# Help Wanted Sonarqube And Unity (code Quality)

Discussion in 'Testing & Automation' started by N3uRo, Dec 5, 2016.

1. ### N3uRo

Joined:
Dec 10, 2011
Posts:
622
Hi,

Has anyone used this tool before?

We are evaluating if we can install and use it in our organization in combination with Jenkins.

The problem I see is that there are rules that don't apply to Unity specific code like errors regarding:
- Unused methods: Unity's magic "Awake, Start, ..."
- [SerializeField] and fields that suggest in some cases adding "readonly" or similar that we can't because doing that it's going to hide from inspector.
- And I'm sure there are a lot more.

Can anyone on Unity Q&A help me? @QA-for-life @ElvisAlistar @Alex-Lian

I also take this oportunity to inform that I have some bug reports that are stopping us from our internal Q&A pipeline to work:

Particularly this that it's a problem for us or anyone trying to use a continuous integration tool like Jenkins:
https://fogbugz.unity3d.com/default.asp?850673_2bhp57sqgnd7ch9p

This is an API request because as you can see you only can target 64bits and in build settings there are 3 options (it's not consistent):
https://fogbugz.unity3d.com/default.asp?850877_aeci1khcthpmd2qq

### Unity Technologies

Joined:
Oct 2, 2013
Posts:
214
Hi,

We have tried using SonarQube on Unity's code base with moderate success. It's quite easy to setup and it works out of the box, but it does not support adding custom rules, which means that you are stuck with what it offers in the default C# analysis profile.

I guess the only way to deal with Unity's magic methods being identified as Unused methods and so on is to mark those issues as False Positive. Assuming your code base isn't very large, it shouldn't take too long, and Sonar will ignore those in future analysis iterations of your code base.

Regarding the bug reports, the first one is fixed and should be included in one of the upcoming Unity builds and the other one was answered by someone in QA (I recommend you reply to them if you have further questions).

Hope this helps!

3. ### N3uRo

Joined:
Dec 10, 2011
Posts:
622
@ElvisAlistar They are working on it: http://stackoverflow.com/questions/...ng-it-with-unity-3d-tons-of-problems/41017874

Can Unity staff help them? I don't know all reflection based messages across Unity classes.

They want to release an update in a few days (ticket 1104 and 1105): https://jira.sonarsource.com/browse/SLVS-1105?jql=project = SLVS AND fixVersion = 1.22.0

1.22.0 Rule fixes Release date: 13/Dec/16

And I think that custom rules are possible but not easy to implement: https://github.com/meng-hui/UnityEngineAnalyzer

And thanks for the bug reports updates!

Last edited: Dec 8, 2016

### Unity Technologies

Joined:
Oct 2, 2013
Posts:
214
Currently there is no direct collaboration between Unity and Sonar. Sounds like they are working on a solution to whitelist certain type of code in the rules, in which case that would allow anyone (including us) to provide more custom-based checks on Sonar for Unity code. We will keep an eye on their progress and future Sonar updates.

5. ### N3uRo

Joined:
Dec 10, 2011
Posts:
622
Ok, thanks. I'll reply on this thread if I see any change on Sonar regarding Unity.

6. ### elhispano

Joined:
Jan 23, 2012
Posts:
47
There is another tool similar to SonarWube thar works better with Unity? We are triying to improve our code quality

7. ### N3uRo

Joined:
Dec 10, 2011
Posts:
622
The problem is not with Sonar itself, its because Unity has its "magic" using reflection and that's why we have many false-positives. Its a problem that you will face in any similar tool.

8. ### Vandarthul

Joined:
Dec 23, 2012
Posts:
19
Any news on this topic? Also, do you think it would be beneficial even with false positives?

9. ### N3uRo

Joined:
Dec 10, 2011
Posts:
622
I'm using it with Jenkins to analyze our codebase.

I managed to get Sonar staff involved on this and they created rules to avoid some false positives:

https://github.com/SonarSource/sonar-dotnet/issues/159

10. ### Vandarthul

Joined:
Dec 23, 2012
Posts:
19
Thanks for the information! I also would like to get your suggestion to use SonarQube. Does that help? How do you measure it?

11. ### N3uRo

Joined:
Dec 10, 2011
Posts:
622
Code coverage not because with Unity it's not possible but rules are really useful to avoid code smells or bugs that can be detected with static analysis.

In our code base we want code that it's clean, performant and works without issues so yes, it helps.

12. ### N3uRo

Joined:
Dec 10, 2011
Posts:
622
@ElvisAlistar please move it to the appropriate subforum.

Thanks.

13. ### liortal

Joined:
Oct 17, 2012
Posts:
3,179
The SonarQube scanner for MSBuild supports OSX now and .Net core for some time now.

