Flutter continuous code inspection with Sonarqube

Prerequisites

• DartAnalyzer

The dartanalyzer command performs the same static analysis that you get when you use an IDE or editor that has Dart support. You can customize the analysis using an analysis options file or special comments in Dart source code.

Here’s an example of performing static analysis over all the Dart files under the lib, test, and web directories:

dartanalyzer lib test web

Dart is downloaded by the Flutter SDK in $FLUTTER_HOME/bin/cache/dart-sdk, however, command lines are not on the path by default (dartanalyzer must be on the path).

It is recommended to install Dart SDK separately for more reliability in a CI/CD environment.

• Flutter SDK

Install Flutter as explained on the official documentation page.

SonarQube Installation

SonarQube is an open-source platform for continuous inspection of code quality.

Using Docker:

The images of the Community, Developer, and Enterprise Editions are available on Docker Hub https://hub.docker.com/_/sonarqube

• Start the server by running:

$ docker run -d --name sonarqube -p 9000:9000 <image_name>

• Log in to http://localhost:9000 with System Administrator credentials (login=admin, password=admin).

Advanced configuration

The sonarqube doesn't own a plugin for analyzing dart language and flutter test reports. So we require a custom made plugin (jar) added to sonarqube extensions.

A plugin to enable an analysis of Dart and Flutter projects into SonarQube is available below:

https://github.com/insideapp-oss/sonar-flutter/releases/download/0.2.1/sonar-flutter-plugin-0.2.1.jar

Customized image8

In some environments, it may make more sense to prepare a custom image containing your configuration. A Dockerfile to achieve this may be as simple as:

• Dockerfile

FROM sonarqube

COPY sonar-flutter-plugin-0.2.1.jar   /opt/sonarqube/extensions/plugins

* Build & Run

sudo docker build --tag sonarq .

sudo docker run -d -p 9000:9000 sonarq

Sonar Scanner

The SonarScanner is the scanner to use when there is no specific scanner for your build system.

Source: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.3.0.2102-linux.zip
Installation:

Expand the downloaded file into the directory of your choice. We'll refer to it as $install_directory in the next steps.
Update the global settings to point to your SonarQube server by editing $install_directory/conf/sonar-scanner.properties:

`* Default SonarQube server
sonar.host.url=http://localhost:9000

• Add the $install_directory/bin directory to your path.

export PATH = "$PATH:/$HOME/sonar-scanner/bin"`

Verify your installation by opening a new shell and executing the command sonar-scanner -h (sonar-scanner.bat -h on Windows).

You should get output like this:

usage: sonar-scanner [options]

Options:

-D,--define <arg> Define property
-h,--help Display help information
-v,--version Display version information
-X,--debug Produce execution debug output

Sonar Configuration

Create a sonar-project.properties file at the root of the project :

Project identification

sonar.projectKey=flutter_sample
sonar.projectName=Flutter Sample
sonar.projectVersion=1.0 
Source code location.
Path is relative to the sonar-project.properties file. Defaults to .
Use commas to specify more than one folder.
sonar.sources=lib
sonar.tests=test 
Encoding of the source code. Default is default system encoding.
sonar.sourceEncoding=UTF-8 

Run Analysis

Use the following commands from the root folder to start an analysis:

• Download dependencies
  flutter pub get

• Run tests
  flutter test --machine > tests.output

• Compute coverage (--machine and --coverage cannot be run at once...)
  flutter test --coverage

• Run the analysis and publish to the SonarQube server
  sonar-scanner

Output:

References

https://dart.dev/tools/dartanalyzer
https://www.sonarqube.org/
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
https://docs.sonarqube.org/latest/setup/get-started-2-minutes/
https://hub.docker.com/_/sonarqube
https://github.com/insideapp-oss/sonar-flutter

Comments

[DevonBritton]

Hi there.

I'm using a sample flutter project to test this process and I've got analysis working on my (on-prem but remote) SonarQube server but I'm not getting any code coverage.

I'm using Azure DevOps 2020 and Sonarqube 8.5.1. I'm also using the Flutter Azure DevOps extension as I was having issues running the commands as CMD line tasks.

I would appreciate any assistance...

My yaml pipeline looks like this...

trigger:
branches:
include:
- master
pr: none

jobs:

• job: Test
  pool: Default
  
  steps:

  • task: FlutterInstall@0 displayName: Setup flutter inputs: channel: 'stable' version: 'latest'
  • task: SonarQubePrepare@4 inputs: SonarQube: 'Sonar-direct' scannerMode: 'CLI' configMode: 'file' extraProperties: | # Additional properties that will be passed to the scanner, # Put one key=value per line, example: # sonar.exclusions=*/.bin sonar.login=$(sonar.login) sonar.password=$(sonar.password)
  • task: PowerShell@2 displayName: Setup environment inputs: targetType: 'inline' script: | Write-Host "##vso[task.prependpath]$(JAVA_HOME_11_X64)" Write-Host "##vso[task.setvariable variable=JAVA_HOME;]$(JAVA_HOME_11_X64)" Write-Host "##vso[task.prependpath]$(FlutterToolPath)" Write-Host "##vso[task.prependpath]$(FlutterToolPath)/cache/dart-sdk/bin"

  #- task: FlutterTest@0
  # inputs:
  # projectDirectory: '$(Build.Repository.LocalPath)'

  • task: FlutterCommand@0 displayName: flutter get inputs: arguments: 'flutter pub get'
  • task: FlutterCommand@0 displayName: flutter test inputs: arguments: 'flutter test --machine > tests.output'
  • task: FlutterCommand@0 displayName: flutter test coverage inputs: arguments: 'flutter test --coverage'
  • task: SonarQubeAnalyze@4 displayName: Run analyze

  #- task: SonarQubePublish@4
  # displayName: Run publish
  # inputs:
  # pollingTimeoutSec: '300'