Hands-On LabManaging Technical Debt with Team Foundation Server 2015 and SonarQube Lab version: 14.0.23107.0

Last updated: 9/11/2015

TABLE OF CONTENT

MANAGING TECHNICAL DEBT WITH TEAM FOUNDATION SERVER 2015 AND SONARQUBE......1

OVERVIEW.....................................................................................................................................3

Prerequisites...........................................................................................................................3

About the Fabrikam Fiber Scenario........................................................................................3

Exercises.................................................................................................................................4

EXERCISE 1: INSTALL AND CONFIGURE SONARQUBE AND SONARQUBE MSBUILD RUNNER..........................5

EXERCISE 2: ANALYZING PROJECTS USING XAML BUILDS.......................................................................9

EXERCISE 3: UNDERSTAND SONARQUBE ANALYSIS RESULTS.................................................................17

EXERCISE 4: ANALYZING PROJECTS USING TEAM FOUNDATION BUILD 2015 (BUILD VNEXT).......................22

Overview

Technical debt is the set of problems in a development effort that make forward progress on customer value inefficient. Technical debt saps productivity by making code hard to understand, fragile, time-consuming to change, difficult to validate, and creates unplanned work that blocks progress. Technical debt saps an org's strength due to high costs in customer support, and, eventually, some combination of these issues creates a larger problem that someone runs into. Technical debt is insidious. It starts small and grows over time through rushed changes, lack of context and lack of discipline. It can materialize out of nowhere even for a project regarded as clean at some point in time, due to a change in project circumstances: prototype code may be promoted to serve as the basis for a feature; code produced for the U.S. market may be proposed for international, instantly creating debt related to localizability; technologies evolve, but the app doesn’t keep up.

In this lab, you will be introduced to Technical debt, how to configure your Team Build Definitions to use SonarQube, how to understand the analysis results and finally how to configure quality profile to control the rule set used by SonarQube for analyzing your project.

SonarQube is an open source platform for understanding and managing technical debt, it provides different ways to analyze and measure technical quality from project portfolio to method.

Prerequisites

In order to complete this lab, you will need:

1) The Visual Studio 2015 virtual machine provided by Microsoft. For more information on acquiring and using this virtual machine, please see this blog post.

2) You will need to manually install SonarQube on the above virtual machine using the recommended installation guide created by the Visual Studio ALM Rangers, please see this installation guide on GitHub. Alternatively, you may follow exercise 1 in this lab to install and configure SoanrQube for demo and evaluation purposes.

3) You will need to manually install Team Foundation 2013 Object model on the virtual machine.

About the Fabrikam Fiber Scenario

This set of hands-on-labs uses a fictional company, Fabrikam Fiber, as a backdrop to the scenarios you are learning about. Fabrikam Fiber provides cable television and related services to the United States. They are growing rapidly and have embraced Windows Azure to scale their customer-facing web site directly to end-users to allow them to self-service tickets and track technicians. They also use an on-premises ASP.NET MVC application for their customer service representatives to administer customer orders.

In this set of hands-on labs, you will take part in a number of scenarios that involve the development and testing team at Fabrikam Fiber. The team, which consists of 8-10 people, has decided to use Visual

Studio application lifecycle management tools to manage their source code, run their builds, test their web sites, and plan and track the project.

Exercises

This hands-on lab includes the following exercises:

1. Exercise 1: Install and Configure SonarQube and SonaQube MSBuild Runner

2. Exercise 2: Analyzing Projects using XAML Builds.

3. Exercise 3: Understand SonarQube Analysis Results.

4. Exercise 4: Analyzing projects using Team Foundation Build 2015 (Build vNext)

Estimated time to complete this lab: 60 minutes.

Exercise 1: Install and Configure SonarQube and SonarQube MSBuild Runner

In this exercise, you will learn about the main installation and configuration points required to install and configure SonarQube for demo purposes.

