Part 2 : Using SonarCloud with Travis CI auto build trigger

If you go through previous section Part 1: Travis CI introduction that would be helpful to follow my steps from this article.

Step 1 : Creating a user authentication token for your account on SonarCloud

     If we want to enforce security by not providing credentials of a real SonarCloud user to run your code scan, we have to provide a User Token as a replacement of the user login. This will increase the security of your installation by not letting your analysis user's password going through your network.

Step 2 : Encrypting generated Sonar token

      The easiest way to encrypt Sonar token with the public key is to use Travis CLI. This tool is written in Ruby and published as a gem. Please follow the link Install gem

Note : I suggest to use mac system to install gem if possible that would be easy to install & generate key.

travis encrypt SONAR_TOKEN

The above command generates encrypted Sonar token to use in travis.yml file

Step 3: Get SonarCloud.io Organization 

you want to push your project on and get its key

Step 4 : 

We have to create a sonar-project.properties file to the root folder of Android application.

sonar.projectKey=Same project key from the SonarCloud project

sonar.projectVersion=1.0

sonar.host.url=https://sonarcloud.io

sonar.organization=organization key from SonarCloud

sonar.projectName=Same project name from the SonarCloud project

sonar.login= SonarCloud Username

sonar.password= SonarCloud Password

# =====================================================
# Meta-data for the project
# =====================================================
sonar.sourceEncoding=UTF-8

sonar.sources=src/main/java

sonar.java.binaries=build

sonar.binaries=build

sonar.language=java

sonar.profile=Android Lint

Step 5: 

Add the following lines to your .travis.yml file to trigger the analysis.

Whenever user pushed to the specified branch in yml file, the sonar analysis triggers & generates measure data in “https://sonarcloud.io/”



Please feel free to share your queries.

Happy coding !!!

Part 1 - Integrating Travis CI with Android app

Why Continuous Integration (CI)?

CI is the practice of merging in small code changes frequently instead of merging large change at the end of a development cycle. The goal is to build healthier software without last minute surprises. Travis CI helps us out from this issue.

Travis CI automatically builds and tests code changes, then provides immediate feedback on the success of the change and failure case also. Travis CI can also automate other parts of your development process by managing deployments (i.e. uploading to Testfairy) and notifications (i.e. sending a message to slack).

How Travis works?

When you run a build, Travis CI clones our GitHub repository into a brand new virtual environment and carries out a series of tasks to build and test your code. If one or more of those tasks fails, the build is considered broken. If none of the tasks fail, the build is considered passed, and then Travis CI can deploy your code to a web server, or application host.

This service is free for open source projects and so easy to use that you will wonder why didn’t you use it before.

Are you ready to kick-start Travis CI?

To start using Travis CI, make sure you have:

• A GitHub account.
• Owner permissions for a project hosted on GitHub.

1. Go to Travis-ci.com and Sign up with GitHub.
2. Accept the Authorization of Travis CI. You’ll be redirected to GitHub.
3. Click the green Activate button, and select the repositories you want to use with Travis CI.
4. Add a .travis.yml file to your repository to tell Travis CI what to do. The following example specifies Android project that should be built with jdk and the latest versions of JDK 8.
5. Add the .travis.yml file to git, commit and push, to trigger a Travis CI build.
   Note: Travis only runs builds on the commits you push after you’ve added a .travis.yml file.
6. Check the build status page to see if your build passes or fails, according to the return status of the build command by visiting the Travis CI and selecting your repository.

Enabling continuous integration on GitHub

1. Once you have your repository created on GitHub click on Settings and Integrations & services. 
2. From the Add service drop-down menu choose “Travis CI” then “Add service”.
3. Navigate to https://travis-ci.org/profile and click on the switch next to the repository that you’d like the Travis builds to be run with.

Note: once you’ve switched on Travis builds on your repository a build will be triggered every a commit or a pull request is made. Without a .travis.yml file the build will fail. Configuring the .travis.yml will be done on the next step.

