Hands-On Lab
Managing Technical Debt with Team
Foundation Server 2015 and SonarQube
Lab version:
14.0.23107.0
Last updated:
9/11/2015
TABLE OF CONTENT
MANAGING TECHNICAL DEBT WITH TEAM FOUNDATION SERVER 2015 AND SONARQUBE ..... 1
OVERVIEW ...................................................................................................................................... 3
Prerequisites ............................................................................................................................ 3
About the Fabrikam Fiber Scenario ......................................................................................... 3
Exercises................................................................................................................................... 4
EXERCISE 1: INSTALL AND CONFIGURE SONARQUBE AND SONARQUBE MSBUILD RUNNER ............................. 5
EXERCISE 2: ANALYZING PROJECTS USING XAML BUILDS ......................................................................... 9
EXERCISE 3: UNDERSTAND SONARQUBE ANALYSIS RESULTS ................................................................... 17
EXERCISE 4: ANALYZING PROJECTS USING TEAM FOUNDATION BUILD 2015 (BUILD VNEXT) ......................... 22
Overview
Technical debt is the set of problems in a development effort that make forward progress on customer
value inefficient. Technical debt saps productivity by making code hard to understand, fragile, timeconsuming to change, difficult to validate, and creates unplanned work that blocks progress. Technical
debt saps an org's strength due to high costs in customer support, and, eventually, some combination of
these issues creates a larger problem that someone runs into. Technical debt is insidious. It starts small
and grows over time through rushed changes, lack of context and lack of discipline. It can materialize
out of nowhere even for a project regarded as clean at some point in time, due to a change in project
circumstances: prototype code may be promoted to serve as the basis for a feature; code produced for
the U.S. market may be proposed for international, instantly creating debt related to localizability;
technologies evolve, but the app doesn’t keep up.
In this lab, you will be introduced to Technical debt, how to configure your Team Build Definitions to use
SonarQube, how to understand the analysis results and finally how to configure quality profile to control
the rule set used by SonarQube for analyzing your project.
SonarQube is an open source platform for understanding and managing technical debt, it provides
different ways to analyze and measure technical quality from project portfolio to method.
Prerequisites
In order to complete this lab, you will need:
1) The Visual Studio 2015 virtual machine provided by Microsoft. For more information on acquiring and
using this virtual machine, please see this blog post.
2) You will need to manually install SonarQube on the above virtual machine using the recommended
installation guide created by the Visual Studio ALM Rangers, please see this installation guide on GitHub.
Alternatively, you may follow exercise 1 in this lab to install and configure SoanrQube for demo and
evaluation purposes.
3) You will need to manually install Team Foundation 2013 Object model on the virtual machine.
About the Fabrikam Fiber Scenario
This set of hands-on-labs uses a fictional company, Fabrikam Fiber, as a backdrop to the scenarios you
are learning about. Fabrikam Fiber provides cable television and related services to the United States.
They are growing rapidly and have embraced Windows Azure to scale their customer-facing web site
directly to end-users to allow them to self-service tickets and track technicians. They also use an onpremises ASP.NET MVC application for their customer service representatives to administer customer
orders.
In this set of hands-on labs, you will take part in a number of scenarios that involve the development
and testing team at Fabrikam Fiber. The team, which consists of 8-10 people, has decided to use Visual
Studio application lifecycle management tools to manage their source code, run their builds, test their
web sites, and plan and track the project.
Exercises
This hands-on lab includes the following exercises:
1. Exercise 1: Install and Configure SonarQube and SonaQube MSBuild Runner
2. Exercise 2: Analyzing Projects using XAML Builds.
3. Exercise 3: Understand SonarQube Analysis Results.
4. Exercise 4: Analyzing projects using Team Foundation Build 2015 (Build vNext)
Estimated time to complete this lab: 60 minutes.
Exercise 1: Install and Configure
SonarQube and SonarQube MSBuild
Runner
In this exercise, you will learn about the main installation and configuration points required to install
and configure SonarQube for demo purposes.
