Hands-On LabManaging Technical Debt with Team Foundation Server 2015 and SonarQube Lab version: 14.0.25123.0

Last updated: 5/20/2016

TABLE OF CONTENT

MANAGING TECHNICAL DEBT WITH TEAM FOUNDATION SERVER 2015 AND SONARQUBE......1

OVERVIEW.....................................................................................................................................3

Prerequisites...........................................................................................................................3

About the Fabrikam Fiber Scenario........................................................................................3

Exercises.................................................................................................................................4

EXERCISE 1: INSTALL AND CONFIGURE SONARQUBE AND SONARQUBE MSBUILD RUNNER..........................5

EXERCISE 2: ANALYZING PROJECTS USING XAML BUILDS.......................................................................9

EXERCISE 3: UNDERSTAND SONARQUBE ANALYSIS RESULTS.................................................................17

EXERCISE 4: ANALYZING PROJECTS USING TEAM FOUNDATION BUILD 2015 (BUILD VNEXT).......................22

Overview

Technical debt is the set of problems in a development effort that make forward progress on customer value inefficient. Technical debt saps productivity by making code hard to understand, fragile, time-consuming to change, difficult to validate, and creates unplanned work that blocks progress. Technical debt saps an org's strength due to high costs in customer support, and, eventually, some combination of these issues creates a larger problem that someone runs into. Technical debt is insidious. It starts small and grows over time through rushed changes, lack of context and lack of discipline. It can materialize out of nowhere even for a project regarded as clean at some point in time, due to a change in project circumstances: prototype code may be promoted to serve as the basis for a feature; code produced for the U.S. market may be proposed for international, instantly creating debt related to localizability; technologies evolve, but the app doesn’t keep up.

In this lab, you will be introduced to Technical debt, how to configure your Team Build Definitions to use SonarQube, how to understand the analysis results and finally how to configure quality profile to control the rule set used by SonarQube for analyzing your project.

SonarQube is an open source platform for understanding and managing technical debt, it provides different ways to analyze and measure technical quality from project portfolio to method.

Prerequisites

In order to complete this lab, you will need:

1) The Visual Studio 2015 virtual machine provided by Microsoft. For more information on acquiring and using this virtual machine, please see this blog post.

2) You will need to manually install SonarQube on the above virtual machine using the recommended installation guide created by the Visual Studio ALM Rangers, please see this installation guide on GitHub. Alternatively, you may follow exercise 1 in this lab to install and configure SoanrQube for demo and evaluation purposes.

3) You will need to manually install Team Foundation 2013 Object model on the virtual machine.

About the Fabrikam Fiber Scenario

This set of hands-on-labs uses a fictional company, Fabrikam Fiber, as a backdrop to the scenarios you are learning about. Fabrikam Fiber provides cable television and related services to the United States. They are growing rapidly and have embraced Windows Azure to scale their customer-facing web site directly to end-users to allow them to self-service tickets and track technicians. They also use an on-premises ASP.NET MVC application for their customer service representatives to administer customer orders.

In this set of hands-on labs, you will take part in a number of scenarios that involve the development and testing team at Fabrikam Fiber. The team, which consists of 8-10 people, has decided to use Visual

Studio application lifecycle management tools to manage their source code, run their builds, test their web sites, and plan and track the project.

Exercises

This hands-on lab includes the following exercises:

1. Exercise 1: Install and Configure SonarQube

2. Exercise 2: Analyzing Projects using Team Foundation Build 2015

3. Exercise 3: Understand SonarQube Analysis Results.

Estimated time to complete this lab: 60 minutes.

Exercise 1: Install and Configure SonarQube and SonarQube MSBuild Runner

In this exercise, you will learn about the main installation and configuration points required to install and configure SonarQube for demo purposes.

Note: The steps provided below are the main steps needed to install SonarQube and SonarQube MSBuild Runner on this VM for demo and evaluation purposes. We recommend following the installation guide created by the Visual Studio ALM Rangers for more detailed instructions, please see this installation guide on GitHub.

1. Log in as Julia (VSALM\Julia). All user passwords are P2ssw0rd.

2. Open IE and download SonarQube 5.5 from the SonarQube downloads page.

Figure 1 SonarQube Download Page

3. Download Java SE Runtime Environment (JRE) from the Oracle Jave SE downloads page. Select the Download under JRE. Select Accept License Agreement and click the Windows x64 that points to exe file. Run the file to install Java runtime on the VM.

