1593332900
How to Evaluation Nodejs Code with Jest, SonarQube and Docker
In this article, we talk about a basic example using Nodejs, Express, Docker, Jest and Sonarqube.
Using the wikipedia explanation “SonarQube is an open source platform developed by SonarSource for continuous code quality inspection, to perform automatic reviews with static code analysis to detect bugs, code odors and security vulnerabilities in over 20 languages. programming.”
For this tutorial, we’ll need:
- Node/npm
- Docker
With node and docker installed, let’s start the project
Starting the project
Creating project folder and browsing
mkdir NodeSonarExample
cd ./NodeSonarExample
Starting the project
npm init -y
Installing dependencies
In this session, we will install the dependencies and development dependencies for the project.
- Express which allows http requests, widely used in MVC and Restfull applications.
- Jest is used to perform unit testing.
npm install — save express jest
- sonarqube-scanner is necessary to scan JS code very simply, without needing to install any specific tool or (Java) runtime.
- jest-sonar-reporter is a custom results processor for Jest. The processor converts Jest’s output into Sonar’s generic test data format.
- supertest we can test http requests for express routes
npm install -D sonarqube-scanner jest-sonar-reporter supertest
Docker Image SonarQube
Let’s start sonarqube by creating the docker-compose.sonar.yml file.
version: '3'
services:
sonarqube:
container_name: sonarqube
image: sonarqube:latest
ports:
- "9000:9000"
- "9092:9092"
and execute the file with the command:
docker-compose -f docker-compose.sonar.yml up -d
With sonarqube running, navigate to sonarqube address and authenticate using the default account
login: admin
password: admin
Authenticated, you will notice that there is no project pipeline created as shown in the image below
Simple project example
In this session, I will show the project structure, and all the code involved
#node #sonarqube #jest #nodejs #docker
What is GEEK
Buddha Community
1593332900
How to Evaluation Nodejs Code with Jest, SonarQube and Docker
In this article, we talk about a basic example using Nodejs, Express, Docker, Jest and Sonarqube.
Using the wikipedia explanation “SonarQube is an open source platform developed by SonarSource for continuous code quality inspection, to perform automatic reviews with static code analysis to detect bugs, code odors and security vulnerabilities in over 20 languages. programming.”
For this tutorial, we’ll need:
- Node/npm
- Docker
With node and docker installed, let’s start the project
Starting the project
Creating project folder and browsing
mkdir NodeSonarExample
cd ./NodeSonarExample
Starting the project
npm init -y
Installing dependencies
In this session, we will install the dependencies and development dependencies for the project.
- Express which allows http requests, widely used in MVC and Restfull applications.
- Jest is used to perform unit testing.
npm install — save express jest
- sonarqube-scanner is necessary to scan JS code very simply, without needing to install any specific tool or (Java) runtime.
- jest-sonar-reporter is a custom results processor for Jest. The processor converts Jest’s output into Sonar’s generic test data format.
- supertest we can test http requests for express routes
npm install -D sonarqube-scanner jest-sonar-reporter supertest
Docker Image SonarQube
Let’s start sonarqube by creating the docker-compose.sonar.yml file.
version: '3'
services:
sonarqube:
container_name: sonarqube
image: sonarqube:latest
ports:
- "9000:9000"
- "9092:9092"
and execute the file with the command:
docker-compose -f docker-compose.sonar.yml up -d
With sonarqube running, navigate to sonarqube address and authenticate using the default account
login: admin
password: admin
Authenticated, you will notice that there is no project pipeline created as shown in the image below
Simple project example
In this session, I will show the project structure, and all the code involved
#node #sonarqube #jest #nodejs #docker
1595494800
Integrating SonarQube with Jenkins
Welcome back to the second article in our #BacktoBasics series. As many of us already know, SonarQube is an open-source tool for continuous inspection of code quality. It performs static analysis of code, thus detecting bugs, code smells and security vulnerabilities. In addition, it also can report on the duplicate code, unit tests, code coverage and code complexities for multiple programming languages. Hence, in order to achieve Continuous Integration with fully automated code analysis, it is important to integrate SonarQube with CI tools such as Jenkins. Here, we are going to discuss integrating SonarQube with Jenkins to perform code analysis.