Note: The steps provided below are the main steps needed to install SonarQube and SonarQube MSBuild Runner on this VM for demo and evaluation purposes. We recommend following the installation guide created by the Visual Studio ALM Rangers for more detailed instructions, please see this installation guide on GitHub.

1. Download SonarQube 5.1.2 and MSBuild SonarQube Runner from the SonarQube downloads.

Figure 1 SonarQube Download Page

2. Download Java SE Runtime Environment (JRE) from the Oracle Jave SE downloads page. Select the Download under JRE. Select Accept License Agreement and click the Windows x64 that points to exe file. Run the file to install Java runtime on the VM.

Figure 2 JRE Download page on Oracle

3. Download the latest sonar-csharp-plugin-X.Y.jar available from the C# Plugin page, on the SonarQube site.

Figure 3 C# Plugin download page

4. Log in as Julia (VSALM\Julia). All user passwords are P2ssw0rd.

5. Copy sonarqube-5.1.2.zip, jre-8u45-windows-xXX.exe and sonar-csharp-plugin-X.Y.jar to the virtual machine.

6. Install Java SE Runtime Environment on the VM.

7. Right-click on sonarqube-5.1.2.zip, select Properties and then click on the Unblock button

8. Unzip SonarQube-x.x.zip on to a folder, for example use C:\SonarQube\SonarQube-5.1.2

9. In the extracted folder navigate to Conf folder, edit sonar.properties file to change the default web port. By default, SonarQube uses port 9000 which is currently being used in the virtual machine for FabrikamFiber QA web site (FF QA). For the purpose of this lab you can provide port 9090.

a. Uncomment #sonar.web.port and change the port number to any available port, for example 9090

10. Copy sonar-csharp-plugin-X.Y.jar to SonarQube directory (C:\SonarQube\SonarQube-5.1.2\) under extensions\plugins\ subdirectory.

11. Run SonarQube by opening a command prompt and change the directory to SonarQube extracted folder cd C:\SonarQube\SonarQube-5.1\bin\windows-x86-64 and Run StartSonar.bat. Wait until you get a confirmation on the command prompt that the process is up and running

Figure 4 SonarQube Server Starting Up

12. Open you browser and navigate to http://vsalm:9090 to access the SonarQube portal

Figure 5 SonarQube Dashboard

13. Right-click on MSBuild.SonarQube.Runner-x.x, select Properties and then click on the Unblock button. Extract the zip file to a folder. Example: C:\SonarQube\MSBuild.SonarQube.Runner-1.0

14. Open C:\SonarQube\MSBuild.SonarQube.Runner-x.x\SonarQube.Analysis.xml in notepad and change the SonarQube server address in sonar.host.url property to http://vsalm:9090

Figure 6 Editing Sonar address in SonarQube.Analysis.xml

Exercise 2: Analyzing Projects using XAML Builds

In this exercise, you will learn about the main configuration points that are needed to integrate Team Foundation Server build with SonarQube, performing code analysis on a sample project, and access the analysis result from build summary and SonarQube project dashboard.

1. Log in as Julia (VSALM\Julia). All user passwords are P2ssw0rd.

2. Launch Visual Studio 2015 from the taskbar and open Team Explorer. You should now be connected to the FabrikamFiber team project. If you are not automatically connected to the

FabrikamFiber project, select the Connect to Team Projects button ( ) to do so.

Figure 7Connecting to Team Explorer - Home

3. Select the Builds tile.

Figure 2Location of Builds tile

4. Click the New Build Definition link under XAML Build Definitions section.

Figure 3New Build Definitions

5. Provide a build definition name “Nightly Fabrikam (Dev-Sonar)”

6. In the Source Settings, configure this build to point to FabrikamFiber Dev branch

Figure 4Source Settings

7. In the Process tab, make sure you select one of the standards process templates.

Note: One of the standard Team Build workflow templates for TFS2015 (GitTemplate.12.xaml or TfvcTemplate.12.xaml) and that the standard Microsoft build targets are used.

