Search Unity

  1. Unity 6 Preview is now available. To find out what's new, have a look at our Unity 6 Preview blog post.
    Dismiss Notice
  2. Unity is excited to announce that we will be collaborating with TheXPlace for a summer game jam from June 13 - June 19. Learn more.
    Dismiss Notice
  3. Dismiss Notice

Question Sonarqube And Unity (code Quality)

Discussion in 'Testing & Automation' started by bdovaz, Dec 5, 2016.

  1. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    1,063
    Hi,

    Has anyone used this tool before?

    We are evaluating if we can install and use it in our organization in combination with Jenkins.

    The problem I see is that there are rules that don't apply to Unity specific code like errors regarding:
    - Unused methods: Unity's magic "Awake, Start, ..."
    - [SerializeField] and fields that suggest in some cases adding "readonly" or similar that we can't because doing that it's going to hide from inspector.
    - And I'm sure there are a lot more.

    Can anyone on Unity Q&A help me? @QA-for-life @ElvisAlistar @Alex-Lian

    I also take this oportunity to inform that I have some bug reports that are stopping us from our internal Q&A pipeline to work:

    Particularly this that it's a problem for us or anyone trying to use a continuous integration tool like Jenkins:
    https://fogbugz.unity3d.com/default.asp?850673_2bhp57sqgnd7ch9p

    This is an API request because as you can see you only can target 64bits and in build settings there are 3 options (it's not consistent):
    https://fogbugz.unity3d.com/default.asp?850877_aeci1khcthpmd2qq
     
    IARI and Mikael-H like this.
  2. ElvisAlistar

    ElvisAlistar

    Unity Technologies

    Joined:
    Oct 2, 2013
    Posts:
    226
    Hi,

    We have tried using SonarQube on Unity's code base with moderate success. It's quite easy to setup and it works out of the box, but it does not support adding custom rules, which means that you are stuck with what it offers in the default C# analysis profile.

    I guess the only way to deal with Unity's magic methods being identified as Unused methods and so on is to mark those issues as False Positive. Assuming your code base isn't very large, it shouldn't take too long, and Sonar will ignore those in future analysis iterations of your code base.

    Regarding the bug reports, the first one is fixed and should be included in one of the upcoming Unity builds and the other one was answered by someone in QA (I recommend you reply to them if you have further questions).

    Hope this helps!
     
  3. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    1,063
    @ElvisAlistar They are working on it: http://stackoverflow.com/questions/...ng-it-with-unity-3d-tons-of-problems/41017874

    Can Unity staff help them? I don't know all reflection based messages across Unity classes.

    They want to release an update in a few days (ticket 1104 and 1105): https://jira.sonarsource.com/browse/SLVS-1105?jql=project = SLVS AND fixVersion = 1.22.0

    1.22.0 Rule fixes Release date: 13/Dec/16

    And I think that custom rules are possible but not easy to implement: https://github.com/meng-hui/UnityEngineAnalyzer

    And thanks for the bug reports updates!
     
    Last edited: Dec 8, 2016
  4. ElvisAlistar

    ElvisAlistar

    Unity Technologies

    Joined:
    Oct 2, 2013
    Posts:
    226
    Currently there is no direct collaboration between Unity and Sonar. Sounds like they are working on a solution to whitelist certain type of code in the rules, in which case that would allow anyone (including us) to provide more custom-based checks on Sonar for Unity code. We will keep an eye on their progress and future Sonar updates.
     
  5. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    1,063
    Ok, thanks. I'll reply on this thread if I see any change on Sonar regarding Unity.
     
  6. elhispano

    elhispano

    Joined:
    Jan 23, 2012
    Posts:
    52
    There is another tool similar to SonarWube thar works better with Unity? We are triying to improve our code quality ;)
     
  7. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    1,063
    The problem is not with Sonar itself, its because Unity has its "magic" using reflection and that's why we have many false-positives. Its a problem that you will face in any similar tool.
     
  8. Vandarthul

    Vandarthul

    Joined:
    Dec 23, 2012
    Posts:
    20
    Any news on this topic? Also, do you think it would be beneficial even with false positives?
     
  9. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    1,063
    I'm using it with Jenkins to analyze our codebase.

