The value of powerful pipelines
At SonarSource, we're continually striving to not only build the most powerful code analyzers that detect bugs and vulnerabilities, but also provide a seamless user experience around it. It's about helping developers focus on what they care about most: coding. Build pipelines should be easy to configure and actionable data presented to developers whenever they open a pull request or push new code.
With this in mind, we're excited to partner with Atlassian, launching Bitbucket Pipes. This solution lets Bitbucket Cloud users more easily configure their pipeline using pre-configured, high-level tasks (so-called Pipes). Code quality analysis is a must for any modern pipeline, and we've therefore partnered to build the SonarCloud Scan Pipe. With this functionality, all Bitbucket Cloud users can set-up the SonarCloud analysis of their code repository in no time.
How it works in practice
Let's look at the scenario where you want to analyze your latest TypeScript (for example) project on SonarCloud. Prior to Bitbucket Pipes, your CI script had to download the Sonar Scanner CLI, extract it and set the correct environment variables - all of this before the actual scan could be triggered to perform the analysis. In Bitbucket Pipelines, the step to run the analysis was usually looking something like this:
definitions:
steps:
- step: &build-test-sonarcloud
name: Build, test and analyze on SonarCloud
script:
- export SONAR_SCANNER_VERSION=3.2.0.1227
- curl -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION.zip
- export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION
- rm -rf $SONAR_SCANNER_HOME && mkdir -p $SONAR_SCANNER_HOME
- unzip $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
- export PATH=$SONAR_SCANNER_HOME/bin:$PATH
- sonar-scanner -Dsonar.login=$SONAR_TOKENOn top of this, you had to make sure that a JRE (Java Runtime Environment) was installed in your Pipelines image - which is probably not the case since you're doing TypeScript in this example. All in all, a lot of boilerplate code and configuration that can be costly to write and maintain over time!
With the new Pipes feature, you can refactor this piece of your bitbucket-pipelines.yml file to make it easier to read and maintain. In "Edit" mode, open the Pipes side panel, search for SonarCloud and click on the "Copy" button to insert the pipe inside your configuration file.
Now, with the SonarCloud Scan Pipe, the step to trigger a SonarCloud analysis within your pipeline is much simpler to describe!
definitions:
steps:
- step: &build-test-sonarcloud
name: Build, test and analyze on SonarCloud
script:
- pipe: sonarsource/sonarcloud-scan:0.1.4
variables:
SONAR_TOKEN: ${SONAR_TOKEN}Also, no more JRE installation needed: sweet! An added bonus is there's no need to worry about the internal details of this higher level operation, the SonarCloud Scan Pipe does what you expect: trigger a SonarCloud code analysis on your repository.
Once you've deployed this nice face-lift of your Pipelines configuration, you can keep on enjoying the analysis results on the main page of your repository or on the pull requests. Exactly like before, but with a simpler and smarter way to do it!
A continued partnership
The SonarCloud Scan Pipe for Bitbucket Pipelines is yet another example of how SonarCloud intends to Enhance Your Workflow with Continuous Code Quality. Configuration remains simple thanks to an all-encapsulated Pipe; developers get to stay focused on their code changes and Pull Requests; CI/CD pipeline takes care of the rest. We hope you'll enjoy this new Pipe! And be sure that SonarSource and Atlassian teams will continue working together to allow development teams of all sizes to build and deploy top quality software.
If you are a Bitbucket Cloud user and want to try out the SonarCloud Scan Pipe, the SonarCloud Get started with Bitbucket Cloud guide is the place to start from! For any feedback/question, please come over and join our community forums.