Contents
Local SonarQube analysis
Considerations:
- Some rules are missing in SonarQube Community compared to SonarCloud. This means that some violations might still show up during Pull Request analysis, even if local analysis reported nothing.
- This project is configured so that its integration tests are taken into consideration when calculating code coverage. SonarQube will show these tests as unit tests on the dashboard, as there is currently no native integration test support within Sonar.
Launching SonarQube on a local environment
Run a local instance of SonarQube with:
docker compose -f docker/sonarqube/docker-compose.yml --env-file docker/sonarqube/.env up -d
You should only need to do this once.
Note that the first run may take a while before SonarQube is fully configured - you may want to check the Docker logs for
sonarqube_first_run_setup_backend
to confirm whether the setup is finished successfully.The Java analysis profile is stored in
docker/sonarqube/java_profile.xml
and is automatically restored when first launching the Docker instance.The quality gate is defined in an init script (
docker/sonarqube/import_data.sh
) and is automatically restored when first launching the Docker instance.The imported profile and quality gate are set as default.
Authentication is disabled by default.
The SonarQube instance will become available at http://localhost:9000.
Full analysis
You can run analysis for the whole project (both backend and frontend) by running the following command from the root of this repository:
./mvnw clean verify sonar:sonar -Pfrontend-pre-sonar -Ppitest-full
Backend analysis
You can run a separate analysis for the backend module:
cd backend
./mvnw clean verify sonar:sonar -Ppitest-full
Frontend analysis
You can run a separate analysis for the frontend module:
cd frontend
./mvnw sonar:sonar -Pfrontend-pre-sonar
Verifying results
Visit the Projects SonarQube page and choose the right project.
Generating frontend client code for backend API
Frontend code for communicating with the backend is automatically generated using the following command:
/.mvnw clean verify -Pangular-client-code-gen -DskipTests
The generated code is available in the frontend/src/main/angular/src/backend
directory. Don’t edit those files manually.
Mutation testing
Backity uses Pitest for mutation testing.
Mutation testing is the act of automatically modifying existing code in small ways, then checking if our tests fail. This helps identify areas where tests might pass but don’t truly verify the expected behavior, or where tests are missing entirely.
Generate a full mutation coverage report with the pitest-full
profile:
./mvnw clean test-compile -Ppitest-full
View the report at ./backend/target/pit-reports/index.html
.
The most efficient way to generate a local coverage report during development is with the pitest-new-code
profile:
./mvnw clean test-compile -Ppitest-new-code
This will only analyze code that has been changed compared to the main
Git branch.
Pitest is also used as part of Continuous Integration, using the
pitest-strict
Maven profile, which will fail the build if the mutation threshold is below a certain value.