集成sonarqube
內容
- SonarQube基礎簡介
- 配置GitLabCI代碼掃描
- 配置GitLabCI合併掃描
準備工作
參考鏈接:https://docs.sonarqube.org/latest/analysis/gitlab-cicd/
擴展插件: https://github.com/mc1arke/sonarqube-community-branch-plugin/releases
Gitlab內置環境變量: http://192.168.1.200:30088/help/ci/variables/README#variables
在SonarQube中創建項目組添加用戶,爲用戶分配權限。使用用戶token分析掃描項目。
準備用戶
創建羣組
創建權限模板
分配權限,一般給這個組中的成員管理員權限
爲項目授權權限模板
添加token
掃描分析
jobs/codeanalysis.yml
.codeanalysis-java:
stage: code_analysis
tags:
- build
script:
- echo $CI_MERGE_REQUEST_IID $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME $CI_MERGE_REQUEST_TARGET_BRANCH_NAME
- "$SCANNER_HOME/bin/sonar-scanner -Dsonar.projectKey=${CI_PROJECT_NAME} \
-Dsonar.projectName=${CI_PROJECT_NAME} \
-Dsonar.projectVersion=${CI_COMMIT_REF_NAME} \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription=${CI_PROJECT_TITLE} \
-Dsonar.links.homepage=${CI_PROJECT_URL} \
-Dsonar.sources=${SCAN_DIR} \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports \
-Dsonar.branch.name=${CI_COMMIT_REF_NAME}"
artifacts:
paths:
- "$ARTIFACT_PATH"
template/java-pipeline.yml
include:
- project: 'cidevops/cidevops-gitlabci-service'
ref: master
file: 'jobs/build.yml'
- project: 'cidevops/cidevops-gitlabci-service'
ref: master
file: 'jobs/test.yml'
- project: 'cidevops/cidevops-gitlabci-service'
ref: master
file: 'jobs/codeanalysis.yml'
variables:
BUILD_SHELL: 'mvn clean package -DskipTests' ##構建命令
CACHE_DIR: 'target/'
TEST_SHELL : 'mvn test' ##測試命令
JUNIT_REPORT_PATH: 'target/surefire-reports/TEST-*.xml' ##單元測試報告
# 代碼掃描
SCANNER_HOME : "/usr/local/buildtools/sonar-scanner-3.2.0.1227-linux"
SCAN_DIR : "src"
ARTIFACT_PATH : 'target/*.jar' ##製品目錄
cache:
paths:
- ${CACHE_DIR}
stages:
- build
- test
- code_analysis
build:
stage: build
extends: .build
rules:
- when: on_success
test:
stage: test
extends: .test
rules:
- when: on_success
code_analysis:
stage: code_analysis
extends: .codeanalysis-java
實現效果
Pull request集成
配置SonarQube,添加gitlabtoken 和服務信息。系統設置 -> pull request。
注意下面的配置在配置文件中定義不生效哦,可能是因爲版本的問題導致的。暫且忽略。
com.github.mc1arke.sonarqube.plugin.branch.pullrequest.gitlab.token=b8Gs1quX5GSeHwyuMWyY
com.github.mc1arke.sonarqube.plugin.branch.pullrequest.gitlab.url=http://192.168.1.200:30088
sonar.pullrequest.provider=GitlabServer
如果你想通過API操作可以參考:
curl -u “ $ SONAR_API_TOKEN ” -X POST “ http://sonarqube.example.com/api/settings/set?key=sonar.pullrequest.provider&value=GitlabServer ”
curl -u “ $ SONAR_API_TOKEN ” -X POST “ http: //sonarqube.example.com/api/settings/set?key=com.github.mc1arke.sonarqube.plugin.branch.pullrequest.gitlab.url&value=http://gitlab.example.com “
curl -u ” $ SONAR_API_TOKEN “ -X POST ” http://sonarqube.example.com/api/settings/set?key=com.github.mc1arke.sonarqube.plugin.branch.pullrequest.gitlab.token&value= $ GITLAB_TOKEN “
添加掃描作業,主要是分析參數。
.codeanalysis-mr:
stage: code_analysis
only:
- merge_requests
tags:
- build
script:
- "$SCANNER_HOME/bin/sonar-scanner -Dsonar.projectKey=${CI_PROJECT_NAME} \
-Dsonar.projectName=${CI_PROJECT_NAME} \
-Dsonar.projectVersion=${CI_COMMIT_REF_NAME} \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription=${CI_PROJECT_TITLE} \
-Dsonar.links.homepage=${CI_PROJECT_URL} \
-Dsonar.sources=${SCAN_DIR} \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports \
-Dsonar.pullrequest.key=${CI_MERGE_REQUEST_IID} \
-Dsonar.pullrequest.branch=${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} \
-Dsonar.pullrequest.base=${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} \
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME} \
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} \
-Dsonar.gitlab.project_id=${CI_PROJECT_PATH} \
-Dsonar.pullrequest.gitlab.repositorySlug=$CI_PROJECT_ID "
#-Dsonar.branch.name=${CI_COMMIT_REF_NAME} -X "
templates/java-pipeline.yml
include:
- project: 'cidevops/cidevops-gitlabci-service'
ref: master
file: 'jobs/build.yml'
- project: 'cidevops/cidevops-gitlabci-service'
ref: master
file: 'jobs/test.yml'
- project: 'cidevops/cidevops-gitlabci-service'
ref: master
file: 'jobs/codeanalysis.yml'
variables:
BUILD_SHELL: 'mvn clean package -DskipTests' ##構建命令
CACHE_DIR: 'target/'
TEST_SHELL : 'mvn test' ##測試命令
JUNIT_REPORT_PATH: 'target/surefire-reports/TEST-*.xml' ##單元測試報告
# 代碼掃描
SCANNER_HOME : "/usr/local/buildtools/sonar-scanner-3.2.0.1227-linux"
SCAN_DIR : "src"
ARTIFACT_PATH : 'target/*.jar' ##製品目錄
cache:
paths:
- ${CACHE_DIR}
stages:
- build
- test
- code_analysis
build:
stage: build
extends: .build
rules:
- when: on_success
test:
stage: test
extends: .test
rules:
- when: on_success
code_analysis:
stage: code_analysis
extends: .codeanalysis-java
codeanalysis_mr:
stage: code_analysis
extends: .codeanalysis-mr
創建合併請求運行流水線,最終效果。
一起學習呀:
