker-engine docker.io containerd runc▹ Install packages to allow apt to use a repository over HTTPS:
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common▹ Add Docker’s official GPG key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -▹ Add the stable repository:
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"▹ Install the packages:
sudo apt-get install docker-ce docker-ce-cli containerd.io4. Setup the DB – Postgres
Although it is possible to evaluate SonarQube with the embedded database that ships with it, it is highly recommended that you set up an external database as the embedded database will not support upgrading SonarQube or migrating your data to a different database engine. A list of databases that are supported can be found here.
▹ Going forward with Postgres, first, create a Docker network.
docker network create sonarnet▹ Spin up a Postgres container
docker run -d \
--name sonar-postgres \
-p 5432:5432 \
-e POSTGRES_USER=sonarqube \
-e POSTGRES_PASSWORD=sonarqube \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-v /custom/mount:/var/lib/postgresql/data \
--net sonarnet \
postgres:135. Spin up SonarQube
Based on SonarQube’s documentation, following are the necessary steps:
▹ Create the required volumes:
docker volume create --name sonarqube_data
docker volume create --name sonarqube_extensions
docker volume create --name sonarqube_logs▹ Spin up a SonarQube container:
docker run -d \
--name sonarqube \
-p 9000:9000 \
-e SONAR_JDBC_URL=jdbc:postgresql://sonar-postgres:5432/sonarqube \
-e SONAR_JDBC_USERNAME=sonarqube \
-e SONAR_JDBC_PASSWORD=sonarqube \
-v sonarqube_data:/opt/sonarqube/data \
-v sonarqube_extensions:/opt/sonarqube/extensions \
-v sonarqube_logs:/opt/sonarqube/logs \
--net sonarnet \
sonarqube:lts-communityVerify that both the images are added and running using:
docker ps -a
docker psIf you cannot see sonarqube running from the above step, inspects the logs using:
docker logs -f sonarqubeA high probability is that an issue with max virtual memory limit will be shown. It can be fixed using:
sysctl -w vm.max_map_count=262144Restart sonarqube
docker start sonarqubeIf you are unable to access sonar from the droplet IP ( http://<droplet_ip_address>:9000) it could probably be an issue of the firewall blocking the access. Run the following and then restart SonarQube from docker.
ufw allow 9000
ufw allow 22
ufw enableℹ️ Sonar should now be running on http://<droplet_ip_address>:9000. Log in with the default username admin and password admin.
6. Add your project(s) to Sonar
Sonar would by default be allowing us to add our projects manually. So we would need to add the GitHub configuration to import our GitHub repositories to SonarQube. Follow the steps in this document.
- Create an app on GitHub following Step 1 from the above link.
- Install the created app using Step 2
- Link the App on SonarQube using Step 3
7. Configure automatic analysis with GitHub actions
SonarQube needs to be set up to run analysis automatically on code push through GitHub actions. This is a 2-step process.
▹ Create GitHub Secrets
We need to add 2 secrets( SONAR_TOKEN , SONAR_HOST_URL) generated by Sonar to GitHub repository settings.
▹ Add sonar-project.properties to your project
Create a sonar-project.properties file in your repository with the following value:
sonar.projectKey=<username>_<reponame>▹ Set up a workflow YAML file
Create or update your .github/workflows/build.yml YAML file with the following content:
name: Sonar Analysis
on:
push:
branches:
- master # or the name of your main branch
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: docker://sonarsource/sonar-scanner-cli:latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}And, that’s it. We are good to go !!
Commit and push your code on the configured branch. It will automatically trigger analysis and detailed reports can be accessed on the Sonar dashboard.