Note: The steps provided below are the main steps needed to install SonarQube and SonarQube
MSBuild Runner on this VM for demo and evaluation purposes. We recommend following the
installation guide created by the Visual Studio ALM Rangers for more detailed instructions, please see
this installation guide on GitHub.
1. Download SonarQube 5.1.2 and MSBuild SonarQube Runner from the SonarQube downloads.
Figure 1 SonarQube Download Page
2. Download Java SE Runtime Environment (JRE) from the Oracle Jave SE downloads page. Select
the Download under JRE. Select Accept License Agreement and click the Windows x64 that
points to exe file. Run the file to install Java runtime on the VM.
Figure 2 JRE Download page on Oracle
3. Download the latest sonar-csharp-plugin-X.Y.jar available from the C# Plugin page, on the
SonarQube site.
Figure 3 C# Plugin download page
4. Log in as Julia (VSALM\Julia). All user passwords are P2ssw0rd.
5. Copy sonarqube-5.1.2.zip, jre-8u45-windows-xXX.exe and sonar-csharp-plugin-X.Y.jar to the
virtual machine.
6. Install Java SE Runtime Environment on the VM.
7. Right-click on sonarqube-5.1.2.zip, select Properties and then click on the Unblock button
8. Unzip SonarQube-x.x.zip on to a folder, for example use C:\SonarQube\SonarQube-5.1.2
9. In the extracted folder navigate to Conf folder, edit sonar.properties file to change the default
web port. By default, SonarQube uses port 9000 which is currently being used in the virtual
machine for FabrikamFiber QA web site (FF QA). For the purpose of this lab you can provide port
9090.
a. Uncomment #sonar.web.port and change the port number to any available port, for
example 9090
10. Copy sonar-csharp-plugin-X.Y.jar to SonarQube directory (C:\SonarQube\SonarQube-5.1.2\)
under extensions\plugins\ subdirectory.
11. Run SonarQube by opening a command prompt and change the directory to SonarQube
extracted folder cd C:\SonarQube\SonarQube-5.1\bin\windows-x86-64 and Run StartSonar.bat.
Wait until you get a confirmation on the command prompt that the process is up and running
Figure 4 SonarQube Server Starting Up
12. Open you browser and navigate to http://vsalm:9090 to access the SonarQube portal
Figure 5 SonarQube Dashboard
13. Right-click on MSBuild.SonarQube.Runner-x.x, select Properties and then click on the Unblock
button. Extract the zip file to a folder. Example: C:\SonarQube\MSBuild.SonarQube.Runner-1.0
14. Open C:\SonarQube\MSBuild.SonarQube.Runner-x.x\SonarQube.Analysis.xml in notepad and
change the SonarQube server address in sonar.host.url property to http://vsalm:9090
Figure 6 Editing Sonar address in SonarQube.Analysis.xml
Exercise 2: Analyzing Projects using
XAML Builds
In this exercise, you will learn about the main configuration points that are needed to integrate Team
Foundation Server build with SonarQube, performing code analysis on a sample project, and access the
analysis result from build summary and SonarQube project dashboard.
1. Log in as Julia (VSALM\Julia). All user passwords are P2ssw0rd.
2. Launch Visual Studio 2015 from the taskbar and open Team Explorer. You should now be
connected to the FabrikamFiber team project. If you are not automatically connected to the
FabrikamFiber project, select the Connect to Team Projects button (
) to do so.
Figure 7
Connecting to Team Explorer - Home
3. Select the Builds tile.
Figure 2
Location of Builds tile
4. Click the New Build Definition link under XAML Build Definitions section.
Figure 3
New Build Definitions
5. Provide a build definition name “Nightly Fabrikam (Dev-Sonar)”
6. In the Source Settings, configure this build to point to FabrikamFiber Dev branch
Figure 4
Source Settings
7. In the Process tab, make sure you select one of the standards process templates.
Note: One of the standard Team Build workflow templates for TFS2015 (GitTemplate.12.xaml
or TfvcTemplate.12.xaml) and that the standard Microsoft build targets are used.
