#sonar android上的實踐
1.sonarqube 下載和安裝
1.1 下載地址
1.2 下載好sonarqube後,解壓開啟bin目錄,啟動相應OS目錄下的StartSonar,本方案系統是windows 所以啟動位置在E:\sonarqube-7.5\bin\windows-x86-64\StartSonar 啟動完成之後可以直接訪問http://localhost:9000 或者http://127.0.0.1:9000 ,以管理員身份登入可以安裝中文外掛,以及其他程式碼掃描外掛
1.3 配置
1.3.1 MySql配置
由於sonarqube依賴MySql,所以需要安裝MySql,安裝教程
1.3.2 sonar配置MySql,找到E:\sonarqube-7.5\conf\sonar.properties 新增MySql配置
# User credentials.
# Permissions to create tables, indices and triggers must be granted to JDBC user.
# The schema must be created first.
#sonar.jdbc.username=
#sonar.jdbc.password=
sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
sonar.jdbc.username=root
sonar.jdbc.password=root
sonar.sorceEncoding=UTF-8
//安裝mysql是設定賬戶和密碼
sonar.login=admin
sonar.password=admin
複製程式碼
重啟sonarqube服務,再次訪問http://localhost:9000,會稍微有點慢,因為要初始化資料庫資訊,至此便可以在sonar上面安裝外掛了
接下來可以安裝中文外掛,直接在配置->應用市場->搜尋Chinese Pack然後安裝重啟就可以了
2.利用sonar分析android專案
方式一:利用sonar-scanner分析專案
先現在sonar-scanner,下載地址 下載之後編輯E:\sonar-scanner-3.2.0.1227-windows\conf\sonar-scanner.properties
#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here
#----- Default SonarQube server
sonar.host.url=http://localhost:9000
#----- Default source code encoding
#sonar.sourceEncoding=UTF-8
sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
sonar.jdbc.username=root
sonar.jdbc.password=root
複製程式碼
然後在想要分析的android根目錄下建立一個sonar-project.properties,內容如下
#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here
#----- Default SonarQube server
#sonar.host.url=http://localhost:9000
#----- Default source code encoding
#sonar.sourceEncoding=UTF-8
# must be unique in a given SonarQube instance
sonar.projectKey=StickyNavLayout-demo
# this is the name displayed in the SonarQube UI
sonar.projectName=StickyNavLayout-demo
sonar.projectVersion=7.5
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# Since SonarQube 4.2, this property is optional if sonar.modules is set.
# If not set, SonarQube starts looking for source code from the directory containing
# the sonar-project.properties file.
sonar.sources=E:\workplace\github\StickyNavLayout-demo\app\src
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
複製程式碼
然後在專案根目錄下執行sonar-scanner 進行分析
方式二:Gradle配置(推薦)
做android開發的話,平時都在androidStudio上開發,如果按照方式一的話,每次新專案都要去建立檔案,這樣不是很方便,androidStudio gradle已經為我們新增好sonar-scaner,可以通過下面方式進行配置
根build.gradle配置
apply from: "dependencies.gradle"
apply plugin: 'com.alibaba.arouter'
buildscript {
ext.kotlin_version = '1.2.30'
repositories {
maven { url "http://nexus.zhenai.com/content/repositories/jcenter/" }
#1 配置maven創庫
maven {
url "https://plugins.gradle.org/m2/"
}
google()
jcenter()
}
dependencies {
#2 配置 classpath
classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.2"
classpath 'com.android.tools.build:gradle:3.1.2'
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
classpath 'org.greenrobot:greendao-gradle-plugin:3.2.2'
classpath "com.alibaba:arouter-register:1.0.0"
// classpath "com.mob.sdk:MobSDK:+"
classpath 'com.growingio.android:vds-gradle-plugin:2.4.3'
//用於方便除錯效能問題的列印外掛。給訪法加上@DebugLog,就能輸出該方法的呼叫引數,以及執行時間
classpath 'com.jakewharton.hugo:hugo-plugin:1.2.1'
// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
}
}
#3配置plugin
apply plugin: "org.sonarqube"
#4配置task
sonarqube {
properties {
property "sonar.sourceEncoding", "UTF-8"
}
}
#4配置sonarqube引數
subprojects {
apply plugin: 'eclipse'
apply plugin: 'idea'
repositories {
mavenCentral()
jcenter()
}
sonarqube {
properties {
property "sonar.sources", "src"
property "sonar.java.binaries", "build/intermediates/javac"
property "sonar.host.url", "http://http://10.1.3.40:9000/"
property "sonar.login", "admin"
property "sonar.password", "admin"
property "sonar.jdbc.url", "jdbc:mysql://http://10.1.3.40:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance"