Was anyone successful in setting up a SonarQube scan for their Unity codebase? (i am trying to run it from a Mac machine).

14. ### ScientificDave

Joined:
Aug 9, 2017
Posts:
1
I have gotten this working on macOS.

My SonarQube instance is installed on a CentOS 7 system, so I am stuck with SonarQube 7.1 for the time being. This means that I cannot use build-wrapper-macosx-x86 as mentioned on https://docs.sonarqube.org/display/PLUG/Building+on+Mac+OS+X. I am not using the commercial version at this time. I am also doing all this through Jenkins.

My basic process is like this:
1. (Do this once before analyzing and periodically to update to newer releases.) Download the newest version of sonar-scanner-msbuild from https://github.com/SonarSource/sonar-scanner-msbuild/releases and extract somewhere in the
$PATH . I just extracted mine in ~/bin . Run chmod +x ~/bin/sonar-scanner-*/bin/sonar-scanner* or you will get an Access Denied error when you call SonarScanner.MSBuild.exe end . 2. (Do steps 2-10 each time you analyze.) Optionally, set VERSIONNAME to use in SQ to set a new leak period. If VERSIONNAME was set, run a script to pull the commit date from Bitbucket (see below). If you're not using Git (or equivalent), set COMMITDATE in the format yyyy-MM-dd i.e. 2019-05-26 (or yyyy-MM-ddTHH:mm:ssZ i.e. 2019-05-26T15:42:06-0500 for additional precision). 3. To avoid any Unicode issues, set LANG=en_US.UTF-8 4. Set the project key, name, and any other sonar options. 5. Run Unity in batch mode and, among other things, have it call EditorApplication.ExecuteMenuItem("Assets/Open C# Project"); to create the solution and related files for later use by Visual Studio. 6. If VERSIONNAME is set, run . properties.sh to pull those values in as environment variables. 7. Here, briefly, is where it gets spectacularly weird. You'll have to use the second script to: 1. Link in the source files of any Unity Packages you're using. This step requires the jq utility that you can install using MacPorts or Homebrew. 2. Move files that have been created with Windows backslash directory delimiters in the filenames into proper directory trees i.e. foo\bar\baz to foo/bar/baz 8. Run mono SonarScanner.MSBuild.exe begin "/k:${PROJECTKEY}" "/n:${PROJECTNAME}" "/v:${VERSIONNAME}" "/d:sonar.projectDate=${COMMITDATE}" "/d:sonar.host.url=http://sonar.foo.com:9000" /d:sonar.login=${SonarQubeToken}
9. Run
msbuild /p:Configuration=Debug /p:Platform="Any CPU" /maxcpucount /nodeReuse:false /nologo /target:rebuild /verbosity:quiet solution.sln
10. Run
mono SonarScanner.MSBuild.exe end /d:sonar.login=${SonarQubeToken} Code (Bash): 1. cat /dev/null > properties.sh 2. JSON=$(curl --fail -k --silent --show-error https://jenkins:${PASSWORD}@stash.foo.com/rest/api/1.0/projects/${PROJECT}/repos/${REPOSITORY}/commits/HEAD) 3. echo COMMIT=$(echo $JSON | jq -r '.id') >> properties.sh 4. echo COMMITDATE=$(date -d @$(expr$(echo ${JSON} | jq -r '.committerTimestamp') / 1000) -Iseconds) >> properties.sh 5. echo COMMITDATEPARAMETER="/d:sonar.projectDate=${COMMITDATE}" >> properties.sh
Code (Bash):
1. # Mimic the Unity Package Manager
2. # ASSUMPTION: there is only one match of */Packages/manifest.json in the repository
3. pushd $(find . -path '*/Packages/manifest.json' | rev | cut -d / -f 2- | rev) 4. ln -s$(ls -d ${HOME}/Library/Unity/cache/packages/packages.unity.com/com.unity.standardevents* | tail -1) com.unity.standardevents 5. /usr/local/bin/jq -r '.dependencies | to_entries | map("ln -s${HOME}/Library/Unity/cache/packages/packages.unity.com/\(.key)@\(.value|tostring) \(.key)") | .[]' < manifest.json | sh
6. popd
7.
8. # Fix some Windows backslashes
9. pushd ${TMPDIR}/.sonarqube/resources 10. find . -name \*\\\\\* | tr \\ / | rev | cut -d / -f 2- | rev | sort -u | xargs -t mkdir -p 11. for file in$(find . -name \*\\\\\* )
12. do
13.   mv -v "$file" "$(/bin/echo "\$file" | tr \\ /)"
14. done
15. popd

Last edited: May 26, 2019