sonar android上的實踐

#sonar android上的實踐

---

1.sonarqube 下載和安裝

1.1 下載地址

1.2 下載好sonarqube後，解壓開啟bin目錄，啟動相應OS目錄下的StartSonar，本方案系統是windows 所以啟動位置在E:\sonarqube-7.5\bin\windows-x86-64\StartSonar 啟動完成之後可以直接訪問http://localhost:9000 或者http://127.0.0.1:9000 ，以管理員身份登入可以安裝中文外掛，以及其他程式碼掃描外掛

1.3 配置

1.3.1 MySql配置

由於sonarqube依賴MySql,所以需要安裝MySql，安裝教程

1.3.2 sonar配置MySql,找到E:\sonarqube-7.5\conf\sonar.properties 新增MySql配置

# User credentials.
# Permissions to create tables, indices and triggers must be granted to JDBC user.
# The schema must be created first.
#sonar.jdbc.username=
#sonar.jdbc.password=
sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
sonar.jdbc.username=root
sonar.jdbc.password=root
sonar.sorceEncoding=UTF-8
//安裝mysql是設定賬戶和密碼
sonar.login=admin
sonar.password=admin

複製程式碼

重啟sonarqube服務，再次訪問http://localhost:9000，會稍微有點慢，因為要初始化資料庫資訊，至此便可以在sonar上面安裝外掛了

接下來可以安裝中文外掛，直接在配置->應用市場->搜尋Chinese Pack然後安裝重啟就可以了

2.利用sonar分析android專案

方式一：利用sonar-scanner分析專案

先現在sonar-scanner,下載地址 下載之後編輯E:\sonar-scanner-3.2.0.1227-windows\conf\sonar-scanner.properties

#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here

#----- Default SonarQube server
sonar.host.url=http://localhost:9000

#----- Default source code encoding
#sonar.sourceEncoding=UTF-8
sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
sonar.jdbc.username=root
sonar.jdbc.password=root
複製程式碼

然後在想要分析的android根目錄下建立一個sonar-project.properties，內容如下

#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here

#----- Default SonarQube server
#sonar.host.url=http://localhost:9000

#----- Default source code encoding
#sonar.sourceEncoding=UTF-8


# must be unique in a given SonarQube instance
sonar.projectKey=StickyNavLayout-demo
# this is the name displayed in the SonarQube UI
sonar.projectName=StickyNavLayout-demo
sonar.projectVersion=7.5
 
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# Since SonarQube 4.2, this property is optional if sonar.modules is set. 
# If not set, SonarQube starts looking for source code from the directory containing 
# the sonar-project.properties file.
sonar.sources=E:\workplace\github\StickyNavLayout-demo\app\src
 
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
複製程式碼

然後在專案根目錄下執行sonar-scanner 進行分析

方式二：Gradle配置（推薦）

做android開發的話，平時都在androidStudio上開發，如果按照方式一的話，每次新專案都要去建立檔案，這樣不是很方便，androidStudio gradle已經為我們新增好sonar-scaner，可以通過下面方式進行配置

根build.gradle配置

apply from: "dependencies.gradle"
apply plugin: 'com.alibaba.arouter'
buildscript {
    ext.kotlin_version = '1.2.30'
    repositories {
        maven { url "http://nexus.zhenai.com/content/repositories/jcenter/" }
        
        #1 配置maven創庫
        maven {
            url "https://plugins.gradle.org/m2/"
        }
        
        google()
        jcenter()
    }
    dependencies {
        #2 配置 classpath
        classpath "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.6.2"
        classpath 'com.android.tools.build:gradle:3.1.2'
        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
        classpath 'org.greenrobot:greendao-gradle-plugin:3.2.2'
        classpath "com.alibaba:arouter-register:1.0.0"
//        classpath "com.mob.sdk:MobSDK:+"
        classpath 'com.growingio.android:vds-gradle-plugin:2.4.3'
        //用於方便除錯效能問題的列印外掛。給訪法加上@DebugLog，就能輸出該方法的呼叫引數，以及執行時間
        classpath 'com.jakewharton.hugo:hugo-plugin:1.2.1'
        // NOTE: Do not place your application dependencies here; they belong
        // in the individual module build.gradle files

    }
}

#3配置plugin
apply plugin: "org.sonarqube"

#4配置task
sonarqube {
    properties {
        property "sonar.sourceEncoding", "UTF-8"
    }

}

#4配置sonarqube引數
subprojects {
    apply plugin: 'eclipse'
    apply plugin: 'idea'

    repositories {
        mavenCentral()
        jcenter()
    }

    sonarqube {
        properties {
            property "sonar.sources", "src"
            property "sonar.java.binaries", "build/intermediates/javac"
            property "sonar.host.url", "http://http://10.1.3.40:9000/"
            property "sonar.login", "admin"
            property "sonar.password", "admin"
            property "sonar.jdbc.url", "jdbc:mysql://http://10.1.3.40:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance"
            property "sonar.jdbc.driverClassName", "com.mysql.jdbc.Driver"
            property "sonar.jdbc.username", "root"
            property "sonar.jdbc.password", "root"
        }

