engineering

# Using Sonar in Swift

At Novoda we find it extremely important to measure the efficiency of a team and the quality of our work.
To do so, we need tools that help us demonstrate our capability and competence in developing trustable and powerful software, as well as analyzing the code we deliver.

### Code Analysis

Metrics have always been a guidance tool to help those inquisitive enough to decide the future of their choices and organization. However as technology has evolved, metrics and code analysis must evolve as well. Code analysis is nothing more than inspecting and investigating the code produced, generally used to find bugs or ensure conformance to coding guidelines. When integrated into the build process it helps maintain code quality.

### What is Sonar?

It is an open-source quality management platform, dedicated to continuously analyze and measure technical quality, from project portfolio to method.

In other words, Sonar is a web-based code quality analysis tool for Java projects that can be extended with open-source plugins. In particular, it has been extended to iOS projects, thanks to the open-source community, and it supports Objective-C and Swift languages.

Sonar for iOS covers a generous area of code quality check points which include:

• Architecture & Design
• Complexity
• Duplications
• Coding Rules
• Potential Bugs
• Unit Test

And that is where sonar-swift comes in, an open-source initiative for Apple's programming language Swift, based on the sonar-objective-c plugin.

### Sonar in Swift

The Swift plugin developed by Backelite has helped people to integrate Sonar in Swift projects, and I will be covering the following points which I find the most useful ones:

#### Code coverage

Code coverage is one of the measurements available in Sonarqube, that describes how many lines of your code are executed while the automated tests are running.
Sonar-Swift will give you the chunk of the code that is executed, as well as allow you to drill into the data and see exactly which lines of code were and were not executed during a particular test.

Having code coverage setup in your project helps to keep your code maintainable and easy to change and having a test suite that covers most or all of your application means that you will have more security that something is not going to collapse in production.

#### Maintainability

Sonar maintainability is the number of code smells plus the technical debt you have in your code according to a set of predefined rules (based on the Lint you're using).

Sonar provides a simple rating for each section which allow you to quickly see how well the app being analyzed is performing.

#### Reliability

Reliability is equated to correctness, the number of bugs found and fixed, how consistent the application is in delivery and confidence in known outcomes of code routines.

The ability of a system or component to perform its required functions under stated conditions for a specified period of time.

#### Security

Regarding security, Sonar covers the number of vulnerabilities that can be found in the project. The effort to fix all vulnerability issues is shown in minutes.

### Setting up Sonar for Swift

Installing and configuring Sonar for Swift takes a few steps, running a local (or remote) Sonar server, installing the Swift plugin and then setup your Swift project. Lets run through each step now.

Adding Sonar to your Swift project is easy, and I highly recommend you do so. But first you have to make sure you have a Sonar server running locally, this can be done by following the steps under the Prerequisites section in the Sonar-Swift open-source page.

After installing the Sonar server locally, you need to add support for Swift in Sonar, and it can be done by downloading the latests Swift plugin from the Releases page on the Sonar Swift website. Then, move the .jar to the plugins folder where the Sonarqube server has been installed (\$SONARQUBE_HOME/extensions/plugins).

The next step is to add the Swift Sonar script run-sonar-swift.sh to somewhere in your path. If you are just running it for one Swift project I would recommend adding it to the root folder of your project. It can also be downloaded from the Releases page or you can access it directly here.

Once you have done the previous steps, you should restart the Sonar server using sonar restart in the command line in order to apply the plugin and start supporting Swift. We still need to configure our project to gather data to feed Sonar but we are done with the server part.

N.B. if you are having trouble installing sonar-runner, note that it has been renamed to sonar-scanner so instead use sonar-scanner.

#### Configuring the Swift project:

It’s time to configure your project to be able to generate useful reports for Sonar, and to start gathering information from the project. This is done by downloading and adding sonar-project.properties file beside the .xcodeproj file, in your Xcode project root folder.

To make it work we need to update this file to match the iOS project by setting a few keys such as sonar.projectKey, sonar.projectName, sonar.swift.project, sonar.swift.workspace and sonar.swift.appScheme.

Once you have completed all the steps above, you can run the script run-sonar-swift.sh and see the magic happening. It will create a folder called sonar-reports in the project directory where the reports will be stored.

N.B. if you are having trouble running the run-sonar-swift.sh script make sure you give write permission to the folder called sonar-reports.

Open locahost:9000 in your browser to see the Sonar results.

### Conclusion

Software quality is key when developing a trustable and reliable product, and Sonar-Swift allows you to measure the impact of technical debt and the decisions you take during development.

It is a highly recommended tool that demonstrates and generates useful metrics that will help maintain code quality throughout the entire development process.

Understanding the capability and competence of the development team, while developing a complex software system, is important to be able to better plan timelines and deliverables.

### What is the next step?

Try it out and start analyzing your code as well as generating metrics out of it.
What to share knowledge on the usage of Sonar Swift? Leave me a tweet!