8. While in Process tab,

a. Within the 2. Build section, expand the 5. Advanced section and set the following properties in the Advanced section:

i. Set the Pre-build script path to the full path to MSBuild.SonarQube.Runner.exe

ii. Set the Pre-build script arguments to contain the following four arguments:

a. begin

b. /key:{the project key of the SonarQube project to which the build definition relates}

c. /name:{the project name of the SonarQube project}

d. /version:{the project version of the SonarQube project}

Note: The aliases /k:, /n: and /v: can also be used and If any of the arguments contain spaces then that argument needs to be surrounded by double-quotes e.g. /name:”My Project Name”.

So pre-build scrip argument should look like begin /k:FabrikamFiber /n:FabrikamFiber /v:1.0

Figure 5Pre-build Settings

b. Click on the expander for the 2. Advanced section under 3. Test to display the advanced test settings.

i. Set the Post-test script path to the full path to MSBuild.SonarQube.Runner.exe

ii. Set the Post-test script arguments to contain the following argument:

a. end

Figure 6Post-Test Settings

9. Press Ctrl + S to save the build definition. Everything should now be in place for a continuous integration scenario where a source check in will trigger both a build and a release.

10. Right-click on the build definition “Nightly Fabrikam (Dev-Sonar)” in the Team Explorer window and select “Queue New Build…” from the context menu.

Figure 7Queue New Build option

Note: Build agent must have the TFS 2013 Object Model installed to perform a successful analysis, please make sure you downloaded and installed the TFS 2013 Object Model from the Visual Studio Gallery

Note: You may run into a situation where you can’t install TFS 2013 Object Model on the VM if it’s not connected to the internet. As a workaround extract the TFS Object Model on the host machine from the setup file using /layout switch parameter from command line and copy the extracted folder to VM then run the installation again.

11. Once clicked, in Team Explorer – Builds, you should see that a build is currently shown under My Builds section.

Figure 8My builds

12. Wait for the build to finish and then double click the build name from My Builds to open he build summary.

Figure 9Build Summary

13. In the build summary report, you’ll be able see a new summary section entitled “SonarQube Analysis Summary”, click “Analysis results” hyperlink.

Figure 10SonarQube Analysis Summary

14. You should be able to see the SonarQube project dashboard with the detailed analysis on SonarQube portal

Figure 11FabrikamFiber Project Dashboard

Exercise 3: Understand SonarQube Analysis Results

In this exercise, you will learn how to understand the analysis results and the main SonarQube portal sections that you should look at to understand the Technical Debt associated with your project.

Note: If you are interested in learning more about SonarQube dashboards, please see this user guide on SonarQube.

1. Log in as Julia (VSALM\Julia). All user passwords are P2ssw0rd.

2. Launch Visual Studio 2015 from the taskbar and open Team Explorer. You should now be connected to the FabrikamFiber team project. If you are not automatically connected to the

FabrikamFiber project, select the Connect to Team Projects button ( ) to do so.

Figure 82Connecting to Team Explorer - Home

3. Select the Builds tile.

Figure 13Location of Builds tile

4. Right click the “Nightly Fabrikam (Dev-Sonar)” and select “View Builds” to display the list of recent builds.

Figure 14List of completed builds

5. Double click the recent successful build to open the build summary.

Figure 15Build Summary

6. While in build summary, click on “Analysis results” link under “SonarQube Analysis Summary”, to open the project dashboard on SonarQube portal. SonarQube project dashboard consists of multiple boxes called widget which display a specific information about the analyzed project like line of codes, duplications, complexity, technical debt, SQALE rating and more that you can add by customizing the dashboard widgets.

Figure 16

FabrikamFiber Project Dashboard

7. From dashboard you will be able to see the Technical Debt ratio associated with your project as well as a summary of all the issues generated from the analysis.

Figure 17Technical Debt Ration and issues list

8. Click on Issues link to navigate the list of coding standards issues, SonarQube raises an issue every time a piece of code breaks a coding rule. By default, it shows unresolved issues of all severities, from all projects, grouped by file.

