Jenkins整合SonarQube实现代码审查
- SonarQube是一个用于管理代码质量的开放平台,可以快速的定位代码中潜在的或者明显的错误。
- 目前支持java,C#,C/C++,Python,PL/SQL,Cobol,JavaScrip,Groovy等二十几种编程语言的代码质量管理与检测
- 官网:https://www.sonarqube.org/
服务器列表
| 名称 | IP地址 | 安装的软件 | 硬件配置 | 系统 |
|---|---|---|---|---|
| 代码审查服务器 | 192.168.100.242 | SonarQube 6.7.7,MySQL5.7.43 | 1核2G | CentOS Linux release 7.5.1804 |
安装SonarQube
安装MySQL
# 在SonarQube服务器安装
# 下载 MySQL yum包
wget http://repo.mysql.com/mysql57-community-release-el7-10.noarch.rpm
# 安装MySQL源
rpm -Uvh mysql57-community-release-el7-10.noarch.rpm
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
# 安装MySQL
yum install mysql-community-server* -y
# 启动MySQL
systemctl start mysqld && systemctl enable mysqld
# 检查是否启动成功
systemctl status mysqld.service
# 获取临时密码并修改
grep 'temporary password' /var/log/mysqld.log
# 因为MySQL的密码规则复杂,全局修改
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Hahaha123@#';
FLUSH PRIVILEGES;
# 设置MySQL的字符集为UTF-8,令其支持中文
vim /etc/my.cnf
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html
[mysql]
default-character-set=utf8
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
default-storage-engine=INNODB
character_set_server=utf8
symbolic-links=0
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
# 重启MySQL,令配置生效
service mysqld restart
# 创建sonar数据库,用于存放代码审查后的结果
mysql -uroot -p'Hahaha123@#'
mysql> create database sonar;
Query OK, 1 row affected (0.00 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sonar |
| sys |
+--------------------+
5 rows in set (0.00 sec)
安装SonarQube
下载Sonarqube安装包:https://www.sonarqube.org/downloads/
# 安装jdk
yum install java-1.8.0-openjdk* -y
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-6.7.7.zip
unzip sonarqube-6.7.7.zip
mkdir /usr/local/sonar
mv sonarqube-6.7.7/* /usr/local/sonar/
# 创建sonar用户,必须使用sonar用户启动(或者其他名字普通用户),否则报错
useradd sonar
# 更改sonar目录及文件权限
chown -R sonar.sonar /usr/local/sonar/
# 修改sonarqube配置文件,对接数据库连接信息
vim /usr/local/sonar/conf/sonar.properties
16 sonar.jdbc.username=root
17 sonar.jdbc.password=Hahaha123@#
26 sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
# 注意:sonar默认监听9000端口,如果9000端口被占用,需要更改
111 sonar.web.port=9000
# 启动sonarqube,注:不能使用root账号,一定要使用sonar普通账号启动
su sonar /usr/local/sonar/bin/linux-x86-64/sonar.sh start # 也可关闭stop 查看状态status
#查看sonarqube日志
tailf /usr/local/sonar/logs/sonar.log
2023.08.08 09:34:53 INFO app[][o.s.a.SchedulerImpl] SonarQube is up # 表示正在启动
登陆SonarQube,默认有一个账号 admin 密码也是 admin
生成的秘钥需要保存,后续整合Jenkins的时候会使用
4c99cb3813022c4e83d3783df9b5094a41cc11d1
实现代码审查环境配置
代码审查流程图
安装SonarQube Scanner插件
Jenkins安装SonarQube Scanner软件,使用Jenkins UI界面自动安装,或是Linux服务器安装
创建SonarQube全局凭据
Jenkins配置SonarQube环境,以便Jenkins连接SonarQube
在项目添加SonaQube代码审查(非流水线项目)
自由风格项目默认会去找全局工具定义的工具,如SonarQube
# must be unique in a given SonarQube instance
sonar.projectKey=web_demo_freestyle # Jenkins交给SonarQube检查代码时为项目的标记,唯一的
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=web_demo_freestyle # 项目名称
sonar.projectVersion=1.0 # 版本号
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set. // SonarQube扫描的目录
sonar.sources=. # 指定扫描的代码路径 . 代表当前项目根目录下所有的代码 也可指定目录
sonar.exclusions=**/test/**,**/target/** # 扫描代码时不扫描的元素
sonar.java.binaries=target/classes
sonar.java.source=1.8 # JDK版本1.8
sonar.java.target=1.8
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8 # 源码编码格式 UTF-8
保存设置后构建项目
进入SonarQube查看代码审查结果
在项目添加SonaQube代码审查(流水线项目)
在项目根目录下,创建sonar-project.properties文件,文件名字唯一
# must be unique in a given SonarQube instance
sonar.projectKey=web_demo_pipline
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=web_demo_pipline
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.
sonar.exclusions=**/test/**,**/target/**
sonar.java.binaries=target/classes
sonar.java.source=1.8
sonar.java.target=1.8
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
更改Jenkinsfile文件
pipeline {
agent any
stages {
stage('pull code') {
steps {
checkout scmGit(branches: [[name: '*/${branch}']], extensions: [], userRemoteConfigs: [[credentialsId: 'a4d0066f-6c58-4ab0-b714-6a24b3f5bc90', url: 'git@192.168.100.240:beijingcar/web_demo.git']])
}
}
stage('code checking') {
steps {
script {
//引入SonerQubeScanner工具
scannerHome = tool 'sonar-scanner'
}
//引入SonarQube服务器环境
withSonarQubeEnv('sonarqube') {
sh "${scannerHome}/bin/sonar-scanner"
}
}
}
stage('build project') {
steps {
sh 'mvn clean package'
}
}
stage('publish project') {
steps {
deploy adapters: [tomcat8(credentialsId: 'd1f29d4b-2ca1-4d9b-b308-aec7efee7f18', path: '', url: 'http://192.168.100.250:8080')], contextPath: null, war: 'target/*.war'
}
}
}
post { // 添加port,对应stages
always {
emailext (
subject: '构建通知:${PROJECT_NAME} - Build # ${BUILD_NUMBER} - ${BUILD_STATUS}!',
body: '${FILE,path="email.html"}',
to: '1064981253@qq.com' // 多人发送需要将邮件地址写入
)
}
}
}
分别Push两个文件至Gitlab仓库
完成后重新构建项目
返回SonarQube查看代码审查结果,成功执行审查
扫一扫
1096
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
