1 / 31

SonarQube use cases

SonarQube use cases. Helping you make your code better. Why worry about code quality ? cheaper code easier and quicker to test easier to understand quicker time to market quicker turn around and business value. Code quality. Metrics

nkraus
Download Presentation

SonarQube use cases

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SonarQube use cases Helping you make your code better

  2. Why worry about code quality ? cheaper code easier and quicker to test easier to understand quicker time to market quicker turn around and business value Code quality

  3. Metrics Measure aspects of the code that indicate lower code quality Duplication duplicated code is harder to maintain and test Issues and violations bugs, deviations from coding standards, bad practices Test coverage code needs to be tested for correctness How can SonarQube help

  4. Metrics allow you to measure aspects of your code that help you evaluate its quality. There are general metrics that apply to most programming languages, such as number of lines in a function or procedure (how hard is the code to read) cyclometric complexity (how hard is the code to understand and also test) There also ones that are specific to WMB/IIB development, such as length of a flow (the more nodes in a flow the longer it will take to run and the more resources it will use) string manipulation load (how many resource intensive string manipulation functions are called) Metrics

  5. The following shows SonarQube displaying metrics about WMB/IIB code Metrics (cont)

  6. You can then drill down into the metric to find out more Metrics (cont)

  7. SonarQube allows you to detect duplicated ESQL in WMB/IIB code This allows you refactor code that is duplicated to make it easier to maintain. There is a good refence here of why duplicated code is bad - https://en.wikipedia.org/wiki/Duplicate_code Duplication

  8. The following shows code that is found to be duplicated and the location in the file where the duplicated code has been found. Duplication (cont)

  9. SonarQube allows you to report and manage issues and coding violations One way of looking at this is, that it is doing an automatic code review It is looking for deviations from your coding standards such as naming standards, similar to what tools such as checkstyle provide (for Java) - http://checkstyle.sourceforge.net/ It is looking for potential bugs, such as what you would find in Java if you were using PMD - https://pmd.github.io/ or findbugs - http://findbugs.sourceforge.net/, but the tool works specificall for WMB/IIB development (it has rules for ESQL, XSL, Messagflows, Message Maps) Issues and violations

  10. Issues and violations (cont) Below shows how issues and violations are displayed in the SonarQube dashboard

  11. Issues and violations (cont) Below shows a general coding violation i.e. this is undesirable in any programming language. In this case, an unused variable

  12. Issues and violations (cont) Below shows a general coding violation i.e. this is undesirable in any programming language. Another example, an unused method

  13. Issues and violations (cont) The following is a WMB/IIB specific violation. In this case calling copy message headers as well as copy entire message - http://bettercodingtools.com/r164/

  14. Test coverage • Test coverage allows teams to measure how much code that they have tested, so they have more confidence that their tests cover the appropriate businsess logic • We have two (2) methods of capturing test coverage in WMB/IIB • (1) Tracing - http://bettercodingtools.com/message-broker-test-coverage-using-tracing/ • (2) Instrumentation - http://bettercodingtools.com/message-broker-test-coverage/

  15. Test coverage - tracing Tracing allows you to capture ESQL coverage by consuming the WMB/IIB tracing log that is enabled while a test case is running. The following shows a summary of coverage for a project.

  16. Test coverage – tracing (cont) The below shows coverage captured while tracing was enabled during a test case. Green indicates tested, red indicates not tested, orange indicates partially tested.

  17. Test coverage – instrumentation Instrumentation involves manipulating the deployed code to create profile points of what code has been executed. It allows capturing coverage of XSL, ESQL, Java (called from inside a flow) and Messageflow/Subflow files.

  18. Test coverage – instrumentation (cont) The below shows coverage captured while instrumentation was enabled during a test case. Green indicates tested, red indicates not tested, orange indicates partially tested.

