Pre-SonarQube Local Validation Guide
Run a local SonarQube quality check before submitting a PR to prevent Azure Pipeline failures.
Workflow
Issuing SONAR_TOKEN
https://sonar2.softcamp.co.krAccess (VPN required)- Top right profile →My Account → Securitytab
- Generate Tokens→ Enter name →Generate
- Store the issued token in a safe place (cannot be rechecked)
# 환경 변수로 설정 (셸 프로파일에 추가 권장)
export SONAR_TOKEN=squ_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
export SONAR_HOST_URL=https://sonar2.softcamp.co.kr
How to use pre-sonar.sh
# 기본 실행 (전체 모듈)
./scripts/pre-sonar.sh
# 특정 모듈만 스캔
./scripts/pre-sonar.sh api
./scripts/pre-sonar.sh worker
# 토큰 직접 전달
SONAR_TOKEN=<token> ./scripts/pre-sonar.sh
Internal Operation of the Script:
./gradlew test --build-cache— Generate Test + Coverage Reportsonar-scannerExecution —sonar-project.propertiesBase Analysis- Quality Gate result polling (up to 5 minutes)
- Return Result Output and Exit Code (
0= Pass,1= Failure)
sonar-project.properties
sonar.host.url=https://sonar2.softcamp.co.kr
sonar.projectKey=infolineage-platform
sonar.projectName=InfoLineage Platform
sonar.modules=api,worker,common
# API 모듈
api.sonar.projectKey=infolineage-api
api.sonar.sources=backend/infolineage-api/src/main
api.sonar.tests=backend/infolineage-api/src/test
api.sonar.java.binaries=backend/infolineage-api/build/classes
api.sonar.java.source=25
# Worker 모듈
worker.sonar.projectKey=infolineage-worker
worker.sonar.sources=backend/infolineage-worker/src/main
worker.sonar.tests=backend/infolineage-worker/src/test
worker.sonar.java.binaries=backend/infolineage-worker/build/classes
worker.sonar.java.source=25
SonarLint Connected Mode Setup (IntelliJ)
When you connect SonarLint to the server, you can check for violations of server rules in real-time from your local IDE.
- IntelliJ → Settings → Plugins → SonarLintInstallation
- Settings → Tools → SonarLint → Connected Modetab
- Add connectionClick
- Connection type:
SonarQube - Server URL:
https://sonar2.softcamp.co.kr - Authentication: Token →
SONAR_TOKENInput value
- Connection type:
- Project binding →
infolineage-apiorinfolineage-workerSelection - Update bindingClick → Server Rule Synchronization
Quality Gate Criteria
| item | criteria |
|---|---|
| New Code Coverage | ≥ 80% |
| New Code Duplication | ≤ 3% |
| New Bug | 0 |
| New Vulnerability | 0 |
| New Code Smells (Major and Above) | 0 |
Quality Gate isNew CodeIt is a standard. The shortcomings of the existing legacy code do not prevent the build.
Common Violation Patterns
| Violation | Cause | How to fix |
|---|---|---|
java:S1068 | Unused private fields | Remove Field or@SuppressWarnings |
java:S2696 | Modify a non-static field to static | Field Design Review |
java:S3776 | Method complexity exceeded | Method Separation |
java:S2259 | Potential NullPointerException | Optionalor add null check |
| Coverage miss | Test not written | Add Unit Tests |