In this article we are going to cover SonarQube Integration for Python Project using GitLab CI/CD. SonarQube is a popular tool for automating code quality checks and static analysis. Integrating SonarQube into a Continuous Integration/Continuous Deployment (CI/CD) pipeline enables developers to identify and address issues early in the development lifecycle. This article will guide you through the process of integrating SonarQube with a Python project using GitLab CI/CD.
Table of Contents
Prerequisites
- Ubuntu Server 24.04 LTS
- Basic knowledge of SonarQube and GitLab.
Step #1:Install Gitlab Runner on Ubuntu 24.04 LTS
Add the official GitLab repository.
curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash
To install the latest version of GitLab Runner First update the package list.
sudo apt update
Install the gitlab-runner.
sudo apt install gitlab-runner
Now next we are going to register a runner.
sudo gitlab-runner register
Step #2:Install Python and pip
Install the python.
sudo apt install python3
Verify the python installation by checking its version.
python3 --version
Next install the pip.
sudo apt install python3-pip
Verify the pip installation by checking its version.
pip3 --version
Step #3:Download the SonarQube Scanner
Make a directory.
mkdir /downloads/sonarqube -p
navigate to that directory.
cd /downloads/sonarqube
Download the sonar scanner using wget command.
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip
Install the unzip if you don’t have it.
sudo apt install unzip
And unzip the sonar scanner binary.
sudo unzip sonar-scanner-cli-4.8.0.2856-linux.zip
Then move it to /opt directory.
sudo mv sonar-scanner-cli-4.8.0.2856-linux /opt/sonar-scanner
Next edit the sonar-scanner.properties file using following command
vi /opt/sonar-scanner/conf/sonar-scanner.properties
uncomment the lines present in following sections.
#----- Default sonarqube server
sonar.host.url=http://localhost:9000
#----- Default source code encoding
sonar .sourceEncoding=UTF -8
Create a file to automate the required environment variable configuration
vi /etc/profile.d/sonar-scanner.sh
add the following lines in the file.
#/bin/bash
export PATH="$PATH:/opt/sonar-scanner/bin"
Then use the source command to add the sonar scanner command to the PATH variable.
source /etc/profile.d/sonar-scanner.sh
You can verify it by checking its version
sonar-scanner -v
Now in repository create a file named sonar-scanner.properties and add the following lines into it
sonar.projectKey=devopshint_pythonproject
sonar.qualitygate.wait=true
Add variables in your GitLab repository.
SONAR_HOST_URL
SONAR_LOGIN
SONAR_PASSWORD
Next create a .gitlab-ci.yml file in your Gitlab project.
variables:
SONARQUBE_ARGUMENTS_PREVIEW: -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_LOGIN -Dsonar.password=$SONAR_PASSWORD --stacktrace -Dsonar.analysis.mode=preview -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
STAGE_ID: ${CI_PROJECT_NAME}_${CI_BUILD_REF_NAME}_${CI_JOB_NAME}_${CI_JOB_ID}
image: "python:3.7"
before_script:
- python --version
- python -c 'import struct;print( 8 * struct.calcsize("P"))'
- pip install --upgrade pip
- pip install --upgrade setuptools
- pip install pytest
stages:
- Static Analysis
- Test
mypy:
stage: Static Analysis
script:
- python -m pip install mypy
- pwd
- ls -l
flake8:
stage: Static Analysis
script:
- python -m pip install flake8
pylint:
stage: Static Analysis
script:
- pip install pylint
test:
stage: Test
script:
- pwd
- ls -l
- export PYTHONPATH="$PYTHONPATH:."
- python -c "import sys;print(sys.path)"
- sonar-scanner -X -Dsonar.sources=. -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_LOGIN -Dsonar.password=$SONAR_PASSWORD
Conclusion:
In conclusion, by following the steps outlined in this article, you have successfully integrated SonarQube into your Python project using GitLab CI/CD. This setup not only streamlines the static analysis process but also ensures that your code meets high-quality standards as part of your CI/CD pipeline. Regularly analyzing your code with SonarQube helps in identifying potential vulnerabilities, improving maintainability, and enhancing overall project health.
Related Articles:
GitLab CI/CD Tutorial [25 Practical Articles]
Reference: