Getting started with SonarQube and TypeScript

tssq

Update

The source code with this post was updated to reflect the new SonarTS version 1.2 and SonarQube version 6.7. For more information on how to extend the basic scenario with code coverage, see this post: Better together: SonarQube, TypeScript and Code Coverage

SonarSource recently released an official first version of a static code analyzer for TypeScript. So if you want to get up and running with SonarQube and Typescript: now you have an easy way to do this.

The supported scenarios are:

  • Run SonarTS as a TSLint extension
  • Run SonarTS as a SonarQube plugin

The first being the easiest and probably the best to get started. The second scenario enables analysis of Typescript files during builds.

First the links:

TSLint

TypeScript developers usually check their code for errors and maintainability using a TypeScript linter called Tslint (https://github.com/palantir/tslint). This linter can be extended with SonarTS, so let’s get this to work. In this case we install TSLint and TypeScript locally in our project and generate a default tslint.json configuration file.

npm install tslint typescript --save-dev
# or globally with: npm install tslint typescript -g
tslint --init

Next step, we install SonarTS

npm install tslint-sonarts –save-dev

And add the Sonar to the tslint.json configuration file:

{
    "defaultSeverity": "error",
    "extends": [
        "tslint:recommended",
        "tslint-sonarts"
    ],
    "jsRules": {},
    "rules": {

    },
    "rulesDirectory": []
}

And finally we need to add two additional files to complete our setup. The first being the “sonar-project.properties” :

sonar.projectKey=Demo:sonar-ts-demo
sonar.projectName=Sonar TS Demo
sonar.projectVersion=1.0
sonar.sourceEncoding=UTF-8
sonar.sources=src
sonar.exclusions=**/node_modules/**,**/*.spec.ts
sonar.tests=src
sonar.test.inclusions=**/*.spec.ts
sonar.ts.tslintconfigpath=tslint.json
sonar.ts.lcov.reportpath=test-results/coverage/coverage.lcov

And the second file tsconfig.json to configure our Typescript root and compiler instructions:

{
    "include": [
        "src/**/*"
    ],
    "exclude": [
        "node_modules",
        "**/*.spec.ts"
    ]
}

When we run the TSLint, we now also receive Sonar Analysis feedback:

tslint --type-check --project tsconfig.json -c tslint.json 'src/**/*.ts'

Rules

The initial release contains two profiles and 70+ rules. Rules can easily be disabled/ enabled using the tslint.json or the tslint-sonarts.json:

{
    "rulesDirectory": [],
    "rules": {
      "no-collection-size-mischeck": true,
      "no-all-duplicated-branches": true,
      "no-duplicated-branches": true,
      "no-empty-destructuring": true,
      "no-use-of-empty-return-value": true,
      "no-identical-conditions": true,
      "no-identical-expressions": true,
      "no-useless-increment": true,
      "no-ignored-return": true,
      "no-self-assignment": true,
      "no-variable-usage-before-declaration": true,
      "no-misspelled-operator": false,
      "no-inconsistent-return": false,
      "no-unconditional-jump": true,
      "no-misleading-array-reverse": true,
      "no-empty-nested-blocks": false,
      "no-multiline-string-literals": true,
      "no-array-delete": true,
      "no-dead-store": true
    }
  }

SonarQube

If you are working with SonarQube Server, you probably want to work with SonarTS as a plugin. This enables static analysis and additional rules, metrics and code coverage import.
Since it is available as an official plugin, we can install it using the Update Center:

1

Next we need to configure our Typescript application to run the sonar-scanner. Sonar Source provides scanners for several project types:

  • MSBuild (local, VSTS, TFS)
  • Maven
  • Gradle
  • Ant
  • Jenkins
  • Command Line

Since we are running Typescript only, the Command Line scanner is the obvious choice. If we add some third party packages, we can integrate the analysis with our grunt, gulp or npm tasks. There are several npm packages that can help us out here and my favourite being the sonarqube-scanner:
https://www.npmjs.com/package/sonarqube-scanner
npm install sonarqube-scanner –save-dev

This package depends on gulp and uses gulp tasks to run the scanner:
A simple gulp task is what we need:

var gulp = require('gulp');
var sonarqubeScanner = require('sonarqube-scanner');

gulp.task('sonar', function(callback) {
  sonarqubeScanner({
    serverUrl : "http://localhost:9000",
    options : {
    }
  }, callback);
});

Running gulp sonar starts the analysis and uploads the results to the SonarQube server. If all goes well you should see a lot of output messages. The important ones to look for:

  • INFO: Quality profile for ts: Sonar way
  • INFO: Sensor TypeScript Sensor
  • INFO: Running rule analysis for ../tsconfig.json with x files
  • INFO: Sensor TypeScript Sensor (done)
  • INFO: ANALYSIS SUCCESSFUL

And if you browse to the SonarQube dashboard, you should see the project and the results.

2.png

You can find the soure code here: https://github.com/yuriburger/sonar-ts-demo

/Y.

Advertisements

2 comments

  • Hi! Nice article!
    Just couple of things: you don’t need sonar-project.properties to use SonarTS as TSLint extension and probably you don’t need it as well for sonarqube-scanner for JS (the one you use) as it retrieves data from package.json. So dropping sonar-project.properties file should make no effect, especially as it mainly contains properties from community plugin for TS (https://github.com/Pablissimo/SonarTsPlugin)

    • Hi and thanks for the feedback!

      You are right about the TSLint and Sonar Scanner not needing the properties file, but the sonarqube scanner will actually honour the properties file if it is located in the project root. If it does not locatie the file it will default to the values from package.json (as you mentioned). I did not know that, thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s