sonar接入及整合jekins
1.概述
SonarQube是一个开源的代码质量管理系统。工作原理如下,扫描方扫描代码并分析,上传至服务器解析。
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Y8cW64wI-1634030167833)(C:\Users\ntdz_yangshuo1\Desktop\sonar\Snipaste_2021-10-09_09-25-58.png)]
2.扫描方实现
1.maven引入插件
父子工程中,子类可以使用父类的插件,插件只需要在父类pom文件中引入。
<build>
<!-- sonar插件配置 -->
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.2</version>
</plugin>
<!-- jacoco插件配置 -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.5</version>
<executions>
<execution>
<id>pre-test</id>
<goals>
<goal>prepare-agent</goal>
</goals>
<configuration>
<propertyName>jacocoArgLine</propertyName>
<destFile>${sonar.jacoco.reportPaths}</destFile>
<append>true</append>
</configuration>
</execution>
<execution>
<id>post-test</id>
<phase>test</phase>
<goals>
<goal>report</goal>
</goals>
<configuration>
<dataFile>${sonar.jacoco.reportPaths}</dataFile>
<outputDirectory>${project.basedir}/jacoco</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<!-- Junit插件配置 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.16</version>
<configuration>
<includes>
<include>**/*Test*.java</include>
</includes>
<skipTests>${skipTest}</skipTests>
<testFailureIgnore>true</testFailureIgnore>
<!--<argLine>${jacocoArgLine}</argLine>-->
<!--<forkMode>once</forkMode>-->
</configuration>
</plugin>
</plugins>
</build>
父工程配置不同环境,可以配置多个profile执行命令时加入 -P指定环境
<profiles>
<profile>
<!--持续集成sonar配置-->
<id>sonar</id>
<activation>
<!--指定是否默认激活-->
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<!-- 配置各处室的Sonar服务器,电子渠道:22.5.65.20 -->
<sonar.host.url>http://22.5.65.18:9000</sonar.host.url>
<!-- 扫描代码路径 -->
<sonar.sources>src/main</sonar.sources>
<!-- 上传报告超时时间(s) -->
<sonar.ws.timeout>6000</sonar.ws.timeout>
<!-- 启用权限控制时,需要输入注册的用户名和密码 -->
<!--<sonar.login>caiyingbang</sonar.login>
<sonar.password>caiyingbang</sonar.password>-->
<!--是否跳过测试-->
<skipTest>false</skipTest>
<!-- 增量代码扫描参数,多个文件用逗号隔开 -->
<sonar.inclusions>**/*</sonar.inclusions>
<sonar.jacoco.reportPaths>${project.basedir}/target/jacoco.exec</sonar.jacoco.reportPaths>
</properties>
</profile>
</profiles>
使用sonar命令前需要先编译和测试
mvn -U clean test compile sonar:sonar
3.整合jenkins
使用pipeline工程
@Library('common-lib') _
pipeline {
agent {
node {
label 'sonar'
}
}
environment {
REPOSITORY = "28.4.193.23:5000/test/jenkins-slave-java1-7:${BUILD_NUMBER}"
def umail = ""
def message = ""
def code_review_path = ""
def err_msg = ""
def gitNameSpace = ""
def code_review_mail=""
def code_review_mail_cc=""
def jenkins_sender="jenkinsci@csmail.citicbank.com"
def mail_recv_bcc="maoshibo@csmail.citicbank.com"
def mail_test_cc=""
def mail_alone_test=""
def userId = ""
def branchName = ""
def sonarBranchName = ""
gitlabSourceNamespace= ""
gitlabSourceRepoName= ""
def version = new Date().format('yyyyMMddHHmmss')
}
options {
gitLabConnection('gitlab-fcbc')
}
stages{
stage ('clone gitlab') {
steps {
gitlabCommitStatus("clone gitlab in push"){
echo "gitlabSourceBranch-> ${env.gitlabSourceBranch}"
echo "branch_name -> ${env.branch_name}"
echo "NameSpace -> ${env.gitlabSourceNamespace}"
echo "1.CLONE GITLAB"
script{
if(env.gitlabSourceBranch == null){
branchName = "${env.branch_name}"
} else {
branchName = "${env.gitlabSourceBranch}"
}
sonarBranchName = "${branchName}".substring(0,7)
gitNameSpace = "${env.gitlabSourceNamespace}".toLowerCase()
}
echo "branchName:${branchName}"
echo "sonarBranchName:${sonarBranchName}"
echo "gitNameSpace:${gitNameSpace}"
echo "repoName:${repoName}"
git credentialsId: 'jksc-ssh', url: 'ssh://git@git.citicbank.com:5022/fcbc/fcbc-interface-server.git' , branch: '${branch_name}'
script {
umail = sh(script:'git show --pretty=format:"%ae" $gitlabAfter|head -n 1',returnStdout:true).trim()
sonarBranch="${env.gitlabTargetBranch}".substring(0,7)
}
echo "umail:${umail}"
}
}
}
stage ('sonar scan') {
steps {
gitlabCommitStatus("compile and sonar scan in push"){
echo "2. sonar scan"
withSonarQubeEnv('sonar-test'){
sh """
echo -----------------------------------------------------------------
mvn -U -X clean test sonar:sonar -Dsonar -Dsonar.projectKey=com.citicbank.fcbc:${repoName} -Dsonar.projectName=${repoName} -Dsonar.host.url=http://22.4.15.55:9000 -Dsonar.java.binaries=./ -Dsonar.login=$token -Dsonar.projectVersion=${version} -Dsonar.branch=feature
"""
}
}
}
}
stage("Quality Gate"){
steps {
gitlabCommitStatus('Quality Gate'){
echo "5. quality gate"
timeout(time: 10) {
waitForQualityGate abortPipeline: true
}
}
}
}
}
}
itlabCommitStatus(‘Quality Gate’){
echo “5. quality gate”
timeout(time: 10) {
waitForQualityGate abortPipeline: true
}
}
}
}
}
}