Deploying SonarQube on Coolify: A Complete Guide to Code Quality Analysis

Definitions

Code Quality Analysis

Code quality analysis helps developers write better, more secure, and maintainable code. It detects issues such as bugs, security vulnerabilities, and code smells that could lead to technical debt. Automated tools can analyze the code against best practices and provide insights for improvement.

SonarQube & SonarLint

SonarQube is a powerful platform for static code analysis. It scans your code, identifies problems, and provides detailed reports on quality, security, and maintainability. It is typically used in CI/CD pipelines to ensure code quality in teams.

SonarLint is a lightweight companion to SonarQube. It integrates directly into code editors (such as VS Code or IntelliJ) and provides real-time feedback on code quality issues before the code is even committed.

Docker

Docker is a platform that allows applications to run in isolated environments called containers. Instead of installing software directly on a server, Docker packages everything needed to run an application in a standardized way. This makes deployment more efficient, portable, and scalable.

Coolify

Coolify is a modern, open-source alternative to platforms like Heroku. It simplifies the deployment and management of applications, databases, and services with an easy-to-use interface. With Coolify, you can self-host applications without complex configurations.

Prerequisites

1. A Server with Coolify Installed

1. You need a server (VPS, dedicated server, or a cloud instance) where Coolify is installed and running.
2. Coolify supports Docker-based deployments, so make sure your server meets the requirements for running Docker
3. If you perfectly know how to use both Docker and Traefik, you can skip the Coolify installation and deploy SonarQube directly.

2. Sufficient Server Resources

SonarQube requires a decent amount of resources to run smoothly. At a minimum, your server should have:

1. 4GB RAM (8GB recommended for better performance)
2. 2 CPU cores
3. 10GB+ disk space (depending on code analysis history and database size)

3. A Domain Name (Optional but Recommended)

1. If you want to access SonarQube via a custom URL, you should have a domain and configure a reverse proxy with HTTPS (Coolify can help with this).

Step 1: Deploy SonarQube on Coolify

Log in to your Coolify dashboard.

You should see the Coolify dashboard with your applications and services, that you have deployed previously.

Create a new project

1. Head to the “Projects” section and click on “Create Project.”
2. Choose a name and a description for your project (e.g., “SonarQube”, “Code Quality Analysis Server”).

   A new production environment will be created for your project, this is where you will put the docker-compose file for SonarQube.

3. Click on “Add a new resource” and select “Docker Compose Empty” to create a new docker-compose file.

Configure the Docker Compose file

1. Copy the following Docker Compose configuration for SonarQube:

services:
  sonarqube:
    image: "sonarqube:community"
    hostname: sonarqube
    container_name: sonarqube
    read_only: true
    depends_on:
      db:
        condition: service_healthy
    environment:
      SONAR_JDBC_URL: "jdbc:postgresql://db:5432/sonar"
      SONAR_JDBC_USERNAME: sonar
      SONAR_JDBC_PASSWORD: sonar
    volumes:
      - "sonarqube_data:/opt/sonarqube/data"
      - "sonarqube_extensions:/opt/sonarqube/extensions"
      - "sonarqube_logs:/opt/sonarqube/logs"
      - "sonarqube_temp:/opt/sonarqube/temp"
    ports:
      - "9000:9000"
    networks:
      - ipv4
  db:
    image: "postgres:15"
    healthcheck:
      test:
        - CMD-SHELL
        - "pg_isready -q -d sonar -U sonar"
      interval: 10s
      timeout: 5s
      retries: 5
    hostname: postgresql
    container_name: postgresql
    environment:
      POSTGRES_USER: sonar
      POSTGRES_PASSWORD: sonar
      POSTGRES_DB: sonar
    volumes:
      - "postgresql:/var/lib/postgresql"
      - "postgresql_data:/var/lib/postgresql/data"
    networks:
      - ipv4
volumes:
  sonarqube_data: null
  sonarqube_temp: null
  sonarqube_extensions: null
  sonarqube_logs: null
  postgresql: null
  postgresql_data: null
networks:
  ipv4:
    driver: bridge
    enable_ipv6: false
  dual:
    driver: bridge
    enable_ipv6: true
    ipam:
      config:
        - subnet: 192.168.2.0/24
          gateway: 192.168.2.1
        - subnet: "2001:db8:2::/64"
          gateway: "2001:db8:2::1"

1. This Docker Compose file will deploy SonarQube with a PostgreSQL database. Make sure to adjust the resources and configurations as needed.

   I found this configuration on the official SonarQube documentation, you can customize it further based on your requirements. Coolify will automatically create the necessary volumes and networks for your project, it will also add some information to the docker compose file to make it work with Traefik.

2. Save the Docker Compose file and click on “Deploy” to start the deployment process.

Step 2: Configure SonarQube

Once the deployment is complete, you should see the SonarQube application running in your project environment. You can access it via the URL provided by Coolify or your custom domain if configured.

Log in to SonarQube

1. Open your browser and navigate to the SonarQube URL.
2. Log in with the default credentials (admin / admin).
3. You will be prompted to change the password and set up your organization.

Create a New Project

1. Click on the “Create new project” button.
2. Use the “From Github” option to import your project from a Git repository.
3. You might need to generate a token or link an organization to SonarQube to allow SonarQube to access your code repository.
4. Follow the on-screen instructions until it asks “How do you want to analyze your project?”

Analyze Your Code

1. Choose the “With GitHub Actions” option to set up automated code analysis in your CI/CD pipeline.
2. Create two new “Repository Secrets” in your GitHub repository: SONAR_TOKEN and SONAR_HOST_URL.

   The SONAR_TOKEN is generated in SonarQube under “My Account” > “Security” > “Generate Tokens.” The SONAR_HOST_URL is the URL of your SonarQube server.

3. Add the following GitHub Actions workflow to your repository:

name: Build

on:
  push:
    branches:
      - main

jobs:
  build:
    name: Build and analyze
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
      - uses: SonarSource/sonarqube-scan-action@v4
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
      # If you wish to fail your job when the Quality Gate is red, uncomment the
      # following lines. This would typically be used to fail a deployment.
      # - uses: SonarSource/sonarqube-quality-gate-action@v1
      #   timeout-minutes: 5
      #   env:
      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

The actual yaml can differ if you are using a specific framework or language, you can find more examples in the SonarQube documentation.

This one works perfectly with Javascript/Typescript projects !

1. Commit the changes to your repository and push them to trigger the GitHub Actions workflow.

Conclusion

Congratulations! You have successfully deployed SonarQube on Coolify and set up automated code analysis in your development pipeline. SonarQube will now scan your code for bugs, security vulnerabilities, and code smells, helping you improve code quality and maintainability.