Note: The set of coding rules is defined through the quality profile associated with the project, please see Quality Profiles documentation for more details.

Figure 18

Issues List

9. While you are in the Issues list, click on any issue to access the issue details, you will be able to drill down to the line of code generating such issue. You can filter the issues based used different filtering options shown on the left side.

Figure 19Issues details

Exercise 4: Analyzing projects using Team Foundation Build 2015 (Build vNext)

Note: in order to complete this exercise successfully, you have to install and configure a build agent, follow the companion lab “Introduction to Team Foundation Build 2015 (vNext)” for the detailed steps.

In this exercise, you will learn about the main configuration points that are needed to integrate Team Foundation Server Build 2015 (formerly referred to as Build vNext) with SonarQube, performing code analysis on a sample project, and access the analysis result from build summary and SonarQube project dashboard.

It is currently possible to perform SonarQube analysis in the new build system on an on-premise build agent by using the general-purpose "Command Line" task to call MSBuild.SonarQube.Runner.exe (i.e. to do the same job as the "Pre-Build script"/"Post-Build script" steps in a XAML build

Note: The intention is to provide custom tasks to make the process of performing SonarQube analysis in the TFS build system straightforward. The proposed custom build tasks will also make it possible to run SonarQube analysis on hosted build agents.

At the time this lab been written, two SonarQube build tasks are available on Visual Studio Online, please read this announcement.

1. Log in as Julia (VSALM\Julia). All user passwords are P2ssw0rd.

2. Launch Internet Explorer from the taskbar and select the TFS FF Portal button from the favorites bar at the top.

Figure 20Launching the web portal

3. Select the Build navigation link.

4. In the Explorer view, the definitions for the new build system are shown under the Build Definitions heading, while the XAML-based definitions are now shown under XAML Definitions heading. Click the Actions button (green plus).

Figure 21Create a new Build vNext definition

5. The Definition Templates dialog lists a few different build templates that you can start with in order to build and test using Visual Studio, Xamarin, and Xcode. Alternatively, you can also simply start with an Empty definition and add in the tasks that you need. Select Visual Studio and click Ok.

Figure 22Visual Studio Build Definition

6. The new build definition is initially setup with build steps that initiate a Visual Studio build, then a test step, publication of symbols for archival, and finally publishing the build output to a drop location. These steps are all defined on the Build tab. Provide the needed information to build you solution by configuring each build tasks parameters.

Figure 23Build Steps

7. Add Command Line build step before the Visual Studio Build step and after the Visual Studio Test step by clicking on Add build step…

Figure 24Add build step

8. In Add Build Steps dialog, choose Utility tab and on Command Line step click Add button twice

Figure 25Add command Line step

9. In the first Command Line build step (pre-build):

o set the Tool field to point to the MSBuild.SonarQube.Runner.exeo supply the necessary arguments in the Arguments field e.g. begin /key:FabrikamFiber

/name:FabrikamFiber /version:1.0

Figure 26Pre-Build Command Line arguments and tool

10. In the second Command Line build step (post-build):

o set the Tool field to point to the MSBuild.SonarQube.Runner.exeo set the Arguments field to end

Figure 27Post-Build Command Line arguments and tool

11. Save the build definition

Figure 28Save dialog

12. Click the Queue Build button to queue a new build.

Figure 29Queue Build

13. Wait for the build to finish and make sure that pre-build and post-build steps has been executed successfully.

Figure 30Build Summary

14. Unlike the XAML build, there is no summary section for SonarQube. To access the analysis results you can navigate directly to SonarQube portal and select your project. Alternatively, you can access the project dashboard URL by copying it from log information for the post-build command line

Figure 31Project Dashboard URL

15. You should be able to see the SonarQube project dashboard with the detailed analysis on SonarQube portal by just copy the URL and past it in a new browser tab. SonarQube project dashboard will show the last analysis time on the top corner.

Figure 32Project Dashboard

1.To give feedback please write to VSKitFdbk@Microsoft.com

Copyright © 2023 by Microsoft Corporation. All rights reserved.