Good Code

and SonarQube

Key points

• What is Good Code?
• How to fight for Good code?
• What is Sonar and what it is good for? 

Context

• Product

• 2 lines

• large long lasting projects

• ephemeral projects

• Good code

• Perfect code

• Continuous Code Quality

Small survey

• Who currently works on project that is older than one year?
• Who has a perfect code on his project?
• Who uses Sonar?
• What other instruments do you use? 

What is Good Code?

• Fast

• Reliable/Robust

• Secure

• Maintainable

• Readable

• Extendable

• Replaceable

• Reusable

Good code reads like a well-written manual and runs like a well oiled machine.

How do you know you're writing good code?

When you have to go back and add/modify a feature, is it difficult? Do you constantly break existing functionality when making changes?

Recipe of the Perfect code?

Code Complete

Continuous Learning

Continuous Code Quality

Confucius, he says.

Scrum teams care very much about their code quality.

Ensure the quality is above accepted threshold.

Continuous Code Quality

• Coding Standards
• Drupal Practice

• Sonar (Cyclomatic Complexity, Cognitive complexity, Code smell, Bug, Vulnerability, etc)

Automated Code review

• Pre-commit hook
  • ​Review Coding standards,
  • Review Drupal Practices
• Merge Request
  • Sonar Code review
• Daily review in Sonar
• Weekly review progress in Sonar

What is Sonar?

https://www.sonarqube.org/ 

Sonar Metrics

• Reliability
• Security
• Maintainability
• Coverage
• Duplications
• Size
• Complexity
• Issues

Sonar Rules

• convention
• ps2
• brain-overload
• cert
• cwe
• misra
• pitfall
• suspicious
• unused
• clumsy
• performance

• Bug
• Vulnerability
• Code Smell

Type

Tag

• Blocker
• Critical
• Major
• Minor
• Info

Severity

Categorization

Complexity

• Cyclomatic Complexity
• Cognitive Complexity

https://www.sonarsource.com/docs/CognitiveComplexity.pdf

while it accurately calculates the minimum number of test cases required to fully cover a method, it is not a satisfactory measure of understandability.

Illustration of the problem

Cognitive Complexity

A Cognitive Complexity score is assessed according to three basic rules:

• Ignore structures that allow multiple statements to be readably shorthanded into one
• Increment (add one) for each break in the linear flow of the code
• Increment when flow-breaking structures are nested

Sonar

Review Merge Request

Sonar

Project Dashboard

Sonar

Issues Dashboard

Working with Sonar

convention

1. Issues found in merge request should be fixed.
2. New projects should pass Sonar Quality gate.

There are several categories of issues in Sonar:

• Blocker, - must be fixed asap,
• Critical, - should be fixed,
• Major, - should be reviewed and fixed when possible, developers should be warned and should avoid producing similar issues in new code, merge is allowed
• Minor, - should be reviewed and avoid, merge is allowed
• Info, - needs review, merge is allowed

Why good metrics values do not equal good quality

References

• https://refactoring.guru/refactoring/smells
• Steve McConnell Code Complete https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670   
• http://docs.cibox.tools/en/latest/Best-practices/PHP-and-Drupal/#php
• Some articles:
  • https://habrahabr.ru/post/266969/
  • https://habrahabr.ru/post/206868/ ,
  • https://dou.ua/lenta/articles/perfect-code/
• https://sonarcloud.io/component_measures?id=drupal