    }
}

allprojects {
    repositories {
        flatDir {
            dirs project(':app').file('libs')
            dirs project(':lib_live_agora').file('libs')
        }
        maven { url "http://nexus.zhenai.com/content/repositories/jcenter/" }
        maven { url "http://nexus.zhenai.com/content/repositories/igexin/" }
        maven {
            //珍愛本地Maven倉庫地址
            url "http://nexus.zhenai.com/content/repositories/android-release/"
        }
//        maven {
////            電腦本地Maven倉庫地址
//            url uri('D:/AndroidStudio/LocalMaven')
//        }
        maven { url "http://mvn.mob.com/android" }
        google()
        jcenter()
    }
    configurations.all {
        resolutionStrategy {
            force "com.android.support:support-v4:${supportLib}"
            force "com.android.support:support-annotations:${supportLib}"
            force "com.android.support:appcompat-v7:${supportLib}"
            force "com.android.support:design:${supportLib}"
            force "com.android.support:recyclerview-v7:${supportLib}"
            force "com.android.support:cardview-v7:${supportLib}"
            force "com.android.support:design:${supportLib}"
            force "com.android.support:support-compat:${supportLib}"
            force "com.android.support:support-core-ui:${supportLib}"
            force "com.android.support:support-core-utils:${supportLib}"
            force "com.android.support:support-fragment:${supportLib}"
            force "com.android.support.constraint:constraint-layout:1.1.0"
        }
    }
}




task clean(type: Delete) {
    delete rootProject.buildDir
}

複製程式碼

按照1，2,3,4步驟配置完成之後，然後執行

gradle sonarqube
複製程式碼

方式三：jenkins + jenkins Sonar外掛+sonar-scaner外掛

首先jenkins上按照Sonar外掛

3.jenkins配置

sonar.projectKey=zhenai_consultation
sonar.projectName=zhenai_consultation
sonar.projectVersion=1.0
sonar.sourceEncoding=UTF-8
 sonar.sources=app/src,album/src,base/src,cropview/src,im-business/src,lib_live_agora/src,lib_log/src,performancelib/src,push/src,refreshlibrary/src,xrecyclerview/src
sonar.java.binaries = app/build/intermediates/classes
 sonar.host.url=http://127.0.0.1:9000/
 sonar.login= admin
 sonar.password=admin
 sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
 sonar.jdbc.driverClassName=com.mysql.jdbc.Driver
 sonar.jdbc.username=root
 sonar.jdbc.password=root
複製程式碼

Task to run :scan JDK:JDK_8 Analysis properties: sonar.projectKey=test sonar.projectName=test sonar.projectVersion=1.0 sonar.sourceEncoding=UTF-8 sonar.sources=app sonar.java.binaries = app/build/intermediates/classes sonar.host.url=http://127.0.0.1:9000/ sonar.login= admin sonar.password=admin sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/qjfsonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance sonar.jdbc.driverClassName=com.mysql.jdbc.Driver sonar.jdbc.username=root sonar.jdbc.password=root Additional arguments:-X

4.android lint外掛開發

我們知道，android 自帶一個叫lint的檢查工具，可以檢查android相關無用資源，OverDraw等問題，github上也有一個現成的開源外掛庫但是最新sonar7.5這個庫已經不支援了，sonar7.5變更了很多，所以自己研究開發了一個地址

5.java 自定義規則外掛開發

目前java檢查規則是基於pmd這個外掛進行二次開發，pmd的原理網上也有很多資料介紹，總體是使用java cc 生成解析器來解析原始碼並生成AST(抽象語法樹)

6.kotlin 自定義規則外掛開發

6.1 自帶外掛

目前sonar 已經支援非常多第三方程式碼檢查外掛，例如sonar java,pmd,findbugs等，如果業務需要可以自定義自己外掛

6.2 自定義外掛

1.androidLint 以前sonar6.5之前是有第三方androidlint,但是7.5以後，第三方庫不更新了，只有自己開發了一個 github.com/dengqu/sona…

7 建議開啟的規則

android lint: 1.NewApi 程式碼中使用的某些API高於Manifest中的Min SDK 2.Deprecated 使用已經廢棄的API 3.PxUsage 避免使用px，使用dp 4.DrawAllocation 避免在繪製或者解析佈局(draw/layout)時分配物件。E.g.,Ondraw()中例項化Paint物件。 5.Node can be replaced by a TextView with compound drawables 可優化的佈局：如包含一個Imageview和一個TextView的線性佈局，可被採用CompoundDrawable的TextView代替。 6.Overdraw: Painting regions more than once 如果為RootView指定一個背景Drawable，會先用Theme的背景繪製一遍，然後才用指定的背景，這就是所謂的“Overdraw”。 可以設定theme的background為null來避免。 7.Hardcoded text 8.HashMap can be replaced with SparseArray 9.Layout hierarchy is too deep 10.Layout has too many views Memory allocations within drawing code