This sample serves as a working example of using Zowe CLI and SonarQube to analyze source code contained in MVS data sets.
The sample includes a means to execute the analysis locally via npm scripts and via a Jenkins pipeline.
The sample will download the source files from the partitioned data-sets specified in properties.json and run the sonar-scanner CLI to analyze the source with SonarQube.
NOTE: After running the SonarScanner via npm run sonar, the downloaded source files will be deleted from the local directory.
For detailed information on configuration and execution, start with Prerequisites.
- Clone the project
- Configure properties.json
- Configure sonar-project.properties
- From the project root, run
npm run download -- --user yourTSOuserid --password yourTSOpassword - From the project root, run
npm run sonar
To use the sample locally you will need the following:
- Node.js and npm installed
- Zowe CLI 2.0.0 or greater installed
- A running instance of SonarQube Enterprise (supports COBOL and PL/I)
- The SonarScanner CLI installed
To use the Jenkins pipeline you will need the following:
- A running instance of Jenkins
- A Jenkins agent docker image/container with ubuntu:xenial
- The Jenkins SonarQube plugin installed in your Jenkins instance
- The Jenkins SonarScanner tool installed in your Jenkins instance
Note: The pipeline installs the latest version of Zowe CLI. The implication being, the container will need access to public npm. If your container already includes Zowe CLI, you can remove the Zowe CLI install pipeline stage.
After cloning the project, you must configure two files:
If you wish to use the Jenkins pipeline example, make sure you commit and push your configuration changes to a repository that your Jenkins instance can scan.
Example properties file:
{
"zosmfHost": "zosmf.hostname",
"zosmfPort": "1234",
"src": {
"cbl": [
"public.cobol1",
"public.cobol2"
],
"cpy": [
"public.cpybook1",
"public.cpybook2"
],
"pli": [
"public.pli1",
"public.pli2
]
}
}
Customize zosmf.hostname to be your z/OSMF host and 1234 to be your z/OSMF port.
The src property allows you to specify the language suffixes (the file extensions) and the data-sets where the source resides on your mainframe system.
For example, in the example properties.json above, cbl indicates that you want the script to download all members from public.cobol1/public.cobol2 and give each file an extension of .cbl. The sonar-project.properties is configured to recognize files with extension .cbl as COBOL source files.
NOTE: You can remove any suffixes under src if they do not apply.
NOTE: You can add any src suffix that SonarQube supports (.java, .js, etc.). Make sure you update the sonar-project.properties with the appropriate suffix configuration.
The sonar-project.properties file configures the sonar-scanner tool. You must provide the SonarQube URL and the project key that was generated by an adminstrator of your SonarQube instance.
The included properties file is sufficient for the sample after customization, however, more details can be found in the SonarScanner Documentation.
Once you have cloned the project and performed basic configuration you are ready to run the scripts locally.
Using your terminal/command prompt, navigate to the project root directory.
You can download the mainframe source to analyze by executing the following npm script:
npm run download -- --user MyTSOUser --password MyTSOPassword
Once the download script completes successfully, you can invoke the SonarQube scanner by executing the following npm script:
npm run sonar
The output of the sonar scanner should present you with a URL to view the results:
INFO: Analysis report generated in 312ms, dir size=135 KB
INFO: Analysis reports compressed in 66ms, zip size=57 KB
INFO: Analysis report uploaded in 226ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://your.sonar.instance:9000/dashboard/index/Zowe-CLI-COBOL
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://your.sonar.instance:9000/api/ce/task?id=AWvmkgUKF1loyaBDUqE2
INFO: Task total time: 13.487 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 17.231s
INFO: Final Memory: 26M/97M
INFO: ------------------------------------------------------------------------
NOTE: After the sonar scan completes, the source files will be deleted from the local machine. However, if an error occurs, you may have to delete the source files manually.
To use the Jenkins pipelines, you must push your changes to a repository that is accessible from your Jenkins instance.
To run the pipeline, complete the following:
- Setup a Jenkins build to scan your repository (Multibranch Pipeline, etc.)
- Install the Jenkins SonarQube plugin and under "Configure System" configure a "SonarQube server" with name "sonar enterprise test".
- Configure the SonarScanner tool under Jenkins "Global Tool Configuration".
- Configure a Jenkins SonarQube webhook in your SonarQube webhook administration.
- Configure your mainframe credential ID in Jenkins.
- Customize the Jenkinsfile - read the comment block.
Once you have completed the above steps, run the pipeline.