Check code quality with SonarQube
242 views
Skip to first unread message
David Racodon
Aug 19, 2015, 2:13:11 AM8/19/15
to Puppet Users
Hi,
Iain and I developed a SonarQube plugin to check code quality of Puppet modules. This first version comes with over 40 rules spanning from potential bugs to coding style guidelines. It fully benefits from all the nice features coming with SonarQube: efficient web interface to browse issues and metrics, ability to focus your effort on new code (added or modified) only, computation of technical debt and a lot more.
It is fully open source and free. So, feel free to give it a try. The release is available at: https://github.com/iwarapter/sonar-puppet/releases/tag/1.0. To get started with SonarQube, see http://docs.sonarqube.org/display/SONAR/Documentation.
Any feedback is more than welcome!
Meanwhile, we'll keep adding new features.
Enjoy!
Iain Adams and David Racodon
Chris Bowles
Aug 19, 2015, 4:40:21 PM8/19/15
to Puppet Users
Thanks, David. Have never checked out SonarQube, but I like the idea of a Puppet code quality tool.
~ Chris
Mike Skint
Aug 20, 2015, 1:47:44 PM8/20/15
to Puppet Users
This is interesting, thanks.
How does sonarqube differ from puppet-lint, also does it test for the future parser?
cheers.
How does sonarqube differ from puppet-lint, also does it test for the future parser?
cheers.
Mike Skint
Aug 20, 2015, 3:39:44 PM8/20/15
to Puppet Users
Ahh, I see the future parser *isn't* yet supported.
David Racodon
Aug 20, 2015, 4:51:09 PM8/20/15
to puppet...@googlegroups.com
Hi Mike,
How does sonarqube differ from puppet-lint
SonarQube provides more checks than puppet-lint and similar checks have fewer false negatives.
Checks are not only coding style related. There are checks:
- to detect potential bugs: duplicated hash keys should be removed, duplicated parameters should be removed, ...
- to warn about deprecated structures: deprecated node inheritance should not be used, ...
- to point out complex code: case and selectors statements should not be nested, classes and defines should not be too complex, ...
- to point out pitfalls: if...elsif structures should be terminated by an else statement, empty blocks should be removed, ...
- ...
and a lot more valuable checks are being implemented.
As stated before, it comes with a nice web interface to browse issues, it computes metrics (lines of code, complexity, comments lines, number of resources, ...), it keeps history, you can focus on new code, you can get an overview of your entire Puppet code base, it checks for duplication, it computes technical debt, the analysis is way faster, etc.
The best way to discover how SonarQube can bring you value is to either browse the demo instance at http://nemo.sonarqube.org or install it and give it a try on your source code. By the way, I just built a package to analyze your Puppet code in less than two minutes. So feel free to give it a try: https://github.com/racodond/package-test-sonarqube-puppet/archive/master.zip
also does it test for the future parser?
Not in this first version but we're working hard on it.
Cheers,
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1b80776e-d9fb-411b-a367-01cdaa03d045%40googlegroups.com.
Mike Skint
Aug 20, 2015, 4:56:00 PM8/20/15
to Puppet Users
thanks David,
looking forward to using it :)
looking forward to using it :)
David Racodon
Aug 20, 2015, 4:58:10 PM8/20/15
to puppet...@googlegroups.com
Looking forward to getting your feedback then! :-)
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/78e92938-65df-4f0b-bdf0-60b0c582b803%40googlegroups.com.
Mike Skint
Aug 20, 2015, 5:26:43 PM8/20/15
to Puppet Users
David,
what an outstanding tool! so so sweet!
thank you!
what an outstanding tool! so so sweet!
thank you!
David Racodon
Aug 21, 2015, 3:58:41 AM8/21/15
to puppet...@googlegroups.com
Thank you Mike! ... and thanks to Iain as well who's co-developing the plugin with me.
Glad you like it!
As a bonus, I also released a JSON plugin. It provides similar https://github.com/puppet-community/metadata-json-lint checks, plus additional checks such as enforcing a specific license or author. See https://github.com/racodond/sonar-json-plugin/releases/tag/1.0
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/dd9a9960-f0a3-42c9-904a-ead8dd94fc00%40googlegroups.com.
Mike Skint
Sep 25, 2015, 1:40:15 PM9/25/15
to Puppet Users
Just checking in David, wondering about the future parser progress. How is it going?
Also may have found a bug, though it may be down to the future parser. I'm seeing a parse error in sonarqube for a manifest that runs fine under puppet 3.x and puppet with the future parser enabled.
Also may have found a bug, though it may be down to the future parser. I'm seeing a parse error in sonarqube for a manifest that runs fine under puppet 3.x and puppet with the future parser enabled.
Reply all
Reply to author
Forward
0 new messages