    I managed to get Sonar staff involved on this and they created rules to avoid some false positives:

    https://github.com/SonarSource/sonar-dotnet/issues/159
     
  10. Vandarthul

    Vandarthul

    Joined:
    Dec 23, 2012
    Posts:
    20
    Thanks for the information! I also would like to get your suggestion to use SonarQube. Does that help? How do you measure it?
     
  11. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    1,063
    Code coverage not because with Unity it's not possible but rules are really useful to avoid code smells or bugs that can be detected with static analysis.

    In our code base we want code that it's clean, performant and works without issues so yes, it helps.
     
  12. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    1,063
    @ElvisAlistar please move it to the appropriate subforum.

    Thanks.
     
  13. liortal

    liortal

    Joined:
    Oct 17, 2012
    Posts:
    3,562
    The SonarQube scanner for MSBuild supports OSX now and .Net core for some time now.

    Was anyone successful in setting up a SonarQube scan for their Unity codebase? (i am trying to run it from a Mac machine).
     
  14. SciPlayDave

    SciPlayDave

    Joined:
    Aug 9, 2017
    Posts:
    4
    I have gotten this working on macOS.

    My SonarQube instance is installed on a CentOS 7 system, so I am stuck with SonarQube 7.1 for the time being. This means that I cannot use build-wrapper-macosx-x86 as mentioned on https://docs.sonarqube.org/display/PLUG/Building+on+Mac+OS+X. I am not using the commercial version at this time. I am also doing all this through Jenkins.

    My basic process is like this:
    1. (Do this once before analyzing and periodically to update to newer releases.) Download the newest version of sonar-scanner-msbuild from https://github.com/SonarSource/sonar-scanner-msbuild/releases and extract somewhere in the
      $PATH
      . I just extracted mine in
      ~/bin
      . Run
      chmod +x ~/bin/sonar-scanner-*/bin/sonar-scanner*
      or you will get an
      Access Denied
      error when you call
      SonarScanner.MSBuild.exe end
      .
    2. (Do steps 2-10 each time you analyze.) Optionally, set
      VERSIONNAME
      to use in SQ to set a new leak period. If
      VERSIONNAME
      was set, run a script to pull the commit date from Bitbucket (see below). If you're not using Git (or equivalent), set
      COMMITDATE
      in the format
      yyyy-MM-dd
      i.e.
      2019-05-26
      (or
      yyyy-MM-ddTHH:mm:ssZ
      i.e.
      2019-05-26T15:42:06-0500
      for additional precision).
    3. To avoid any Unicode issues, set
      LANG=en_US.UTF-8
    4. Set the project key, name, and any other sonar options.
    5. Run Unity in batch mode and, among other things, have it call
      EditorApplication.ExecuteMenuItem("Assets/Open C# Project");
      to create the solution and related files for later use by Visual Studio.
    6. If
      VERSIONNAME
      is set, run
      . properties.sh
      to pull those values in as environment variables.
    7. Here, briefly, is where it gets spectacularly weird. You'll have to use the second script to:
      1. Link in the source files of any Unity Packages you're using. This step requires the
        jq
        utility that you can install using MacPorts or Homebrew.
      2. Move files that have been created with Windows backslash directory delimiters in the filenames into proper directory trees i.e.
        foo\bar\baz
        to
        foo/bar/baz
    8. Run
      mono SonarScanner.MSBuild.exe begin "/k:${PROJECTKEY}" "/n:${PROJECTNAME}" "/v:${VERSIONNAME}" "/d:sonar.projectDate=${COMMITDATE}" "/d:sonar.host.url=http://sonar.foo.com:9000" /d:sonar.login=${SonarQubeToken}
    9. Run
      msbuild /p:Configuration=Debug /p:Platform="Any CPU" /maxcpucount /nodeReuse:false /nologo /target:rebuild /verbosity:quiet solution.sln
    10. Run
      mono SonarScanner.MSBuild.exe end /d:sonar.login=${SonarQubeToken}
    Code (Bash):
    1. cat /dev/null > properties.sh
    2. JSON=$(curl --fail -k --silent --show-error https://jenkins:${PASSWORD}@stash.foo.com/rest/api/1.0/projects/${PROJECT}/repos/${REPOSITORY}/commits/HEAD)
    3. echo COMMIT=$(echo $JSON | jq -r '.id') >> properties.sh
    4. echo COMMITDATE=$(date -d @$(expr $(echo ${JSON} | jq -r '.committerTimestamp') / 1000) -Iseconds) >> properties.sh
    5. echo COMMITDATEPARAMETER="/d:sonar.projectDate=${COMMITDATE}" >> properties.sh
    Code (Bash):
    1. # Mimic the Unity Package Manager
    2. # ASSUMPTION: there is only one match of */Packages/manifest.json in the repository
    3. pushd $(find . -path '*/Packages/manifest.json' | rev | cut -d / -f 2- | rev)
    4. ln -s $(ls -d ${HOME}/Library/Unity/cache/packages/packages.unity.com/com.unity.standardevents* | tail -1) com.unity.standardevents
    5. /usr/local/bin/jq -r '.dependencies | to_entries | map("ln -s ${HOME}/Library/Unity/cache/packages/packages.unity.com/\(.key)@\(.value|tostring) \(.key)") | .[]' < manifest.json | sh
    6. popd
    7.  
    8. # Fix some Windows backslashes
    9. pushd ${TMPDIR}/.sonarqube/resources
    10. find . -name \*\\\\\* | tr \\ / | rev | cut -d / -f 2- | rev | sort -u | xargs -t mkdir -p
    11. for file in $(find . -name \*\\\\\* )
    12. do
    13.   mv -v "$file" "$(/bin/echo "$file" | tr \\ /)"
    14. done
    15. popd
     
