A demonstration of integrating Robocop static code analysis reports into SonarQube for Robot Framework projects.
This repository is a demonstratation of how you can import Robocop analysis report into your SonarQube project. Robocop is a static code analysis tool for Robot Framework code. Robot Framework is a generic open-source test automation framework. SonarQube is the most popular static code analysis tool which supports 29 programming languages. However, SonarQube does not support Robot Framework language out-of-the-box.
The repository contains a few functional tests using Robot Framework Browser library. The static code analysis of Robot Framework code is performed using Robocop which generates an analysis report. Finally, this Report is imported to SonarQube server.
- Robot Framework v7.0.1
- Broswer Library v18.8.0
- Robocop v5.4.0
- SonarQube v9.8 or higher
Whenever the developer pushes new code to the repository, GitHub Action is triggered. The workflow of GitHub Action first runs the Robocop analysis to generate an output report in SARIF format. Then, the SARIF report is imported into the SonarQube Server running on GCE Instance.
- Install Python 3.8 or newer, precondition for Robot Framework.
- Install Node.js, precondition for Browser Library.
- Clone the repository:
git clone https://github.com/Uqqasha/robocop-sonarqube-integration.git
- Navigate to the project directory.
- (Optional) Create Python virtual environment.
- on macOS/Linux:
python3 -m venv .venv source .venv/bin/activate - on Windows:
python3 -m venv .venv .venv\Scripts\activate
- on macOS/Linux:
- Install dependencies:
pip install -r requirements.txt
- Initialize Browser Library:
rfbrowser init
For this demonstration, the SonarQube server is hosted on a Google Cloud Compute Engine (GCE) Instance by running it as a Docker container inside the Instance. The steps provided below are specific to Google Cloud. However, SonarQube server can be hosted anywhere, either on your local machine or another cloud platform, as long as it is publicly accessible.
- Create a GCE Instance with a Public IP in any available region and zone.
- SSH into the created Instance.
- Install Docker in the Instance.
- (Optional) If you want to use docker commands without sudo:
sudo usermod -aG docker $USER newgrp docker
- (Optional) If you want to use docker commands without sudo:
- Pull the SonarQube Docker Image and run the SonarQube Container:
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community
- Since we map port 9000 on the host machine to port 9000 on the container, remember to allow port 9000 on GCE Instance for inggress by adding the Firewall Rule from Google Cloud Console.
- Copy the Public IP Address of your GCE Instance and paste it in a web browser with port 9000 appended at the end:
https://<Public-IP>:90000
- You will see the SonarQube Server login page. The default credentials for admin are:
Login: admin Password: admin
- You will be prompted to update the admin credentials. After that, SonarQube dashboard will appear.
- Set the following GitHub Secrets in your repository:
Name Value SONAR_TOKEN Enter an existing token or a newly created one for your SonarQube project SONAR_HOST_URL The hostname of your SonarQube Server - The SonarQube configuration file is sonar-project.properties.
- sonar.projectKey: Specifies the SonarQube project key.
- sonar.sarifReportPaths: Specifies the SARIF report file to be imported during analysis.
The configuration file for Robocop is .robocop.
- --configure return_status:quality_gate:E=0:W=-1:I=-1
- By default, the return status of Robocop command is the number of issues reported. For example, if Robocop found 2 Errors, 3 Warnings, and 3 Info issues, the return status of the command will be 8. In GitHub Actions, if the return status of a command is any value other than 0, the workflow returns with a failure at that point. To overcome this behavior, this setting is configured in Robocop. -1 means that return status is not affected by number of issues.
- --reports all,sarif
- This option tells Robocop to generate all default reports and a SARIF report.
- --configure sarif:report_filename:robot.sarif.json
- This option configures the name of SARIF output report.
To run the workflow, simply push to your repository's main branch and the GitHub Action will be triggered.
To run Robocop analysis outside of GitHub Action workflow, simply run the following command from project's root directory:
robocopIt will automatically detect all the Robot Framework files in the directory and sub-directories. Options for robocop command can be configured in the .robocop file or through command-line as well.
To run Robot Framework tests:
~> robot [OPTIONS] file_name.robot
OPTIONS:
--outputdir <dir>, --d <dir> Defines where to create output files
--include <tag>, -i <tag> Include test cases with this tag
--exclude <tag>, -e <tag> Exclude test cases with this tag
--variable <name:value>, -v <name:value> Sets individual variables
EXAMPLE:
robot -d .\Output\ -i login -v HEADLESS:TRUE .\Tests\saucedemo.robot