8. While in Process tab,
a. Within the 2. Build section, expand the 5. Advanced section and set the following properties
in the Advanced section:
i. Set the Pre-build script path to the full path to MSBuild.SonarQube.Runner.exe
ii. Set the Pre-build script arguments to contain the following four arguments:
a. begin
b. /key:{the project key of the SonarQube project to which the build definition relates}
c. /name:{the project name of the SonarQube project}
d. /version:{the project version of the SonarQube project}
Note: The aliases /k:, /n: and /v: can also be used and If any of the arguments contain spaces
then that argument needs to be surrounded by double-quotes e.g. /name:”My Project Name”.
So pre-build scrip argument should look like begin /k:FabrikamFiber /n:FabrikamFiber
/v:1.0
Figure 5
Pre-build Settings
b. Click on the expander for the 2. Advanced section under 3. Test to display the advanced test
settings.
i.
Set the Post-test script path to the full path to MSBuild.SonarQube.Runner.exe
ii.
Set the Post-test script arguments to contain the following argument:
a. end
Figure 6
Post-Test Settings
9. Press Ctrl + S to save the build definition. Everything should now be in place for a continuous
integration scenario where a source check in will trigger both a build and a release.
10. Right-click on the build definition “Nightly Fabrikam (Dev-Sonar)” in the Team Explorer window
and select “Queue New Build…” from the context menu.
Figure 7
Queue New Build option
Note: Build agent must have the TFS 2013 Object Model installed to perform a successful
analysis, please make sure you downloaded and installed the TFS 2013 Object Model from the
Visual Studio Gallery
Note: You may run into a situation where you can’t install TFS 2013 Object Model on the VM if
it’s not connected to the internet. As a workaround extract the TFS Object Model on the host
machine from the setup file using /layout switch parameter from command line and copy the
extracted folder to VM then run the installation again.
11. Once clicked, in Team Explorer – Builds, you should see that a build is currently shown under
My Builds section.
Figure 8
My builds
12. Wait for the build to finish and then double click the build name from My Builds to open he
build summary.
Figure 9
Build Summary
13. In the build summary report, you’ll be able see a new summary section entitled “SonarQube
Analysis Summary”, click “Analysis results” hyperlink.
Figure 10
SonarQube Analysis Summary
14. You should be able to see the SonarQube project dashboard with the detailed analysis on
SonarQube portal
Figure 11
FabrikamFiber Project Dashboard
Exercise 3: Understand SonarQube
Analysis Results
In this exercise, you will learn how to understand the analysis results and the main SonarQube portal
sections that you should look at to understand the Technical Debt associated with your project.
Note: If you are interested in learning more about SonarQube dashboards, please see this user
guide on SonarQube.
1. Log in as Julia (VSALM\Julia). All user passwords are P2ssw0rd.
2. Launch Visual Studio 2015 from the taskbar and open Team Explorer. You should now be
connected to the FabrikamFiber team project. If you are not automatically connected to the
FabrikamFiber project, select the Connect to Team Projects button (
Figure 82
Connecting to Team Explorer - Home
3. Select the Builds tile.
) to do so.
Figure 13
Location of Builds tile
4. Right click the “Nightly Fabrikam (Dev-Sonar)” and select “View Builds” to display the list of
recent builds.
Figure 14
List of completed builds
5. Double click the recent successful build to open the build summary.
Figure 15
Build Summary
6. While in build summary, click on “Analysis results” link under “SonarQube Analysis Summary”,
to open the project dashboard on SonarQube portal. SonarQube project dashboard consists of
multiple boxes called widget which display a specific information about the analyzed project
like line of codes, duplications, complexity, technical debt, SQALE rating and more that you can
add by customizing the dashboard widgets.
Figure 16
FabrikamFiber Project Dashboard
7. From dashboard you will be able to see the Technical Debt ratio associated with your project as
well as a summary of all the issues generated from the analysis.
Figure 17
Technical Debt Ration and issues list
8. Click on Issues link to navigate the list of coding standards issues, SonarQube raises an issue
every time a piece of code breaks a coding rule. By default, it shows unresolved issues of all
severities, from all projects, grouped by file.
Note: The set of coding rules is defined through the quality profile associated with the project,
please see Quality Profiles documentation for more details.
