feat: Adicionado a análise de código do sonar.

Author: danielso2007

README.md

@@ -53,7 +53,7 @@ Os testes são executados normalmente quando construído para **produção** e n
 
 É utilizado o [EclEmma Jacoco](https://www.eclemma.org/jacoco/) para verificação de cobertura de código. Para executar a cobertura:
 ```
-mvn clean test -Ptest jacoco:report
+mvn clean test verify -Ptest jacoco:report
 ```
 Na pasta target, é gerado um "site" mostrando toda a cobertura de código. Este projeto utiliza o _Action_ para os testes e build da aplicação. Ao final do teste, é enviado para [codecov.io](https://codecov.io) todo o relatório. Para verificar a cobertura de teste deste código, acesse [codecov.io/gh/danielso2007]([codecov.io](https://codecov.io/gh/danielso2007/virtualLibraryAPI)).
 
@@ -67,6 +67,29 @@ Para "rodar" a imagem, execute:
 docker run -p 8080:8080 --name swapi  virtualLibraryAPI:<project.version>
 ```
 
+### Code quality
+
+O sonar é usado para analisar a qualidade do código. Você pode iniciar um servidor Sonar local (acessível em http: // localhost: 9001) com:
+
+```
+docker-compose -f src/main/docker/sonar.yml up -d
+```
+
+Você pode executar uma análise do Sonar usando o scanner de sonar ou usando o plugin maven.
+
+Em seguida, execute uma análise do sonar:
+
+```
+mvn -Ptest clean verify jacoco:report sonar:sonar
+```
+
+Se você precisar executar novamente a fase do Sonar, especifique pelo menos a fase de inicialização, já que as propriedades do Sonar são carregadas do arquivo sonar-project.properties.
+
+```
+mvn clean test verify -Ptest jacoco:report
+mvn initialize sonar:sonar
+```
+
 ### Documentação da API - swagger (OpenAPI 3):
 
 A aplicação usa o swagger para a exibição da documentação da API. Para verificar, acesse os links [swagger-ui](http://localhost:8080/swagger-ui.html) e [api-docs](http://localhost:8080/api-docs). Documentação [swagger.io](https://swagger.io/docs/open-source-tools/swagger-ui/usage/configuration/) e [springdoc.org](https://springdoc.org/).

pom.xml

@@ -44,6 +44,11 @@
 
 		<docker.networks>vlapi</docker.networks>
 		<docker.data.base.name>mongodb</docker.data.base.name>
+		
+		<project.testresult.directory>${project.build.directory}/test-results</project.testresult.directory>
+		<jacoco.utReportFolder>${project.build.directory}/jacoco/test</jacoco.utReportFolder>
+		<jacoco.utReportFile>${jacoco.utReportFolder}/test.exec</jacoco.utReportFile>
+		<junit.utReportFolder>${project.testresult.directory}/test</junit.utReportFolder>
 	</properties>
 
 	<dependencies>
@@ -187,28 +192,13 @@
 					<target>${maven.compiler.target}</target>
 				</configuration>
 			</plugin>
-			<plugin>
-				<groupId>org.springframework.boot</groupId>
-				<artifactId>spring-boot-maven-plugin</artifactId>
-				<executions>
-					<execution>
-						<id>pre-integration-test</id>
-						<goals>
-							<goal>start</goal>
-						</goals>
-					</execution>
-					<execution>
-						<id>post-integration-test</id>
-						<goals>
-							<goal>stop</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
 				<configuration>
+					<!-- Force alphabetical order to have a reproducible build -->
+					<runOrder>alphabetical</runOrder>
+					<reportsDirectory>${junit.utReportFolder}</reportsDirectory>
 					<skipTests>${skip-tests}</skipTests>
 					<workingDirectory>${project.build.directory}</workingDirectory>
 					<trimStackTrace>false</trimStackTrace>
@@ -229,19 +219,24 @@
 				<version>0.8.5</version>
 				<executions>
 					<execution>
-						<id>prepare-agent</id>
+						<id>pre-unit-tests</id>
 						<goals>
 							<goal>prepare-agent</goal>
 						</goals>
+						<configuration>
+							<!-- Sets the path to the file which contains the execution data. -->
+							<destFile>${jacoco.utReportFile}</destFile>
+						</configuration>
 					</execution>
 					<execution>
 						<id>post-unit-test</id>
 						<phase>test</phase>
 						<goals>
 							<goal>report</goal>
-							<goal>check</goal>
 						</goals>
 						<configuration>
+							<dataFile>${jacoco.utReportFile}</dataFile>
+							<outputDirectory>${jacoco.utReportFolder}</outputDirectory>
 							<excludes>
 								<exclude>**/*VirtualLibraryApiApplication.*</exclude>
 								<exclude>br/com/virtuallibrary/commons/**/*</exclude>
@@ -267,6 +262,36 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-failsafe-plugin</artifactId>
+				<configuration>
+					<!-- Due to spring-boot repackage, without adding this property test 
+						classes are not found See https://github.com/spring-projects/spring-boot/issues/6254 -->