property "sonar.jdbc.driverClassName", "com.mysql.jdbc.Driver"
property "sonar.jdbc.username", "root"
property "sonar.jdbc.password", "root"
}
}
}
allprojects {
repositories {
flatDir {
dirs project(':app').file('libs')
dirs project(':lib_live_agora').file('libs')
}
maven { url "http://nexus.zhenai.com/content/repositories/jcenter/" }
maven { url "http://nexus.zhenai.com/content/repositories/igexin/" }
maven {
//珍愛本地Maven倉庫地址
url "http://nexus.zhenai.com/content/repositories/android-release/"
}
// maven {
//// 電腦本地Maven倉庫地址
// url uri('D:/AndroidStudio/LocalMaven')
// }
maven { url "http://mvn.mob.com/android" }
google()
jcenter()
}
configurations.all {
resolutionStrategy {
force "com.android.support:support-v4:${supportLib}"
force "com.android.support:support-annotations:${supportLib}"
force "com.android.support:appcompat-v7:${supportLib}"
force "com.android.support:design:${supportLib}"
force "com.android.support:recyclerview-v7:${supportLib}"
force "com.android.support:cardview-v7:${supportLib}"
force "com.android.support:design:${supportLib}"
force "com.android.support:support-compat:${supportLib}"
force "com.android.support:support-core-ui:${supportLib}"
force "com.android.support:support-core-utils:${supportLib}"
force "com.android.support:support-fragment:${supportLib}"
force "com.android.support.constraint:constraint-layout:1.1.0"
}
}
}
task clean(type: Delete) {
delete rootProject.buildDir
}
複製程式碼
按照1,2,3,4步驟配置完成之後,然後執行
gradle sonarqube
複製程式碼
方式三:jenkins + jenkins Sonar外掛+sonar-scaner外掛
首先jenkins上按照Sonar外掛
3.jenkins配置
sonar.projectKey=zhenai_consultation
sonar.projectName=zhenai_consultation
sonar.projectVersion=1.0
sonar.sourceEncoding=UTF-8
sonar.sources=app/src,album/src,base/src,cropview/src,im-business/src,lib_live_agora/src,lib_log/src,performancelib/src,push/src,refreshlibrary/src,xrecyclerview/src
sonar.java.binaries = app/build/intermediates/classes
sonar.host.url=http://127.0.0.1:9000/
sonar.login= admin
sonar.password=admin
sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
sonar.jdbc.driverClassName=com.mysql.jdbc.Driver
sonar.jdbc.username=root
sonar.jdbc.password=root
複製程式碼
Task to run :scan JDK:JDK_8 Analysis properties: sonar.projectKey=test sonar.projectName=test sonar.projectVersion=1.0 sonar.sourceEncoding=UTF-8 sonar.sources=app sonar.java.binaries = app/build/intermediates/classes sonar.host.url=http://127.0.0.1:9000/ sonar.login= admin sonar.password=admin sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance sonar.jdbc.driverClassName=com.mysql.jdbc.Driver sonar.jdbc.username=root sonar.jdbc.password=root Additional arguments:-X
4.android lint外掛開發
我們知道,android 自帶一個叫lint的檢查工具,可以檢查android相關無用資源,OverDraw等問題,github上也有一個現成的開源外掛庫但是最新sonar7.5這個庫已經不支援了,sonar7.5變更了很多,所以自己研究開發了一個地址
5.java 自定義規則外掛開發
目前java檢查規則是基於pmd這個外掛進行二次開發,pmd的原理網上也有很多資料介紹,總體是使用java cc 生成解析器來解析原始碼並生成AST(抽象語法樹)
6.kotlin 自定義規則外掛開發
6.1 自帶外掛
目前sonar 已經支援非常多第三方程式碼檢查外掛,例如sonar java,pmd,findbugs等,如果業務需要可以自定義自己外掛
6.2 自定義外掛
1.androidLint 以前sonar6.5之前是有第三方androidlint,但是7.5以後,第三方庫不更新了,只有自己開發了一個 github.com/dengqu/sona…
7 建議開啟的規則
android lint: 1.NewApi 程式碼中使用的某些API高於Manifest中的Min SDK 2.Deprecated 使用已經廢棄的API 3.PxUsage 避免使用px,使用dp 4.DrawAllocation 避免在繪製或者解析佈局(draw/layout)時分配物件。E.g.,Ondraw()中例項化Paint物件。 5.Node can be replaced by a TextView with compound drawables 可優化的佈局:如包含一個Imageview和一個TextView的線性佈局,可被採用CompoundDrawable的TextView代替。 6.Overdraw: Painting regions more than once 如果為RootView指定一個背景Drawable,會先用Theme的背景繪製一遍,然後才用指定的背景,這就是所謂的“Overdraw”。 可以設定theme的background為null來避免。 7.Hardcoded text 8.HashMap can be replaced with SparseArray 9.Layout hierarchy is too deep 10.Layout has too many views Memory allocations within drawing code