Figure 2 JRE Download page on Oracle

4. Right-click on sonarqube-5.5.zip, select Properties and then select the Unblock button

5. Unzip SonarQube-5.5.zip on to a folder, for example use C:\SonarQube\SonarQube-5.5

6. In the extracted folder navigate to Conf folder, edit sonar.properties file to change the default web port. By default, SonarQube uses port 9000 which is currently being used in the virtual machine for FabrikamFiber QA web site (FF QA). For the purpose of this lab you can provide port 9090.

a. Uncomment #sonar.web.port and change the port number to any available port, for example 9090

7. Open a command prompt as an administrator and change the directory to SonarQube extracted folder cd C:\SonarQube\SonarQube-5.5\bin\windows-x86-64 and run StartSonar.bat. Wait until you get a confirmation on the command prompt that the process is up and running

Figure 3SonarQube Server Starting Up

8. Open you browser and navigate to http://vsalm:9090 to access the SonarQube portal

Figure 4SonarQube Dashboard

Exercise 2: Analyzing projects using Team Foundation Build 2015 (Build vNext)

Note: in order to complete this exercise successfully, you have to install and configure a build agent, follow the companion lab “Introduction to Team Foundation Build 2015 (vNext)” for the detailed steps.

You may have to restart your agent for TFS to re-read the agent capabilities

In this exercise, you will learn about the main configuration points that are needed to integrate Team Foundation Server Build 2015 with SonarQube, performing code analysis on a sample project, and access the analysis result from build summary and SonarQube project dashboard.

It is currently possible to perform SonarQube analysis in the new build system on an on-premise build agent by using the SonarQube for MSBuild tasks. There are two tasks to execute a SonarQube analysis:

SonarQube for MSBuild – Begin Analysis – This task is used to start the SonarQube analysis, before any MSBuild build steps. The Begin Analysis task contacts the SonarQube server to retrieve the quality profile, and dynamically produces rulesets to be applied during the static analysis. It also sets things up so that the following MSBuild steps produce some data to prepare the analysis.

SonarQube for MSBuild – End Analysis – This task finalizes the analysis (computation of the clones, metrics, and analysis for languages other than .Net), and sends the analysis results to the SonarQube server. It should be run after the “Visual Studio Build” task but if you want SonarQube to show code coverage data, place it after the “Visual Studio Test” task.

1. Launch Internet Explorer from the taskbar and select the TFS FF Portal button from the favorites bar at the top.

Figure 5Launching the web portal

2. Select the Build navigation link. In the Explorer view, clone an existing build- refer exercise 4 of “Introduction to Team Foundation Build 2015” lab

Figure 6Clone Build definition

3. Select Add build step to bring the Add Tasks dialog - Choose Build tab and add the SonarQube for MSBuild – Begin Analysis and then add the SonarQube for MSBuild – End Analysis task.

Figure 7Add SonarQube

4. Move the Begin Analysis task to before the Visual Studio Build task and the End Analysis task to after the Visual Studio Test task

Figure 8Rearrange SonarQube Tasks

5. Select the Begin Analyis task. We will need to specify the endpoint of the SonarQube server. Click on the Manage link to open the service endpoint manager page in a separate tab

Figure 9SonarQube for MS Build – Begin Analysis task

6. Click the New Service Endpoint button and select Generic from the drop-down list

Figure 10Creating a Generic endpoint

7. Specify the connection setting as show in the screenshot below. Note that the default user name password for SonarQube is admin/admin. Click OK when you are done.

Figure 11SonarQube Server Connection Settings

8. Close the tab to return back to the Build definition tab. Click the refresh button and select SonarQube from the drop-down list. Specify FabrikamFiber for the Project Key and Name

Figure 12SonarQube Server Connection Settings

9. Save the build definition

Figure 13Save dialog

10. Click the Queue Build button to queue a new build.

11. Wait for the build to finish and make sure that SonarQube tasks has been executed successfully.

Figure 14Build Summary

12. You will notice there is a SonarQube summary section on the Build summary page. Click the Analysis Results link in the section to access the analysis results. This will take you to the project dashboard on the SonarQube portal

Figure 15Project Dashboard URL

Exercise 3: Understand SonarQube Analysis Results

In this exercise, you will learn how to understand the analysis results and the main SonarQube portal sections that you should look at to understand the Technical Debt associated with your project.

Note: If you are interested in learning more about SonarQube dashboards, please see this user guide on SonarQube.

1. Launch the SonarQube dashboard either by typing the URL http://vsalm:9090 directly on the browser and select the FabrikamFiber project. Alternatively, you can select the link from the SonarQube section from the build summary page of Fabrikam Fiber Development Build –Sonar build

2. SonarQube project dashboard consists of multiple boxes called widget which display a specific information about the analyzed project like line of codes, duplications, complexity, technical debt, SQALE rating and more that you can add by customizing the dashboard widgets.

Figure 16FabrikamFiber Project Dashboard

3. From dashboard you will be able to see the Technical Debt ratio associated with your project as well as a summary of all the issues generated from the analysis.

Figure 17Technical Debt Ration and issues list

4. Click on Issues link to navigate the list of coding standards issues, SonarQube raises an issue every time a piece of code breaks a coding rule. By default, it shows unresolved issues of all severities, from all projects, grouped by file.

Note: The set of coding rules is defined through the quality profile associated with the project, please see Quality Profiles documentation for more details.

Figure 18Issues List

5. While you are in the Issues list, click on any issue to access the issue details, you will be able to drill down to the line of code generating such issue. You can filter the issues based used different filtering options shown on the left side.

Figure 19Issues details