Running Jenkins and SonarQube on Docker
Enough on the introductions. Let’s jump into the configurations, shall we? First of all, let’s spin up Jenkins and SonarQube using Docker containers. Note that, we are going to use docker compose as it is an easy method to handle multiple services. Below is the content of the docker-compose.yml file which we are going to use.
docker-compose.yml file
version: '3'
services:
sonarqube:
ports:
- '9000:9000'
volumes:
- 'E:\work\sonar\conf\:/opt/sonarqube/conf'
- 'E:\work\sonar\data\:/opt/sonarqube/data'
- 'E:\work\sonar\logs\:/opt/sonarqube/logs'
- 'E:\work\sonar\extensions\:/opt/sonarqube/extensions'
image: sonarqube
jenkins:
image: 'ravindranathbarathy/jenkins'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- 'E:\work\jenkins_home\:/var/jenkins_home'
ports:
- '8080:8080'
- '5000:50000'
jenkins-slave:
container_name: jenkins-slave
restart: always
environment:
- 'JENKINS_URL=http://jenkins:8080'
image: kaviyakulothungan/jenkins-slave-node:v2
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- 'E:\work\jenkins_slave\:/home/jenkins'
depends_on:
- jenkins
docker-compose up is the command to run the docker-compose.yml file.
docker-compose command to spin up Jenkins and Sonarqube
Shell
1
docker-compose up
Note: The _docker-compose_ command must be run from folder where the _docker-compose.yml_ file is placed
This file, when run, will automatically host the Jenkins listening on port 8080 along with a slave.
Jenkins hosted using Docker
The SonarQube will be hosted listening on port 9000.
SonarQube hosted using Docker
Configuring Jenkins for SonarQube Analysis
In order to run the SonarQube analysis in Jenkins, there are few things we have to take care before creating the Jenkins job. First of all, we need to install the**_ ‘_SonarQube Scanner” plugin. For this, let’s go to Jenkins -> Manage Jenkins -> Manage Plugins. There, navigate to “Available” view and look for the plugin “SonarQube Scanner”. Select the plugin and click on “Install without restart**” and wait for the plugin to be installed.
Installing SonarQube Scanner Plugin
Once the plugin is installed, we need to configure a few things in the Jenkins global configuration page.
For that, let’s click on Jenkins -> Manage Jenkins -> Configure System -> SonarQube Servers and fill in the required details.
SonarQube Server Configuration
Here,
- Name: Anything meaningful. Eg. sonarqube
- Server URL:
- Server Authentication Token: Refer below
To get the server authentication token, login to SonarQube and go to Administration -> Security -> Users and then click on Tokens. There, Enter a Token name and click on Generate and copy the token value and paste it in the Jenkins field and then click on “Done”.
Creating Authorization Token
Finally, save the Jenkins Global configurations by clicking on the “Save” icon.
There is one last configuration which has to be set up. In order to run SonarQube scan for our project, we need to install and configure the SonarQube scanner in our Jenkins. For that, let’s go to Manage Jenkins -> Global Tool Configuration -> SonarQube Scanner -> SonarQube Scanner installations. Enter any meaningful name under the Name field and select an appropriate method in which you want to install this tool in Jenkins. Here, we are going to select “Install automatically” option. Then, click on “Save”.
SonarQube Scanner Configuration in Jenkins
Creating and Configuring Jenkins Pipeline Job
Since we are all set with the global configurations, let’s now create a Jenkins Pipeline Job for a simple node.js application for which code analysis will be done by SonarQube.
For that, let’s click on “New Item” in Jenkins home page and enter the job name as “sonarqube_test_pipeline” and then select the “Pipeline” option and then click on “OK”.
Creating Jenkins Pipeline job
Now, inside the job configuration, let’s go to the Pipeline step and select Pipeline Script from SCM and then select Git and enter the Repository URL and then save the job.
##backtobasics #continuous integration #devops #blueocean #ci #code review #continous integration #docker #docker-compose #git #github #jenkins #jenkins pipeline #nodejs #sonarqube #sonarqube scanner #static code analysis
1604008800
Static Code Analysis: What It Is? How to Use It?
