Lib.rs

Development toolsCargo plugins
#cargo #cli #sonar

app cargo-sonar

Helper to transform reports from Rust tooling for code quality, into valid Sonar report

by Jean SIMARD

23 releases (13 breaking)

0.14.1 Oct 21, 2022
0.13.0 Oct 20, 2022
0.12.0 Jul 19, 2022
0.11.0 Feb 4, 2022
0.9.0 Nov 29, 2021

#137 in Cargo plugins

Download history 125/week @ 2022-11-26 85/week @ 2022-12-03 99/week @ 2022-12-10 148/week @ 2022-12-17 44/week @ 2022-12-24 112/week @ 2022-12-31 160/week @ 2023-01-07 88/week @ 2023-01-14 186/week @ 2023-01-21 153/week @ 2023-01-28 326/week @ 2023-02-04 270/week @ 2023-02-11 416/week @ 2023-02-18 440/week @ 2023-02-25 347/week @ 2023-03-04 297/week @ 2023-03-11

1,541 downloads per month
Used in rrules

MIT license

49KB
1.5K SLoC

cargo-sonar

cargo-sonar help you to use the tools of the Rust community and report the information to Sonarcloud (or Sonarqube). You can even set it up in a Continuous Integration so this report is automatically forwarded to Sonar.

Table of contents

Installation

From source

git clone https://gitlab.com/woshilapin/cargo-sonar
cd cargo-sonar
cargo install --path .
cargo sonar --help

From crates.io

cargo install cargo-sonar
cargo sonar --help

From Docker/Podman

export CONTAINER_ENGINE=docker # or CONTAINER_ENGINE=podman
${CONTAINER_ENGINE} pull docker.io/woshilapin/cargo-sonar
${CONTAINER_ENGINE} run docker.io/woshilapin/cargo-sonar --help

By default, the working directory in the container is /tmp.

Use

cargo-sonar is only a tool to convert reports from other tools into Sonar compatible report (see Supported tools). Once the Sonar report is generated, it can be sent to sonarcloud.io or any SonarQube instance with sonar-scanner.

First generate a report from any supported tool, for example clippy.

cargo clippy --message-format > my-clippy-report.json

Then convert this report.

cargo sonar --issues clippy --clippy-path my-clippy-report.json

This creates a file sonar.json. You can now configure sonar-scanner with sonar.externalIssuesReportPaths=sonar.json in your sonar-project.properties file.

Supported tools

cargo-clippy

cargo clippy --message-format=json > clippy.json

cargo-audit

cargo audit --json > audit.json

cargo-deny

cargo deny --format json check 2> deny.json

Note that only advisories and licenses are supported at the moment.

cargo-outdated

cargo outdated --depth 1 --format json > outdated.json

--depth 1 is useful here since the conversion will not work on any dependency of greater depth.

cargo-udeps

cargo +nightly udeps --quiet --workspace --all-features --all-targets --output json > udeps.json

Examples

The best example out there at the moment is the project cargo-sonar itself. In the CI, you can see the generation of the clippy report and the audit report. Then, cargo sonar is executed followed by sonar-scanner with the sonar-project.properties configuration file. The final result can be seen on sonarcloud.io.

Release

All the release process is automated: each time you push a commit on main branch, the next version is automatically deduce from the conventional commit standard since last tag.

Sometimes, the CI might get into a problem. If you need to switch to manual release, here are the steps. Below, 1.2.3 is used as an example, please replace with the correct version.

Tagging

cog bump --auto

Package on crates.io

git checkout 1.2.3
cargo publish

Docker image

git checkout 1.2.3
buildah bud --layers --tag woshilapin/cargo-sonar:1.2.3
buildah push woshilapin/cargo-sonar:1.2.3

Todo list

Dependencies

~10–18MB
~326K SLoC