    Last edited: May 26, 2019
  15. MiguelKing

    MiguelKing

    Joined:
    Apr 28, 2015
    Posts:
    5
    Scientific Dave, thank you!!!! I have been struggling with this for a week!!!!
     
  16. bdovaz

    bdovaz

    Joined:
    Dec 10, 2011
    Posts:
    1,063
    @ScientificDave I'm trying to configure sonar scanner with macOS (I already have it working on Windows) and it does all the process correctly without errors but I see tons of:

    WARN: File '{A C# script}' referenced by the protobuf 'MetricsInfo' does not exist in the analysis context
    WARN: File '{A C# script}' referenced by the protobuf 'TokenTypeInfo' does not exist in the analysis context
    WARN: File '{A C# script}' referenced by the protobuf 'SymbolReferenceInfo' does not exist in the analysis context

    And I get no code on sonar side.

    You know what that might be?

    Thanks.
     
  17. liortal

    liortal

    Joined:
    Oct 17, 2012
    Posts:
    3,562
    @bdovaz can you sure more details on how you have setup the runner on mac? which version did you use and how are you executing it ?
     
  18. thuatsi01

    thuatsi01

    Joined:
    Mar 14, 2020
    Posts:
    2
    Hi all,

    For checking code quality in local, I got successful. But, when I integrate my scripts with Unity Cloud build and I got the results:
    Code (CSharp):
    1. mono: command not found
    2. msbuild: command not found
    And I tried to install mono by using Homebrew, but still error occurs. The problems are that I don't have permission to install mono.

    Have someone had experience about this. Please share with me how to fix my problems.
    Thanks
     
    Last edited: Mar 16, 2020
  19. goldbug

    goldbug

    Joined:
    Oct 12, 2011
    Posts:
    774
    Last edited: Jun 23, 2022
  20. liortal

    liortal

    Joined:
    Oct 17, 2012
    Posts:
    3,562
    @goldbug are you using GitHub actions? i'd like to ask you what is the support for running Unity there? should you bring your own on-prem machine to run the actual build, or does your build pipeline need to install Unity on the VM? how does it work exactly ?

    Also, is SonarQube supported "out of the box" or you had to do some initial setup to get it up and running ?
     
  21. goldbug

    goldbug

    Joined:
    Oct 12, 2011
    Posts:
    774
    @liortal I wrote an action for github actions which you can find here:
    https://github.com/MirrorNG/unity-runner

    It runs on github runners, no need for on-prem runner

    some instructions are there in the readme for how to use it.

    MirrorNG is full blown example for how to use it to run unity tests + coverage + sonarqube
    Here is the github actions script:
    https://github.com/MirrorNG/MirrorNG/blob/master/.github/workflows/main.yml

    Copy whatever you want, it is all licensed under MIT. Drop a donation if you feel like it to mirror ;)

    At the time I wrote it, 2019.3 was not out yet, so it uses Unity 2019.3.0f1. I just haven't had the need to upgrade it. Pull requests accepted.
     