Setting up Travis builds

You need to add a .travis.yml file into the root of your project. This file will tell how Travis handles the builds.

At the beginning of your .yml file add the following parameters:

language: androidsudo: requiredjdk: oraclejdk8

sudo requirement is added because a license needs to be manually added later.

Specify the variables that are going to be used in the build. Set the ANDROID_BUILD_TOOLS and ANDROID_API to the same as specified in your projects build.gradle file.

env:global:- ANDROID_API=24- EMULATOR_API=21- ANDROID_BUILD_TOOLS=24.0.2- ADB_INSTALL_TIMEOUT=5 # minutes

Components 

The exact component names must be specified (filter aliases like the add-on or extra are also accepted). To get a list of available exact component names and descriptions run the command SDK manager --list.

android:components:- tools- platform-tools- build-tools-$ANDROID_BUILD_TOOLS- android-$ANDROID_API- android-$EMULATOR_API_LEVEL- extra-google-m2repository- extra-android-m2repository # for design library- addon-google_apis-google-19 # google play services- sys-img-armeabi-v7a-addon-google_apis-google-$ANDROID_API_LEVEL- sys-img-armeabi-v7a-addon-google_apis-google-$EMULATOR_API_LEVEL
licenses:- android-sdk-preview-license-.+- android-sdk-license-.+- google-gdk-license-.+

Before install part,

before_install:- mkdir "$ANDROID_HOME/licenses" || true- echo -e "\n8933bad161af4178b1185d1a37fbf41ea5269c55" >
"$ANDROID_HOME/licenses/android-sdk-license"- echo -e "\n84831b9409646a918e30573bab4c9c91346d8abd" > "$ANDROID_HOME/licenses/android-sdk-preview-license"- chmod +x gradlew- ./gradlew dependencies || true

The — ./gradlew dependencies || true is required if you get an error please install missing components using the SDK manager.

Script

- ./gradlew clean assembleAndroidAppRelease

The Gradle wrapper executes mentioned project at release build variant. If you intend to use Google Play Services with Travis, make sure you also use the Maven support library.

you will need to make sure to include the Maven repo in your root build.gradle file:

repositories {maven {url 'https://maven.google.com'}}

Setting up automatic builds

Travis can upload your project builds directly to other providers such as TestFairy. To be able to install a .apk file on an Android device the file needs to be signed.

Once the keystore file is created, place it in your project root. You’ll want to encrypt the file which is done with the Travis command-line command:

travis encrypt-file keystore.jks

After encrypting the file copy the generated script to the before_install section.Running the command will leave the old keystore file in place and will also generate a keystore.jks.enc file. Remove the original keystore file from the project and keep the encrypted one.

The keystore password and key password need to be added to the .travis.yml file, as they will be used in the .apk signing process. The passwords need to be encrypted though.




Copy the generated values to your .travis.yml in the environmental variables section (env). Do the same for both the keystore password and the key password.

The setup for the deployment is done in the before_deploy section of the .yml file. Here the jarsigner is used to sign the file with the keystore file provided, as well as to verify it.

before_deploy

- cp $TRAVIS_BUILD_DIR/.keystore $HOME- cd app/build/outputs/apk/- jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore $HOME/keystore.jks -storepass $storepass -keypass $keypass app-release-unsigned.apk yourapp_keystore
# Verification- jarsigner -verify app-release-unsigned.apk- "${ANDROID_HOME}/build-tools/24.0.2/zipalign -v 4 app-release-unsigned.apk yourapp.apk"

Next, it’s necessary to set up the deploy section of the .travis

deploy:provider: releasesfile: yourapp.apkskip_cleanup: trueon:repo: githubUsername/Repositorytags: truejdk: oraclejdk8api_key:secure: here goes the encrypted api key

You can generate the API key by going to your account settings on GitHub, Personal access tokens, Generate new token. Set the scope to public_repo and generate the token. Remember to copy the access token.





Encrypt the API key and add it to the deploy section under api_key. Remember to check the Travis WebLint before committing your changes.
When a commit is tagged the Travis deployment will be triggered.