本文介绍gitlab代码托管平台集成gitlab-runner,并与sonar(sonarqube)配合,实现代码push到gitlab后,对代码进行静态扫描,生成质量报告。
环境说明
192.168.1.162 服务器上安装gitlab、gitlab-runner、sonar-scanner
192.168.1.161 服务器上安装sonarqube
环境准备
192.168.1.162服务器上需要安装git、jdk环境以及gitlab,这三个环境的安装不做多的介绍,不是重点
[root@devops-yanxiao-1-162 ~]# java -version java version "1.8.0_271" Java(TM) SE Runtime Environment (build 1.8.0_271-b09) Java HotSpot(TM) 64-Bit Server VM (build 25.271-b09, mixed mode) [root@devops-yanxiao-1-162 ~]# git --version git version 2.22.0 [root@devops-yanxiao-1-162 ~]# cat /opt/gitlab/embedded/service/gitlab-rails/VERSION 15.1.2
192.168.1.161服务器上安装jdk环境版本为jdk11
[root@devops-yanxiao-1-161 ~]# java -version java version "11" 2018-09-25 Java(TM) SE Runtime Environment 18.9 (build 11+28) Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11+28, mixed mode)
说明:为何安装的是jdk11,因为sonarqube在7.9以及7.9+版本需要jdk11的支持,本文安装的是sonarqube 9.5版本
gitlab-runner安装
gitlab-runner安装在192.168.1.162服务器,与gitlab是同一台服务器,注意gitlab-runner与gitlab版本需要匹配
gitlab-runner下载地址:Index of /gitlab-runner/yum/el7/ | 清华大学开源软件镜像站 | Tsinghua Open Source Mirror
下载
[root@devops-yanxiao-1-162 ~]# wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-runner/yum/el7/gitlab-runner-15.1.0-1.x86_64.rpm
安装
[root@devops-yanxiao-1-162 ~]# rpm -ivh gitlab-runner-15.1.0-1.x86_64.rpm
启动/重启
[root@devops-yanxiao-1-162 ~]# systemctl start gitlab-runner [root@devops-yanxiao-1-162 ~]# systemctl restart gitlab-runner
检查是否启动成功
[root@devops-yanxiao-1-162 ~]# systemctl status gitlab-runner
注册
[root@devops-yanxiao-1-162 ~]# gitlab-runner register Runtime platform arch=amd64 os=linux pid=55722 revision=76984217 version=15.1.0 Running in system-mode. Enter the GitLab instance URL (for example, https://gitlab.com/): http://192.168.1.162:9000 # 填写gitlab的web-ui地址 Enter the registration token: GR1348941__3BTxU_MVPU99sX2xVP # gitlab 上的token setting > CI/CD > Runners > Specific runners 就能看到 Enter a description for the runner: [devops-yanxiao-1-162]: this a test runner Enter tags for the runner (comma-separated): test # tag标签,可以随意命名,我理解的是这个runner会按照标签拾取任务 Enter optional maintenance note for the runner: Registering runner... succeeded runner=GR1348941__3BTxU_ Enter an executor: custom, parallels, ssh, docker+machine, docker-ssh+machine, kubernetes, docker, docker-ssh, shell, virtualbox: ssh # 注册executor的方式,这里选ssh,试了docker+machine,docker,parallels,shell都没有成功 Enter the SSH server address (for example, my.server.com): 192.168.1.162 Enter the SSH server port (for example, 22): 22 Enter the SSH user (for example, root): root Enter the SSH password (for example, docker.io): y36py5jz Enter the path to the SSH identity file (for example, /home/user/.ssh/id_rsa): /root/.ssh/id_rsa Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! [root@devops-yanxiao-1-162 ~]#