  19. DevOPS – CI/CD use cases • The following slides describe processes that teams can look to follow if they are interested in more “contemporary” development methods • CI – Continuous Integration - https://martinfowler.com/articles/continuousIntegration.html • CD – Continuous Delivery - https://martinfowler.com/bliki/ContinuousDelivery.html • DevOPS – Development + Operations - https://dzone.com/articles/the-role-of-unit-tests-in-test-automation

  20. Simple – developer runs SonarQube • A developer can run the analysis to find issues before they commit Developer fixes the code Developer checks out the code and makes changes Developer reads the analysis looking for issues that she can fix or any code that she can improve Developer runs the SonarQube static code analysis

  21. Simple – developer self check (cont) • Allows developers to self correct • Gives immediate feedback • Provides a sanity check • Benefits • Finding issues here means that others have more confidence in the code they are reviewing later on • Issues fixed here are the easiest to address

  22. Build server runs SonarQube • A build server/CI server (Jenkins for example) runs the static code analysis for each change Developers/team leads/delivery manager can inspect the results and apply any further corrective actions CI server emails the results (including any new violations or drops in quality) to the team/s CI server runs the SonarQube static code analysis CI server checks out the code

  23. Build server runs SonarQube (cont) • Benefits • Allows the team to be involved in managing quality • Makes managing code quality more enforceable (all the code is being checked) • Considerations • Can be stressful for developers that may feel they are being attacked if the culture doesn’t lend to feedback loops • Feedback is more delayed

  24. Build server runs tests • The CI/Build server runs tests and static code analysis The team can decide how much testing is enough CI server checks out the code CI server builds the code (a BAR file) CI server runs unit tests and records test coverage, then runs SonarQube static code analysis (with test coverage)

  25. Build server runs tests (cont) • Benefits • With tests to support them, teams can refactor any issues found with the knowledge that tests can help prevent them from introducing bugs – encourages refactoring and reducing technical debt. • Running the tests all the time means that the team gets immediate feedback when there is an issue with the logic – not when testing starts a few weeks/months later • Business users can use tests to help describe the requirements (BDD) • Considerations • Writing tests is often harder then development

  26. Full CI/CD • Teams can use SonarQube as the quality gate that determines if code can go into an environment (test or production). If the tests pass, and the coverage is good and there are no critical issues (good code quality) then teams can deploy. CI builds (BAR files) that are good can be stored for deployment CI server checks out the code (tag or branch) CI server runs unit tests and records test coverage CI server deploys BAR file to test / production CI server runs the Sonarqube static code analysis (with test coverage) and checks against minimum quality thresholds

  27. Where does MB-Precise fit in ? • MB-Precise is a SonarQube plugin • From SonarQube it provides violations (warnings on bad code) and test coverage • Violations and test coverage can be used to determine if a deployment (BAR file in the case of WMB/IIB) should be deployed/installed • Passing tests, low violations (or maybe even 0) and good test coverage are the pre-requisites on whether code can go to production

  28. MB-Precise benefits • Provides code duplication checking for ESQL • Provides test coverage for WMB/IIB • Using “tracing” – easier and less invasive • Provides coverage of ESQL files • http://bettercodingtools.com/message-broker-test-coverage-using-tracing/ • Using “instrumentation” • Provides coverage for ESQL, Messageflows, Java and XSL • http://bettercodingtools.com/message-broker-test-coverage/

  29. MB-Precise benefits (cont) • Currently has 310+ rules for WMB/IIB • http://bettercodingtools.com/mb-rules-complete/ • Currently has 20+ rules for DP (XSL)

  30. More features • Diagram generation: • http://bettercodingtools.com/gallery-images/

  31. Find out more • Our website contains more information: • http://bettercodingtools.com/ • Demos, tutorials and presentations: • http://bettercodingtools.com/gallery-videos/ • You can contact us via our website • http://bettercodingtools.com/contact/ • Or via email • Richard@bettercodingtools.com

More Related