I have a simple problem, with a simple answer probably, but I can't find what is it. We want to deploy SonarQube along with Checkstyle and some other tools, but we can't find out is it meant for a centralized, server deployment, or on each developer machine? All tutorials show installations on separate machines and being used in the localhost, while there is a public instance example, and the requirements and specs certainly look service-like.
On the other hand, I'm not getting how do the developers submit their code for checks if it is on a server.
So, in short, how is it deployed? Any checklist or something similar would be of great help.
SonarQube (formerly just "Sonar") is a server-based system. Of course you can install it on your local machine (the hardware requirements are minimal). But it is a central server with a database.
Analyses are performed by some Sonar "client" software, which could be the sonar runner, the sonar ant task, the sonar Eclipse plugin etc. The analysis results can be automatically uploaded to the server, where they can be accessed via the sonar Web application.
In an environment with many developers, you should run a build server (e.g. Hudson or Jenkins), which performs automatic sonar analyses as part of the nightly build. Other schedules are possible, but the developers should know when they can expect updates of the server-side analysis results. The results of the automated analysis can be displayed in the individual developer's Eclipse editor by way of the sonar Eclipse plugin.
The architectural documentation on Sonar is quite sparse. I've looked for a picture to visualize what I just described, but could not find one ...
The SonarQube "runtime" architecture has several elements:
- SonarQube server. It contains a database (e.g., MySql) and an
embedded web server (Tomcat). The SonarQube server stores the
results of analyses (the metrics), but does not execute the code
analyses. This server provides a web UI that shows the dashboard of
the projects, various metrics and drill down into code, admin options.
- Program that runs code analysis on the developer machine. There are options: (a) developers can execute the various code analyses through a program called SonarQube Runner; (b) if they are using Eclipse or InteliJ, they can use the respective SonarQube plug-in, which provides configuration properties, menu options to run analysis, a view to show violations, etc.; (c) developers can also run code analysis via maven or ant--if using maven, you just need the sonar-maven-plugin, which gives you the sonar:sonar goal.
All these options of programs that run the analysis on the developer machine need to be configured to communicate with a SonarQube server. Thus, when you run code analysis in Eclipse using the Eclipse SonarQube plug-in, for example, the metrics will be uploaded to the server. This server is typically shared by all developers, but it can also be localhost.
- Progran that runs code analysis on the continuous integration server. The job that builds a software project can be configured to run SonarQube code analysis. It can be done via maven just like on the developer's machine, or via a plug-in. There are SonarQube CI plug-ins for Jenkins, Hudson, Bamboo, and others. Depending on the size of your project, you may want to configure the code analysis to run once a day only, and not upon each code commit or changes to dependencies. The SonarQube code analysis executed on the CI server will likewise send the generated metrics to the SonarQube server.
The SonarQube architecture documentation is very poor (not to say absent), so it's hard to get the big picture. I hope this helps.