Take Control of Code Quality with SonarQube Pull Request Decoration in Your Workflow

by clint cameron|

If you’re passionate about writing quality code, you’re in the right place! If you want to discover how to deliver more with your workflow, you’re reading the right article! This article is about two things: 1) writing clean, quality code and 2) the methodology to make that happen right in your workflow. Join me as I walk through how SonarQube pull request decoration in your ALM (GitHub, Bitbucket, Azure DevOps, GitLab) accomplishes these goals.

SonarQube is a Code Quality and Security tool that catches bugs, code smells and vulnerabilities in your Pull Requests (PRs). If you adopt SonarQube in your organization, you’ll surely see gains by finding lots of pesky coding issues. However, that’s not the whole story. My goal with this article is to show you something even more powerful, eye-opening and ultimately super useful! Let's go!

© 1999 Warner Brothers

I’m trying to free your mind...you’re the one that has to walk through it...

While SonarSource is first and foremost a company focused on code quality products for developers, there are also several SonarSource methodologies that interlock with our products. In fact, we believe these methodologies are foundational to fully realizing the benefits of our products. One of these methodologies is Clean as You Code. 

Clean as You Code is fundamentally simple AND its implications are powerful and potentially transformative for your organization. Before we dive into it, let’s set the stage around the development process and the typical highs and lows that come with being a developer. In this context, there are a few things we can reasonably establish:

I don’t like the idea that I’m not in control of my code...

At SonarSource, we’re developers too so this is top-of-mind every day. With every commit, is the code quality improving or will someone down the road have a bad day undoing my past sins? Is this the unfortunate reality or is there a better way? How can we get more gains and avoid those pains? 

Perhaps we are asking the wrong questions…

The answer is in the Clean as You Code methodology and adopting SonarQube in your workflow. Let’s dig into the methodology and see what it brings. At its core, it’s three simple tenets:

You might find the concept a little counterintuitive at first. There are past sins out there...just lurking about. This is true AND you must accept that, in the short term, it’s not your cross to bear. Your prime directive is to write clean, quality PRs that pass the Quality Gate and move on to the next challenge. Those past sins buried in meaningful code will get refactored soon enough. That refactoring PR will eliminate them with a passing Quality Gate! Ultimately, with patience, persistence and green Quality Gates, you end up with a squeaky-clean codebase! 

No one has ever done anything like this...that's why it is going to work

Following the Clean as You Code methodology allows developers to take ownership and directly impact Code Quality and Security. SonarQube (Developer Edition+) decorates your pull requests and branches in support of the Clean as You Code methodology. This brings us back to SonarQube as the tool to enable Clean as You Code in your workflow. SonarQube is an effective tool because there are some key Clean as You Code fundamentals built deep into its DNA:

  • Provide the Right Info
  • Present it at the Right Time
  • Deliver it in the Right Place

This isn’t all theory and methodologies and marketing speak. In fact, at SonarSource we dogfood our own instance of SonarQube and adhere to these principles during our own sprints. An example, with SonarLint and SonarQube, demonstrates how this works.

It all starts in your IDE, where SonarLint catches issues as you write code. This is your first line of defense. When you’re done coding and open your PR, that triggers your CI workflow and that in turn automatically kicks off an analysis of your PR in SonarQube.

Using the Quality Gate profile you’ve already established for your acceptance criteria, SonarQube ‘grades’ your PR and returns either Pass or Fail. If your Quality Gate is green, you can confidently merge your code. If it’s red, you have some work to do! Below, you'll see a failed Quality Gate in a GitHub PR.

Failed Quality Gate in GitHub Pull Request

There’s a link in every decoration that opens the analysis in SonarQube where you can see the issues along with an overview of the code quality metrics on your new/changed code.

New Code Period issue(s) found in SonarQube

From the analysis overview screen, you can click on an issue category and from there drill down to individual problems to get an explanation along with contextual help to resolve it.

Issue drilldown in SonarQube

As you work through and resolve the issues in your PR, SonarQube dynamically updates the Quality Gate decoration. Once you’re green, you know you can confidently merge your code. Now we can see how well the Clean as You Code methodology and SonarQube come together to achieve the ultimate goal of writing clean, quality code. In fact, they’re working hand-in-hand:

That’s great for your PRs and what about those developer Gains and Pains we discussed before:

  • You're writing cleaner code with every PR and over time your coding skills steadily improve.
  • You and your team get more done with an efficient, productive workflow with fewer issues to refactor down the road.
  • With the Quality Gate as your clean code acceptance criteria, you won’t waste time in meetings determining if the code is ‘release-worthy’.
  • SonarSource products act as your constant coding buddy to help you get un-stuck!
  • Ultimately, you have more time to solve interesting problems and challenges!

Remember, all I’m offering is the truth. Nothing more...

In the end, it’s a big payoff for you - improving as a developer, solving problems and feeling confident you’re not leaving your teammates future headaches. Clean as You Code is a means to a bigger, better end -> being the best developer you can be! 

To see all this in action, we have dedicated pages for GitHub, Bitbucket, Azure DevOps and GitLab where you can discover all the features and functionality. If you’re already convinced and ready to try, it's easy to request a free trial

Thanks for reading and happy, clean coding!

Learn more about Clean as You Code:

Clean as You Code: How to win at Code Quality without even trying