Static code analysis refers to the technique of approximating the runtime behavior of a program. In other words, it is the process of predicting the output of a program without actually executing it.
Lately, however, the term “Static Code Analysis” is more commonly used to refer to one of the applications of this technique rather than the technique itself — program comprehension — understanding the program and detecting issues in it (anything from syntax errors to type mismatches, performance hogs likely bugs, security loopholes, etc.). This is the usage we’d be referring to throughout this post.
“The refinement of techniques for the prompt discovery of error serves as well as any other as a hallmark of what we mean by science.”
- J. Robert Oppenheimer
Outline
We cover a lot of ground in this post. The aim is to build an understanding of static code analysis and to equip you with the basic theory, and the right tools so that you can write analyzers on your own.
We start our journey with laying down the essential parts of the pipeline which a compiler follows to understand what a piece of code does. We learn where to tap points in this pipeline to plug in our analyzers and extract meaningful information. In the latter half, we get our feet wet, and write four such static analyzers, completely from scratch, in Python.
Note that although the ideas here are discussed in light of Python, static code analyzers across all programming languages are carved out along similar lines. We chose Python because of the availability of an easy to use ast module, and wide adoption of the language itself.
How does it all work?
Before a computer can finally “understand” and execute a piece of code, it goes through a series of complicated transformations:
As you can see in the diagram (go ahead, zoom it!), the static analyzers feed on the output of these stages. To be able to better understand the static analysis techniques, let’s look at each of these steps in some more detail:
Scanning
The first thing that a compiler does when trying to understand a piece of code is to break it down into smaller chunks, also known as tokens. Tokens are akin to what words are in a language.
A token might consist of either a single character, like (, or literals (like integers, strings, e.g., 7, Bob, etc.), or reserved keywords of that language (e.g, def in Python). Characters which do not contribute towards the semantics of a program, like trailing whitespace, comments, etc. are often discarded by the scanner.
Python provides the tokenize module in its standard library to let you play around with tokens:
Python
1
import io
2
import tokenize
3
4
code = b"color = input('Enter your favourite color: ')"
5
6
for token in tokenize.tokenize(io.BytesIO(code).readline):
7
print(token)
Python
1
TokenInfo(type=62 (ENCODING), string='utf-8')
2
TokenInfo(type=1 (NAME), string='color')
3
TokenInfo(type=54 (OP), string='=')
4
TokenInfo(type=1 (NAME), string='input')
5
TokenInfo(type=54 (OP), string='(')
6
TokenInfo(type=3 (STRING), string="'Enter your favourite color: '")
7
TokenInfo(type=54 (OP), string=')')
8
TokenInfo(type=4 (NEWLINE), string='')
9
TokenInfo(type=0 (ENDMARKER), string='')
(Note that for the sake of readability, I’ve omitted a few columns from the result above — metadata like starting index, ending index, a copy of the line on which a token occurs, etc.)
#code quality #code review #static analysis #static code analysis #code analysis #static analysis tools #code review tips #static code analyzer #static code analysis tool #static analyzer
1595249460
Docker Explained: Docker Architecture | Docker Registries
Following the second video about Docker basics, in this video, I explain Docker architecture and explain the different building blocks of the docker engine; docker client, API, Docker Daemon. I also explain what a docker registry is and I finish the video with a demo explaining and illustrating how to use Docker hub
In this video lesson you will learn:
- What is Docker Host
- What is Docker Engine
- Learn about Docker Architecture
- Learn about Docker client and Docker Daemon
- Docker Hub and Registries
- Simple demo to understand using images from registries
#docker #docker hub #docker host #docker engine #docker architecture #api
1597736283
Hire NodeJs Developer
Looking to build dynamic, extensively featured, and full-fledged web applications?
Hire NodeJs Developer to create a real-time, faster, and scalable application to accelerate your business. At HourlyDeveloper.io, we have a team of expert Node.JS developers, who have experience in working with Bootstrap, HTML5, & CSS, and also hold the knowledge of the most advanced frameworks and platforms.
Contact our experts: https://bit.ly/3hUdppS
#hire nodejs developer #nodejs developer #nodejs development company #nodejs development services #nodejs development #nodejs