    Last edited: Apr 15, 2020
  22. staggeredPigeon

    staggeredPigeon

    Joined:
    Dec 16, 2020
    Posts:
    2
    @goldbug I don't know if I can reuse it, but that is beautiful work! Thanks for sharing.
     
  23. goldbug

    goldbug

    Joined:
    Oct 12, 2011
    Posts:
    774
    If you are concerned about my code license, it is all MIT. The docker image I am using downloads unity directly from unity's site, and you configure it with your own license. IANAL, but I don't think that violates any terms. MLAPI (which is owned by unity now) does the same thing (I configured it :))
     
  24. IARI

    IARI

    Joined:
    May 8, 2014
    Posts:
    70
    I am trying to set up Sonarqube but keep running into problems.
    From what I understand, to get sonar scanner to work, I have to compile the projects i want analyzed with msbuild outside of unity.
    I built an ubuntu based docker image that contains Unity, monodevel and sonarscanner.

    The ci runs a shell script containing the following lines:
    Code (csharp):
    1.  
    2. mono /opt/sonar-scanner-msbuild/SonarScanner.MSBuild.exe begin \
    3.   -k:"$SONAR_PROJECT_KEY" \
    4.   -d:sonar.host.url="$SONAR_HOST_URL" \
    5.   -d:sonar.login="$SONAR_TOKEN" \
    6.   -v:"$CI_COMMIT_TAG" \
    7.   -d:sonar.exclusions=Assets/**/Plugins/**/*
    8. msbuild Assembly-CSharp-Editor.csproj
    9. msbuild Assembly-CSharp.csproj
    10. mono /opt/sonar-scanner-msbuild/SonarScanner.MSBuild.exe end -d:sonar.login="$SONAR_TOKEN"
    11.  
    I do a SyncSolution right before this step. I can do CI-builds with Unity without problems - In Unity everything compiles perfectly fine.
    As soon as msbuild is run on Assembly-CSharp-Editor.csproj or Assembly-CSharp.csproj, there tons of missing type/namespace (CS0246) compiler errors.

    For example, I get
    error CS0246: The type or namespace name 'Common' could not be found​
    In one Assembly.
    That namespace Common comes from a "Common" assembly, which is properly referenced in the .asmdef of the first assembly. When I check the .csproj, it contains <ProjectReference Include="Common.csproj">.

    Also posted the problem including a minimal example within my project on Stackoverflow.
    I would be thankful for any ideas on how to approach this.
     
    Last edited: Nov 27, 2021
  25. IARI

    IARI

    Joined:
    May 8, 2014
    Posts:
    70
    It appears the problem was, that, while Unity 2020.3.1f1 generates Project references in the .csproj, they contain
    Code (CSharp):
    1. <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
    .
    See the microsoft docs .

    If anyone finds this:
    Theres a fix in I2019.3.12f1 Build Errors that helps.
    I do not yet know in which unity versions - or if at all - this is fixxed.
     
  26. vitaly_unity46

    vitaly_unity46

    Joined:
    Dec 13, 2021
    Posts:
    2
    I have an issue with my Unity project build. I generated .sln and .csproj files using Unity on Mac;
    and trying to use recommended GitHub Action for Sonarcloud.
    "dotnet build" fails because Unity.Timeline.Editor.csproj contains hardcoded location of Unity. I have no idea to to deal with it...
    TIA, Vitaly

    Code (CSharp):
    1. C:\Program Files\dotnet\sdk\5.0.403\Roslyn\Microsoft.CSharp.Core.targets(71,5): error MSB6004: The specified task executable location "/Applications/Unity/Hub/Editor/2020.3.23f1/Unity.app/Contents/Tools/RoslynScripts\unity_csc.sh" is invalid.
     
  27. Huszky

    Huszky

    Joined:
    Mar 25, 2018
    Posts:
    109
    @vitaly_unity46 you can't use the dotnet CLI to build the .sln file generated by unity, you need to use MSBuild. Also you need to have Unity installed on the runner (computer or container)
     
  28. Taggler

    Taggler

    Joined:
    Apr 13, 2018
    Posts:
    6
    @goldbug can you share your quality gate settings as well. Thanks a lot!
     
  29. goldbug

    goldbug

    Joined:
    Oct 12, 2011
    Posts:
    774
  30. unity_88F5AD6843FE4D865395

    unity_88F5AD6843FE4D865395

    Joined:
    Dec 8, 2021
    Posts:
    3