Mule and SonarQube

byGonzalo Marcos -

SonarQube is an open-source platform used for continuous inspection of code quality. It performs automatic reviews of code to detect bugs, security vulnerabilities, and code smells (potential design issues). 

SonarQube supports multiple programming languages, and it can integrate with various continuous integration (CI) tools and development environments to ensure that the code meets specified quality standards before being deployed.

Also, at the moment (October 2024), there’s no official support for SonarQube in Mulesoft, there’s an open-source plugin we can use for Mule that could be very useful. 

The plugin will analyze the configuration files of our Mule Projects
The plugin provides a predefined set of rules and metrics that follow Mule coding best practices

Let’s have a look at how to install it and use it for our Mule apps.

Prerequisites

You might find that, following all the steps in this tutorial, your maven commands don’t work. It’s very likely that your Maven or Java JDK versions have something to do with that. These are the versions we’ve used for this tutorial:
  • JAVA version - We’ll be using the OpenJDK 11
  • Maven - version 3.8.8
If you need to use a different version of the JDK, have a look at these posts

Pull the Docker image

First we need to download the docker image of the sonarqube plugin to our Docker instance:
docker pull fperezpa/mulesonarqube:7.7.3


Run the container

Once we’ve got the image, to create the container run the following;
docker run -d --name mule-sonarqube -p 9000:9000 -p 9092:9092 fperezpa/mulesonarqube:7.7.3
Where:
  • -d: Runs the container in detached mode.
  • --name mule-sonarqube - This is the name of the container. Use your preferred name for this.
  • -p 9000:9000 - This will map port 9000 in the host to port 9000 in the container. If need to use another port in your host, just change the flag to -p [YOUR_PORT]:9000. This is the port we will use to access the Sonarqube web console.
  • -p 9092:9092 - This will map port 9092 in the host to port 9092 in the container. Again, if you need to use another port, just change this value to -p [YOUR_PORT]:9092
  • fperezpa/mulesonarqube:7.7.3 - This is the docker image we downloaded in the previous step
Once your container is deployed, verify the container is running with the command:
docker ps

Lastly, open a browser and go to http://localhost:9000 (or the port you defined) and verify you can see the Home page of your Sonarqube instance (give it a couple of minutes after you run the container, it might take a little bit to start the instance depending on your host resources). 


Click on Log in. The default credentials are:
  • username: admin
  • password: admin

Set up our Sonarqube instance

Once your instance is up and running, there’s an extra step before you can run it with a mule app. In Mule our config files are XML and SonarQube already comes with an XML plugin. For that reason we have to modify the default behaviour so that only one plugin inspects XML files. 
To do that, go to Administration > Configuration > General Settings > XML (bottom of the page) and delete the .xml extension from there.


Modify the pom of our sample app

  • Let’s just create a simple HelloWorld app to run the Sonarqube plugin on it. 
  • We won’t get any interesting results in Sonarqube, this is just to confirm our installation works

  • Open the pom.xml file. We need to add the sonarqube plugin with its configuration under the build section:
<project>
    ...
    <build>
        ...
        <plugin>
            <groupId>org.sonarsource.sonar-packaging-maven-plugin</groupId>
            <artifactId>sonar-packaging-maven-plugin</artifactId>
            <version>1.17</version>
            <extensions>true</extensions>
            <configuration>
                <pluginClass>com.mulesoft.services.tools.sonarqube.MulePlugin</pluginClass>
                <pluginName>MulePlugin</pluginName>
                <pluginKey>mulevalidationsonarqubeplugin-mule</pluginKey>
            </configuration>
        </plugin>
        ...
    </build>
    ...
</project>

Save the pom file. Our app is ready

Run the SonarQube plugin in your project

This plugin won’t be run as part of the default maven build lifecycle, we don’t need to package or run our project to use it. To run the plugin we have to explicitly run the maven command from a terminal, specifying the plugin and the goal of the plugin. From Anypoint Studio, right click on the name of your project > Show in System Explorer. That will open the folder where your mule project is stored. Open a terminal from this folder and run the maven command:
mvn sonar:sonar -Dsonar.host.url=http://localhost:9000 -Dsonar.source=src/

Where:
  • sonar:sonar - It’s the plugin and the goal
  • -Dsonar.host.url=http://localhost:9000 - is the URL of your sonarqube instance. In here, our docker container is running locally, we use localhost. If you run it in an external VM you’ll need to provide the hostname of your server (and the port, if you don’t use the default 9000)
  • -Dsonar.source=src/ - This option tells the plugin the location of the files to be analyzed. With src/ the plugin will analyze everything under that folder in the project.

See the Results

If you got a successful message in the previous step, that mean the plugin worked and that we should now see a new project in our SonarQube instance. Head over to SonarQube and go to Projects.



If you click on the Project you will probably see the project is empty. As we mentioned, this was just a test to verify how to install and use Mule and the SonarQube plugin. In future posts, we will have a closer look at how to properly to a Static Analysis of our code with the plugin. Stay tuned!
Tags

You may like these posts

Previous Post Next Post