sonarqube代码核查+jenkins构建判断
版本说明
sonarqube 8.9
sonar-scanner 4.7
sonarqube部署
官网文档地址https://docs.sonarqube.org/latest/setup/operate-cluster/
官方镜像仓库地址https://hub.docker.com/_/sonarqube
# 运行postgres数据库
$ docker run --name postgresqldb --restart=always -p 15432:5432 \
-e POSTGRES_USER=root \
-e POSTGRES_PASSWORD='qwer123333' \
-v /home/sonar/postgres/data:/var/lib/postgresql/data \
-d postgres:9.6
# 进入postgres容器,创建用户名和密码
$ docker exec -it postgresqldb bash
# 登录数据库
psql -U root -W
# 创建用户名和密码
create user sonar with password 'sonar_123';
create database sonar owner sonar;
grant all privileges on database sonar to sonar;
#复制配置文件
docker run -it --name sonarqube sonarqube:8.9-community /bin/bash
docker cp sonarqube:/opt/sonarqube/conf/ /home/sonar/conf/
# 运行sonarqube容器
docker run -d --name sonarqube --restart=always \
-p 9000:9000 \
-e sonar.jdbc.username="sonar" \
-e sonar.jdbc.password="sonar_123" \
-e sonar.jdbc.url="jdbc:postgresql://192.168.0.77:15432/sonar" \
-v /home/sonar/extensions:/opt/sonarqube/extensions \
-v /home/sonar/data:/opt/sonarqube/data \
-v /home/sonar/logs:/opt/sonarqube/logs \
-v /home/sonar/conf:/opt/sonarqube/conf \
sonarqube:8.9-community
sonar-scanner下载扫描客户端
文档地址 下载地址:https://docs.sonarqube.org/8.9/analysis/scan/sonarscanner/
#目录结构/home/sonar/sonar-scanner
sonar-scanner> ls
bin conf jre lib
#修改配置文件
cat conf/sonar-scanner.properties
#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here
#----- Default SonarQube server
#sonar.host.url=http://localhost:9000
#----- Default source code encoding
#sonar.sourceEncoding=UTF-8
sonar.host.url=http://192.168.0.77:9000
sonar.login=admin
sonar.password=aaaaaaa
sonar.exclusions=**/doc/** #排除核查的目录
jenkins配置
1 新增jdk sonar-scanner需要有jdk环境。由于我使用的是agent是镜像,所以需要在基础镜像中加入jdk(不做具体步骤)
2 pipline说明
将sonar-scanner 挂载到发布的容器agent内
def SONARLOCAL_PATH="/home/sonar/sonar-scanner" //定义了sonar-scanner宿主机目录
def SONAR_PATH="/opt/sonar-scanner" //定义了目标容器内目录
pipeline {
agent {
docker {
label 'jenkins-test'
image 'golang:1.17-alpine'
args "-v ${SONARLOCAL_PATH}:${SONAR_PATH}"
}
}
核查步骤 jenkins需要安装 HTTPRequest插件获取 代码核查结果
stage ("code_check") {
steps {
script {
sh """
apk add --no-cache curl
java -version
/opt/sonar-scanner/bin/sonar-scanner -v
/opt/sonar-scanner/bin/sonar-scanner -Dsonar.projectKey=${app_name}
"""
//sonar结果地址地址
def urlsonar = "http://192.168.0.77:9000/api/measures/component?component="
//定义了一个列表核查结果的类型
def typesonar = ['bugs','vulnerabilities','violations','duplicated_lines_density','coverage','ncloc']
//sonar平台的认证通过 posman获取
def authsonar = "YaaaaaaaFaaaa3Mz"
def retsonar = []
for (i in typesonar){
//使用HTTPRequest插件 ${app_name}为项目名metricKeys=${i} 是类型
def response = httpRequest httpMode: "GET", customHeaders: [[name: 'Authorization', value: "Basic ${authsonar}"]], url: "${urlsonar}${app_name}&metricKeys=${i}"
//定义获取的结果
def mes = response.content
//结果是个jison 字符串用" 进行字符串分割
def sampleText =mes.split('\"')
//将结果值取出来,定义为 float类型
def countsonar = sampleText[23] as float
// println(i+":"+sampleText[23])
//将各自结果放入一个列表
retsonar += countsonar
}
//打印查看结果
println("扫描bug数:"+retsonar[0])
println("扫描漏洞数:"+retsonar[1])
println("扫描异味数:"+retsonar[2])
println("代码重复率:"+retsonar[3])
println("代码覆盖率:"+retsonar[4])
println("总代码长度:"+retsonar[5])
//判断是否继续发布
if (retsonar[0] > 0) {
println("bug数太多,结束发布")
def code_check_status = "false"
// error "This pipeline stops here!"
} else{
def code_check_status = "success"
}
//判断是否继续发布
if (retsonar[1] > 0) {
println("漏洞数数太多,结束发布")
def code_check_status = "false"
// error "This pipeline stops here!"
} else{
def code_check_status = "success"
}
}
}
}
sonarqube不需要新建项目,sonar-scanner会自动新增
1215
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
