cargo-sonar 0.5.0

Helper to transform reports from Rust tooling for code quality, into valid Sonar report
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

# cargo-sonar

`cargo-sonar` help you to use the tools of the Rust community and report the information to Sonarcloud (or Sonarqube).
You can even set it up in a Continuous Integration so this report is automatically forwarded to Sonar.

# Table of contents
- [Installation](#installation)
  - [From source](#from-source)
  - [From crates.io](#from-cratesio)
  - [From Docker/Podman](#from-dockerpodman)
- [Use](#use)
- [Supported tools](#supported-tools)
  - [`clippy`](#cargo-clippy)
  - [`audit`](#cargo-audit)
- [Examples](#examples)
- [Todo list](#todo-list)

# Installation
## From source

```
git clone https://gitlab.com/woshilapin/cargo-sonar
cd cargo-sonar
cargo install --path .
cargo sonar --help
```

## From crates.io

```
cargo install cargo-sonar
cargo sonar --help
```

## From Docker/Podman

```
export CONTAINER_ENGINE=docker # or CONTAINER_ENGINE=podman
${CONTAINER_ENGINE} pull docker.io/woshilapin/cargo-sonar
${CONTAINER_ENGINE} run docker.io/woshilapin/cargo-sonar --help
```

# Use

`cargo-sonar` is only a tool to convert reports from other tools into Sonar compatible report (see [Supported tools](#supported-tools)).
Once the Sonar report is generated, it can be sent to [sonarcloud.io](https://sonarcloud.io) or any [SonarQube](https://www.sonarqube.org/) instance with [`sonar-scanner`](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/).

First generate a report from any [supported tool](#supported-tools), for example `clippy`.

```
cargo clippy --message-format > my-clippy-report.json
```

Then convert this report.

```
cargo sonar --clippy --clippy-path my-clippy-report.json
```

This creates a file `sonar.json`.
You can now configure `sonar-scanner` with `sonar.externalIssuesReportPaths=sonar.json` in your `sonar-project.properties` file.

# Supported tools
## `cargo-clippy`

```
cargo clippy --message-format=json -- --warn clippy::pedantic > clippy.json
```

## `cargo-audit`

```
cargo audit --json > audit.json
```

# Examples

The best example out there at the moment is the project `cargo-sonar` itself.
In the CI, you can see the generation of the [`clippy` report](https://gitlab.com/woshilapin/cargo-sonar/-/blob/main/.gitlab/clippy.yml) and the [`audit` report](https://gitlab.com/woshilapin/cargo-sonar/-/blob/main/.gitlab/audit.yml).
Then, `cargo sonar` is [executed](https://gitlab.com/woshilapin/cargo-sonar/-/blob/main/.gitlab/sonar.yml) followed by [`sonar-scanner`](https://gitlab.com/woshilapin/cargo-sonar/-/blob/main/.gitlab/sonar.yml) with the [`sonar-project.properties` configuration file](https://gitlab.com/woshilapin/cargo-sonar/-/blob/main/sonar-project.properties).
The final result can be seen on [sonarcloud.io](https://sonarcloud.io/project/overview?id=woshilapin_cargo-sonar).

# Todo list

- [ ] add `cargo-deny` parsing
- [ ] add `cargo-outdated` parsing
- [ ] add `cargo-geiger` parsing
- [ ] create a Github Action (see [Docker Github Action](https://docs.github.com/en/actions/creating-actions/creating-a-docker-container-action))