A plugin is a Set of Extensions
A SonarQube plugin is a set of Java objects that implement extension points. These extension points are interfaces or abstract classes which model an aspect of the system and define contracts of what needs to be implemented. They can be for example pages in the web application or sensors generating measures.
The extensions implemented in the plugin must be declared in a Java class extending org.sonar.api.Plugin. This class must then be declared in the pom with the property <pluginClass>:
The sonar-plugin packaging accepts advanced parameters.
An extension point is a point in the application where plugin code can be invoked, such as webapp page or code analyzer. Extension points are generally interfaces that can be implemented by plugins. Implementations have to be declared in the method org.sonar.api.SonarPlugin#getExtensions() and are then injected in the IoC container.
The extension points are listed and documented in the Javadoc. See http://docs.sonarsource.org/latest/apidocs/index.html?org/sonar/api/Extension.html.
A SonarQube analysis follow the following lifecycle:
- Bootstrapper (SonarQube Maven Plugin, SonarQube Runner, SonarQube Ant Task) collects a set of properties describing the project to analyze and starts the batch.
- ProjectBuilder extensions are called to give a chance for plugins to change project structure (add/remove module, change any property). After this step project structure can't be modified.
- For each module (bottom-up):
- Initializer extensions are called to give a chance to customize module configuration (add/remove sources, change any property)
- SonarQube FileSystem is constructed (ie list of files to analyze). All project files are indexed according to configuration (inclusions/exclusions). After this step the FileSystem can't be modified.
- Sensor extensions are called. Usually to add measures/issues on files.
- Decorator extensions are called bottom-up on each element of the resource tree (File -> Directory -> Module -> Project). Usually to aggregate measures or compute "level-2" issues (issues based on result of sensors).
- All collected data (measures, issues, ...) are persisted. No addition for this module are permitted after this step.
- Results of analysis are sent to the server
- PostJob extensions are called. A PostJob can access all results of the analysis but not change anything. Used for example to produce various reports (PDF, CSV).
Sensor or Decorator?
There are two extension points that allow plugins to save measures: Sensor and Decorator. A common problem when writing a plugin is to decide which one to use.
A Sensor is invoked once during the analysis of a project. The sensor can parse a flat file, connect to a web server... For example the Cobertura Sensor is able to parse the cobertura XML report file generated during execution of your tests and used to save the first-level of measures on resources (project, package or class).
A sensor can access and save measures on the whole tree of resources. Sensor are generally used to add measure at the lowest level of the resource tree.
Decorators are triggered once all sensors have completed. Their decorate method is called on every resource of a certain level bottom up. Decorators can read and save measures. The call is contextual, i.e it is only possible to access the resource and its children.
Decorators are generally used to consolidate / aggregate at higher levels, measures saved by Sensors at the lowest level.
How to Reuse Existing Components
Extensions are registered in an IoC container, with constructor injection. To communicate with other extensions or with existing components provided by the API, just declare them in the constructor of your extension. For example to get references on FileSystem or ActiveRules:
References will be automatically set at runtime.
How to Quickly Start the Plugin
As described in the Getting Started page, you can build sources, copy the JAR file to the directory extensions/plugins/ and restart the server. But this approach can quickly become tedious. The following solutions help to edit code without leaving your development environment:
Changes on Java code
The sonar-dev-maven-plugin lets you start a SonarQube server and deploy your plugin.
Once the server is launched, hit http://localhost:9000. By default, the in-process database (H2, or Derby prior to SonarQube 3.2) is used but you can specify a local MySQL instance instead with the property "-Dsonar.database=mysql". In that case, the sonar schema must exist in the MySQL DB along with the user sonar/sonar (login/password) which must have all rights on the sonar schema.
Then you can feed the database by inspecting projects:
We've gathered all our debugging tips into this page.
How to Use External Libraries
A plugin benefits from all the dependencies provided by the API. Execute the following command on your plugin to list them:
Since version 2.2, the plugin classloader is isolated from other plugins, so it can embedd its own dependencies. Just define the dependencies you need with the scope 'compile'.
- Libraries used for GWT compilation must be defined with scope provided
- The plugin classloader is a child of the Sonar classloader, with a parent-first delegation model. There are two consequences:
- Sonar libraries are automatically inherited. Their versions can not be changed.
- There are side-effects on some libraries, for example the classloader must be explicitly set for XStream:
How to Log
SLF4J is used as a simple facade of various logging frameworks (log4j, commons-log, logback, java.util.logging). It's simple to use:
Read the SLF4J manual for more details.
How to Get Configuration
org.sonar.api.config.Settings provides properties for batch extensions (global/project settings, command-line parameters, system properties) and server extensions (global settings, system properties, file $SONAR_HOME/conf/sonar.properties). It replaces Apache Commons Configuration that is deprecated since release 2.12.
To benefit from advanced features (default value, availability in the settings page), properties should be declared on the Plugin entry point or on extensions:
Persistent properties are also accessible from the Web Service named 'properties'. To exclude some properties from anonymous requests, add the suffix ".secured" to the key (
my.property.secured). It can be useful for license keys for example.
Steps to cover a new language
- Write the grammar. This is the hardest part.
- Write a parser (a parser simply takes a grammar, an input, and will parse it, yielding a parse tree).
- Test your grammar, to ensure it is able to parse your real-life language files.
- Write a few parse tree visitors. Some visitors will compute metrics, while others will enforce coding rules. A dozen or so visitors is sufficient for an initial release.
- Write a SonarQube sensor to launch the visitors. It should query the API to get the list of source files, the list of active coding rules in the quality profile, and the API to save metrics and issues.
Tips and Tricks
- For generating charts use d3.js, which is packaged with SonarQube since version 4.1.
- To create "template" rules (rules that can be duplicated by the user) set the rule's
- To access a constant from a Java class in a .erb file, use J