Meet Sputnik - static code analyser for Gerrit

Monday, May 26, 2014

Sputnik runs Checkstyle, PMD and FindBugs for your Gerrit patchsets

I am happy to announce a first release of Sputnik! It is a static code analyzer that runs Checkstyle, PMD and FindBugs for your Gerrit patchsets. Its main advantage over my previous project Sonar Gerrit plugin is that Sputnik is a small, lightweight and standalone Java application. You don't need any other software to run it. It bundles Checkstyle, PMD and FindBugs jars within distribution zip.

Workflow

Sputnik is intended to use with Gerrit and Continous Integration server, i. e. Jenkins. It works like this:

Your CI server is updated by ssh that a new patch is submitted to Gerrit. CI fetches this patch and builds a while project. After a build, CI server reports its result to Gerrit. It's time for Sputnik now.

Sputnik runs regardless of build result (you can change that in your CI configuration). Sputnik fetches patchset's file list from Gerrit over HTTP REST API. Then it runs an analysis only on these files! Even if your project is huge, analysis on several files takes only seconds. Sputnik collects comments from all three analysers: Checkstyle, PMD and FindBugs. It sends back all comments to Gerrit via HTTP REST API back. It's very simple and very fast!

Installation and configuration

First, you need to build https://github.com/TouK/sputnik master or download distribution zip from here: sputnik-1.0.zip. Go to you CI server and extract it to a directory of your choice. Remember that a user you run CI builds needs to have an access rights to this directory (in my case it's simply a jenkins user). Then you need to prepare your configuration file and write this file to the same directory as unzipped distribution. It is a simple Java properties file, which is pretty self-explanatory. Here is an example:

gerrit.host=gerrit.yourcompany.com
gerrit.port=8080
gerrit.username=sputnik
gerrit.password=Pa$$wo4d
checkstyle.enabled=true
checkstyle.configurationFile=/opt/jenkins/sputnik/checkstyle.xml
checkstyle.propertiesFile=
pmd.enabled=true
pmd.ruleSets=/opt/jenkins/sputnik/pmd.xml
findbugs.enabled=true
findbugs.includeFilter=/opt/jenkins/sputnik/findbugs.xml
findbugs.excludeFilter=

Now you need to configure you CI server to actually run Sputnik after a build. It is very simple for Jenkins, just add a Post-Build Step. You can adjust if Sputnik runs only on successful build or for every build - use radio buttons for this:

Last line with exit 0 is a workaround for a clean exit, even if Sputnik fails for some reason. Exit 0 guarantees you that result of this step doesn't affect overall build result.

Summary

This is an example screenshot of Sputnik's comments:

Sputnik always reports +1 as a result. It can be lacking in some network and authorisation configuration. But it's open source so please submit issues and patches to its github page: https://github.com/TouK/sputnik.

Your feedback and pull requests are heartly welcome!

17 comments:

  1. This sounds like the tool I've been looking for. Cool project, will try it out! :-)

    ReplyDelete
    Replies
    1. We've run a couple of tests with Sputnik, and two questions have come up:

      1. How can we tell Sputnik to ignore deleted files? Currently, we get a "[Checkstyle] ERROR: File not found!" comment on deleted files.

      2. How can we tell Sputnik to ignore certain paths (e.g. tests) completely?

      We tried to set property files and exclude filters in the Sputnik configuration file as you described, but we could not figure out how to do this.

      Thanks,
      Uwe

      Delete
    2. Thanks for your feedback.

      1. That's a bug - deleted files should not be included in analysis, obviously.

      2. There is no such functionality for ignoring paths, but I can see it can be useful.

      Please report these two to github issues, I'll work on these.

      Delete
    3. Done: https://github.com/TouK/sputnik/issues

      Thank you for taking care of this!

      Delete
  2. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. http://stackoverflow.com/questions/36951839/jenkins-unable-to-fetch-changeid-and-revisionid

      Delete
    2. --changeId $GERRIT_CHANGE_ID --revisionId $GERRIT_PATCHSET_REVISION

      @ustesis Can you please tell me how the above variables get input

      Delete
    3. @Tomasz Kalkosiński https://github.com/TouK/sputnik/issues/147

      Can you give me samples of:
      1. checkstyle.xml
      2. pmd.xml
      3. findbugs.html

      karthik.pwn@gmail.com

      Delete
  3. I am confused by the intial steps.I am trying to run a sonarqube analysis with resharper,styleop and ndepends for .net. Criteo labs added support for sonarqube in sputnik.

    1. do I build sputnik.zip first?
    2. I extracted the zip to a new folder under my Jenkins folder and named it 'sputnik'. is this what you were suggesting in the log?
    3. How do I configure for sonarqube ?
    4. what is the name of config file? just "config" without extension?

    ReplyDelete
    Replies
    1. 1. No, just unzip it.
      2. Yes
      3. I don't know much how to configure sonarcube with .NET projects
      4. Screenshot has wrapped test. It says: sputnik -conf /your/path/to/conf.properties

      Delete
  4. Thanks Tomasz.

    Is it possible to make gitlab the review tool instead of gerrit?

    Gitlab can allow multiple commits at a time which gerrit cannot.

    But I am not sure if a tool like sputnik is available for connecting sonarqube and gitlab as you do here.

    Also I don't see a sputnik executable from the git dump. It looks like I need a java guy tohelp me build it!

    ReplyDelete
    Replies
    1. Please move to GitHub page for newer version and other integrations.

      Delete
  5. One thing I am wondering is why you need sputnik to run sonar analysis instead of sonar qube?

    what problems does sputnik exactly solve?

    ReplyDelete
    Replies
    1. You don't need Sputnik to run Sonar analysis at all. Sputnik is a small tool to do only two things: launch code alanyzer (Sonar in your case) and report it to your code review tool (GitLab in your case).

      Delete
    2. What would it take to make sputnik report back to gitlab instead of gerrit?

      does the sputnik source code have to be modified?

      or this config can be changed?

      "gerrit.host=gerrit.yourcompany.com
      gerrit.port=8080
      gerrit.username=sputnik
      gerrit.password=Pa$$wo4d

      Delete
    3. No, GitLab is not currently supported.

      Delete