密钥生成
输入生成命令,连续回车
[root@devops-yanxiao-1-162 ~]# ssh-keygen -t rsa
检查gitlab-runner executor是否正常,登录gitlab
setting > CI/CD > Runners > Specific runners 看到图标是绿色则注册executor成功。
sonarqube安装
sonarqube安装9.5版本,需要jdk 11,安装在192.168.1.161服务器
下载
官网下载地址:Download | SonarQube,包含有社区版,企业版等等,本文介绍社区版安装
上传
将下载好的zip包上传并解压
启动
sonarqube 包含有elasticsearch,所以不能用root用户启动
# 创建用户,并用该用户启动 [root@devops-yanxiao-1-161 ~]# useradd sonarqube [root@devops-yanxiao-1-161 ~]# passwd sonarqube # 授权,更改所有权 [root@devops-yanxiao-1-161 ~]# chown -R sonarqube:sonarqube /usr/sonarqube [root@devops-yanxiao-1-161 ~]# su sonarqube [sonarqube@devops-yanxiao-1-161 root]$ /usr/sonarqube/bin/linux-x86-64/sonar.sh start # 查看启动日志 [sonarqube@devops-yanxiao-1-161 root]$ tail -f /usr/sonarqube/logs/sonar.log
启动成功后默认账号密码:admin/admin
sonarqube支持在线搜索、安装插件
支持线下安装插件
线下下载好的插件jar,放入$SONAR_HOME/extensions/plugins目录中,然后重启sonarqube
sonar-scanner 安装
sonar-scanner和gitlab,gitlab-runner安装在同一台服务器
下载解压
[root@devops-yanxiao-1-162 ~]# wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.0.0.1744-linux.zip [root@devops-yanxiao-1-162 ~]# unzip sonar-scanner-cli-4.0.0.1744-linux.zip [root@devops-yanxiao-1-162 ~]# mv sonar-scanner-cli-4.0.0.1744-linux /usr/sonar-scanner
配置环境变量
[root@devops-yanxiao-1-162 sonar-scanner]# vim /etc/profile
# 将SONAR_RUNNER_HOME添加到PATH中 export SONAR_RUNNER_HOME=/usr/sonar-scanner export PATH=/usr/local/git/bin:$JAVA_HOME/bin:$SONAR_RUNNER_HOME/bin:$PATH
[root@devops-yanxiao-1-162 sonar-scanner]# source /etc/profile [root@devops-yanxiao-1-162 sonar-scanner]# sonar-scanner --version INFO: Scanner configuration file: /usr/sonar-scanner/conf/sonar-scanner.properties INFO: Project root configuration file: NONE INFO: SonarQube Scanner 4.0.0.1744 INFO: Java 11.0.3 AdoptOpenJDK (64-bit) INFO: Linux 3.10.0-1160.el7.x86_64 amd64 [root@devops-yanxiao-1-162 sonar-scanner]#
配置连接sonarqube
[root@devops-yanxiao-1-162 conf]# vim /usr/sonar-scanner/conf/sonar-scanner.properties
# sonarqube url sonar.host.url=http://192.168.1.161:9000 # 登录账号 sonar.login=admin sonar.password=1234 sonar.sourceEncoding=UTF-8
测试
在gitlab上新建项目,并clone到windows环境,此步骤略
创建.gitlab.yml文件
注意:.gitlab.yml名字的.不能去掉,其次.gitlab.yml文件必须在项目的根目录,与src、pom.xml文件是同一目录
.gitlab.yml文件内容
stages: - test job1: stage: test only: - main script: - sonar-scanner -Dsonar.projectKey=$CI_PROJECT_NAME -Dsonar.host.url=http://192.168.1.161:9000 -Dsonar.login=admin -Dsonar.password=1234 -Dsonar.sources=. -Dsonar.java.binaries=. -Dsonar.java.source=11 -Dsonar.analysis.CI_COMMIT_REF_NAME=$CI_COMMIT_REF_NAME
说明:
$CI_PROJECT_NAME获取项目的名字,
$CI_COMMIT_REF_NAME是push的分支名称
当触发push操作后,就能在gitlba 项目名称 > CI/CD > Pipelines 下看到任务在执行