+					<classesDirectory>${project.build.outputDirectory}</classesDirectory>
+					<!-- Force alphabetical order to have a reproducible build -->
+					<runOrder>alphabetical</runOrder>
+					<reportsDirectory>${junit.itReportFolder}</reportsDirectory>
+					<includes>
+						<include>**/*IT*</include>
+						<include>**/*IntTest*</include>
+					</includes>
+				</configuration>
+				<executions>
+					<execution>
+						<id>integration-test</id>
+						<goals>
+							<goal>integration-test</goal>
+						</goals>
+					</execution>
+					<execution>
+						<id>verify</id>
+						<goals>
+							<goal>verify</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-resources-plugin</artifactId>
@@ -319,6 +344,29 @@
 					<outputDir>${project.build.directory}</outputDir>
 				</configuration>
 			</plugin>
+			<plugin>
+				<groupId>org.sonarsource.scanner.maven</groupId>
+				<artifactId>sonar-maven-plugin</artifactId>
+				<version>3.7.0.1746</version>
+			</plugin>
+			<plugin>
+				<groupId>org.codehaus.mojo</groupId>
+				<artifactId>properties-maven-plugin</artifactId>
+				<version>1.0.0</version>
+				<executions>
+					<execution>
+						<phase>initialize</phase>
+						<goals>
+							<goal>read-project-properties</goal>
+						</goals>
+						<configuration>
+							<files>
+								<file>sonar-project.properties</file>
+							</files>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>
 

sonar-project.properties

@@ -0,0 +1,29 @@
+sonar.projectKey=danielso2007_virtualLibraryAPI
+sonar.projectName=VirtualLibraryAPI
+sonar.organization=danielso2007
+sonar.projectVersion=0.5.0
+
+sonar.sources=src/main/
+sonar.host.url=https://sonarcloud.io
+
+sonar.tests=src/test/
+sonar.coverage.jacoco.xmlReportPaths=target/jacoco/test/jacoco.xml
+sonar.java.codeCoveragePlugin=jacoco
+sonar.junit.reportPaths=target/test-results/test,target/test-results/integrationTest
+
+sonar.sourceEncoding=UTF-8
+sonar.exclusions=src/main/webapp/content/**/*.*, src/main/webapp/i18n/*.js, target/classes/static/**/*.*
+
+sonar.issue.ignore.multicriteria=S3437,S4502,S4684,UndocumentedApi
+# Rule https://sonarcloud.io/coding_rules?open=squid%3AS3437&rule_key=squid%3AS3437 is ignored, as a JPA-managed field cannot be transient
+sonar.issue.ignore.multicriteria.S3437.resourceKey=src/main/java/**/*
+sonar.issue.ignore.multicriteria.S3437.ruleKey=squid:S3437
+# Rule https://sonarcloud.io/coding_rules?open=squid%3AUndocumentedApi&rule_key=squid%3AUndocumentedApi is ignored, as we want to follow "clean code" guidelines and classes, methods and arguments names should be self-explanatory
+sonar.issue.ignore.multicriteria.UndocumentedApi.resourceKey=src/main/java/**/*
+sonar.issue.ignore.multicriteria.UndocumentedApi.ruleKey=squid:UndocumentedApi
+# Rule https://sonarcloud.io/coding_rules?open=squid%3AS4502&rule_key=squid%3AS4502 is ignored, as for JWT tokens we are not subject to CSRF attack
+sonar.issue.ignore.multicriteria.S4502.resourceKey=src/main/java/**/*
+sonar.issue.ignore.multicriteria.S4502.ruleKey=squid:S4502
+# Rule https://sonarcloud.io/coding_rules?open=squid%3AS4684&rule_key=squid%3AS4684
+sonar.issue.ignore.multicriteria.S4684.resourceKey=src/main/java/**/*
+sonar.issue.ignore.multicriteria.S4684.ruleKey=squid:S4684

sonar_local.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+RED='\033[1;31m'
+BLACK='\033[0;30m'
+DARK_GRAY='\033[1;30m'
+LIGHT_RED='\033[0;31m'
+GREEN='\033[0;32m'
+LIGHT_GREEN='\033[1;32m'
+BROWN_ORANGE='\033[0;33m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+LIGHT_BLUE='\033[1;34m'
+PURPLE='\033[0;35m'
+LIGHT_PURPLE='\033[1;35m'
+CYAN='\033[0;36m'
+LIGHT_CYAN='\033[1;36m'
+LIGHT_GRAY='\033[0;37m'
+WHITE='\033[1;37m'
+NC='\033[0m' # No Color
+
+# echo -e "${YELLOW}Starting the sonar container...${NC}"
+# docker-compose -f src/main/docker/sonar.yml up -d
+
+echo -e "${YELLOW}Starting scan...${NC}"
+mvn -Ptest clean test jacoco:report sonar:sonar

src/main/docker/sonar.yml

@@ -0,0 +1,27 @@
+version: '3.7'
+services:
+  virtuallibraryapi-sonar:
+    container_name: virtuallibraryapi-sonar
+    image: sonarqube:8.2-community
+    # https://hub.docker.com/r/bitnami/sonarqube#configuration
+    environment:
+      - SONARQUBE_USERNAME=admin
+      - SONARQUBE_PASSWORD=admin
+      - SONARQUBE_START_TIMEOUT=300
+    volumes:
+      - "sonardata:/opt/sonarqube/data"
+      - "sonarlogs:/opt/sonarqube/log"
+      - "sonarextensions:/opt/sonarqube/extensions"
+    ports:
+      - 9001:9000
+      - 9092:9092
+    logging:
+      driver: json-file
+volumes:
+  sonardata:
+  sonarlogs:
+  sonarextensions:
+
+networks:
+  vlapi:
+    driver: bridge