Sonar

We use Sonar to track code quality. It combines findbugs rules, jacoco (for test coverage) and other code statistics.

The Sonar full analysis is run by our CI daily and results are published at sonar.openmrs.org In addition each commit triggers an incremental analysis, which is a part of our regular build. You can find results of incremental analysis under artifacts in build results, e.g. https://ci.openmrs.org/browse/SON-OPENMRSCOREMASTER/latest (find the sonar-report link at the bottom of the page). It will tell if you break any of ~500 coding rules and even fail the build if there are any blockers.

You can search through the list of rules at https://ci.openmrs.org/sonar/rules_configuration/index/3, but in practice you can learn all about them from full or incremental reports.

If you want to run sonar analysis locally you just need to execute:

mvn clean package -Psonar mvn sonar:sonar

It will run the incremental analysis by default. If you want to run the preview of the full analysis use mvn sonar:sonar -Dsonar.analysis.mode=preview

To see the full report open up a project dashboard in sonar by clicking on the project name https://sonar.openmrs.org/dashboard/index/org.openmrs:openmrs. What you see is the result of the last analysis. You can compare it to the previous analysis by selecting "since previous analysis" from the Time changes... dropdown at the top.

You can find issues in the top right corner and click for example on the number of critical issues to find out more. You can see them sorted by rule at the top. Click any rule to just show files that break the rule and then select any file on the bottom right. You should see issues in the file below. You can expand to read more by clicking on each issue in the file.

Rules can be blocker, critical, major, minor and info. We aim to eliminate blocker and critical issues first. The rest is low priority for us.

Right now you can see that we only run the analysis on the openmrs-core project. We hope to get there all modules built by our CI at some point.

Resources

Source Code Analysis Tools