Figure 18
Issues List
9. While you are in the Issues list, click on any issue to access the issue details, you will be able to
drill down to the line of code generating such issue. You can filter the issues based used
different filtering options shown on the left side.
Figure 19
Issues details
Exercise 4: Analyzing projects using
Team Foundation Build 2015 (Build
vNext)
Note: in order to complete this exercise successfully, you have to install and configure a build agent,
follow the companion lab “Introduction to Team Foundation Build 2015 (vNext)” for the detailed steps.
In this exercise, you will learn about the main configuration points that are needed to integrate Team
Foundation Server Build 2015 (formerly referred to as Build vNext) with SonarQube, performing code
analysis on a sample project, and access the analysis result from build summary and SonarQube project
dashboard.
It is currently possible to perform SonarQube analysis in the new build system on an on-premise build
agent by using the general-purpose "Command Line" task to call MSBuild.SonarQube.Runner.exe (i.e. to
do the same job as the "Pre-Build script"/"Post-Build script" steps in a XAML build
Note: The intention is to provide custom tasks to make the process of performing SonarQube analysis
in the TFS build system straightforward. The proposed custom build tasks will also make it possible to
run SonarQube analysis on hosted build agents.
At the time this lab been written, two SonarQube build tasks are available on Visual Studio Online,
please read this announcement.
1. Log in as Julia (VSALM\Julia). All user passwords are P2ssw0rd.
2. Launch Internet Explorer from the taskbar and select the TFS FF Portal button from the
favorites bar at the top.
Figure 20
Launching the web portal
3. Select the Build navigation link.
4. In the Explorer view, the definitions for the new build system are shown under the Build
Definitions heading, while the XAML-based definitions are now shown under XAML
Definitions heading. Click the Actions button (green plus).
Figure 21
Create a new Build vNext definition
5. The Definition Templates dialog lists a few different build templates that you can start with
in order to build and test using Visual Studio, Xamarin, and Xcode. Alternatively, you can
also simply start with an Empty definition and add in the tasks that you need. Select Visual
Studio and click Ok.
Figure 22
Visual Studio Build Definition
6. The new build definition is initially setup with build steps that initiate a Visual Studio build,
then a test step, publication of symbols for archival, and finally publishing the build output to
a drop location. These steps are all defined on the Build tab. Provide the needed information
to build you solution by configuring each build tasks parameters.
Figure 23
Build Steps
7. Add Command Line build step before the Visual Studio Build step and after the Visual
Studio Test step by clicking on Add build step…
Figure 24
Add build step
8. In Add Build Steps dialog, choose Utility tab and on Command Line step click Add button
twice
Figure 25
Add command Line step
9. In the first Command Line build step (pre-build):
o
o
set the Tool field to point to the MSBuild.SonarQube.Runner.exe
supply the necessary arguments in the Arguments field e.g. begin /key:FabrikamFiber
/name:FabrikamFiber /version:1.0
Figure 26
Pre-Build Command Line arguments and tool
10. In the second Command Line build step (post-build):
o
o
set the Tool field to point to the MSBuild.SonarQube.Runner.exe
set the Arguments field to end
Figure 27
Post-Build Command Line arguments and tool
11. Save the build definition
Figure 28
Save dialog
12. Click the Queue Build button to queue a new build.
Figure 29
Queue Build
13. Wait for the build to finish and make sure that pre-build and post-build steps has been
executed successfully.
Figure 30
Build Summary
14. Unlike the XAML build, there is no summary section for SonarQube. To access the analysis
results you can navigate directly to SonarQube portal and select your project. Alternatively,
you can access the project dashboard URL by copying it from log information for the postbuild command line
Figure 31
Project Dashboard URL
15. You should be able to see the SonarQube project dashboard with the detailed analysis on
SonarQube portal by just copy the URL and past it in a new browser tab. SonarQube project
dashboard will show the last analysis time on the top corner.
Figure 32
Project Dashboard
1.
To give feedback please write to [email protected]
Copyright © 2017 by Microsoft Corporation. All rights reserved.