Sonar
To use DCM with Sonar, configure the external issues report path and add a step that runs DCM commands.
For instance, if you want to run the dcm analyze command and generate a report compatible with Sonar, you can use the following command:
dcm run --analyze --reporter=sonar lib > ./dcm-quality-report.json
This command will analyze the lib directory and output the results to dcm-quality-report.json, which will then be picked up by Sonar.
Don't forget to specify the sonar.externalIssuesReportPaths property in your sonar-project.properties:
...
# External issues report path which the result of
# "dcm run --analyze --reporter=sonar lib > ./dcm-quality-report.json"
sonar.externalIssuesReportPaths=dcm-quality-report.json
Running Sonar Locally​
To run Sonar analysis locally, you'll need to install the Sonar scanner. You can download the scanner from the official SonarQube website and follow the installation instructions.
Once installed, you can execute the following command in your project directory:
sonar-scanner
This command will read the sonar-project.properties file and perform the analysis based on the configurations specified. The results will be uploaded to your SonarQube server or SonarCloud account.
Sonar Cloud​
If you are using the Cloud version, you just need to ensure that your CI/CD is fully integrated with Sonar. For more detailed information on integrating Sonar with different platforms, visit their documentation.
DCM Issues in Sonar Dashboard​
When the report is uploaded this is how it looks in Sonar dashboard where it shows a list of issues:
When you click on an issue, you will see the source code, error line and some metadata including the category of error, rule name and etc:
If you are unsure how to fix the error, you can find the DCM documentation link and read more:
Example GitLab CI Integration​
While Sonar can be used independently, integrating it with your CI/CD pipeline can automate the analysis process. Below is an example .gitlab-ci.yml file that demonstrates how to run Sonar as part of your GitLab CI pipeline:
stages:
- test
variables:
DCM_VERSION: "1.21.2-1" # Specify DCM version (e.g., "1.21.2-1")
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
dcm:
stage: test
image: dart:stable
before_script:
- apt-get update -qy
- apt-get install -y --no-install-recommends wget gnupg2
script:
- wget -qO- https://dcm.dev/pgp-key.public | gpg --dearmor -o /usr/share/keyrings/dcm.gpg
- echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | tee /etc/apt/sources.list.d/dart_stable.list
- apt-get update
- apt-get install dcm=$DCM_VERSION
- dcm run --analyze --reporter=sonar lib > ./dcm-quality-report.json
artifacts:
untracked: true
paths:
- ./dcm-quality-report.json
sonarcloud-check:
stage: test
when: always
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [""]
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner
needs:
- job: dcm
artifacts: true
Pipeline Overview​
- DCM Job: Runs the DCM analysis and generates a JSON report.
- Sonar Job: Uses the
sonarsource/sonar-scanner-cliDocker image to upload the analysis results to Sonar. This setup ensures that your code quality is continuously monitored as part of your development process.
Check out full documentation on Sonar & GitLab Integration.
To set up Sonar integration for another platform (e.g. GitHub), refer to Sonar documentation for that platform.