12 Feb 2014

Jenkins integration

One of the main features of SensioLabsInsight service is that it integrates smoothly into your existing workflow and technical infrastructure. We know that most companies use Jenkins as their continuous integration server and for that reason, SensioLabsInsight provides out-of-the-box Jenkins integration.

Setting Up the Environment

Jenkins integration is performed through the SensioLabsInsight API. The easiest way to use this API is via the PHAR version of its command line tool. Download it from http://get.insight.sensiolabs.com/insight.phar, or execute the following commands:

# download it with cURL
$ curl -o insight.phar -s http://get.insight.sensiolabs.com/insight.phar

# download it with wget
$ wget http://get.insight.sensiolabs.com/insight.phar

Check that the insight.phar file has been correctly downloaded by executing the following command that lists all your projects configured on Insight:

$ php insight.phar projects

The first time you execute insight.phar, you will be prompted for your SensioLabsInsight API token and user UUID. You can find this information in the API/SDK tab of your SensioLabsInsight account preferences:

The insight.phar file will optionally save these credentials for you to reuse them for the next commands. To override these stored credentials, use the --api-token and --user-uuid command options.

Integrating SensioLabsInsight Reports into Jenkins Builds

First, make sure that you have installed the PMD plugin, which is required to process the SensioLabsInsight reports generated in PMD format. Then, create a new build command that executes the following:

#!/bin/sh
php insight.phar analysis --format=pmd > insight-pmd.xml

Finally, add a new post-build action in Jenkins to publish the PMD analysis results stored in the insight-pmd.xml file.

And that's all! From there on, whenever a new build is initiated by Jenkins, a new analysis will be triggered in SensioLabsInsight and the results will be integrated directly into your Jenkins output.

Click on the report details to view the complete list of violations, including the file and line of code where each one was found:

Improving Your Deployment Process

Deploying code that contains security exploits and performance bottlenecks can pose a serious threat to your company. Integrating SensioLabsInsight into your deployment process via Jenkins prevents you from deploying bad code into production servers.

Start by adding a new fail-condition option to the analysis command and then set the condition that will cause the build to fail:

$ php insight.phar analysis <UUID> --format="pmd" \
      --fail-condition="counts.security > 0"

The counts.security > 0 expression is a good starting point to prevent the deployment of dangerous code, but you can use any other condition built with the ExpressionLanguage component.

The two variables that can be used in the expressions are called analysis and counts. The analysis variable stores all the information about the analysis as defined by the Analysis.php model class. The count variable stores the number of violations grouped by category. Combining both variables you can build very powerful expressions:

// the project has a too low grade
analysis.grade in ['none', 'bronze']

// the project has a lot of violations, including some performance issues
analysis.nbViolations > 50 and counts.performance > 0

// the technical debt of the project is too high
analysis.remediationCost > 100
comments powered by Disqus