Docker部署sonar
1,postgre
docker run -d -p 5432:5432 --name postgres14 \
-e POSTGRES_USER=sonar \
-e POSTGRES_PASSWORD=sonar \
-e PGDATA=/var/lib/postgresql/data/pgdata postgres:14.2
2,sonar8.9
docker run -d -p 5209:9000 --name sonarqube \
-e SONAR_JDBC_USERNAME=sonar \
-e SONAR_JDBC_PASSWORD=sonar \
-e SONAR_JDBC_URL="jdbc:postgresql://192.168.10.10:5432/sonar" \
sonarqube:8.9.7-community
(192.168.10.10为容器所在本地主机)
3,sonar平台中安装denpendency及swift插件(sonar默认用户名密码admin/admin)
- denpendency安装后配置位置
2)swift安装后配置位置
4,集成infer
infer安装。
使用官方dockfile安装1.1。
(以下的 Dependency 、sonar-scanner、python3、mvn等工具都在此容器内手动配置安装)
注意点,安装过程中dockerfile有一步是下载infer二进制包的。这一、步是从github下载。很容易失败,提示返回码非0,也就是下载失败。可在dockerfile中把此步注释掉这步,先生成容器,然后使用浏览器下载infer二进制包后docker cp进容器,再按dockerfile中步骤进行设置安装。为加快安装速度,可以使用163的apt国内源。
本次使用的infer Dockerfile:
FROM debian:bullseye-slim
LABEL maintainer "Infer team"
RUN rm /etc/apt/sources.list && \
echo "deb http://mirrors.163.com/debian/ bullseye main non-free contrib" >> /etc/apt/sources.list && \
echo "deb-src http://mirrors.163.com/debian/ bullseye main non-free contrib" >> /etc/apt/sources.list && \
echo "deb http://mirrors.163.com/debian-security/ bullseye-security main" >> /etc/apt/sources.list && \
echo "deb-src http://mirrors.163.com/debian-security/ bullseye-security main" >> /etc/apt/sources.list && \
echo "deb http://mirrors.163.com/debian/ bullseye-updates main non-free contrib" >> /etc/apt/sources.list && \
echo "deb-src http://mirrors.163.com/debian/ bullseye-updates main non-free contrib" >> /etc/apt/sources.list && \
echo "deb http://mirrors.163.com/debian/ bullseye-backports main non-free contrib" >> /etc/apt/sources.list && \
echo "deb-src http://mirrors.163.com/debian/ bullseye-backports main non-free contrib" >> /etc/apt/sources.list && \
apt-get update && \
mkdir -p /usr/share/man/man1 && \
apt-get install --yes --no-install-recommends \
curl \
libc6-dev \
openjdk-11-jdk-headless \
sqlite3 \
xz-utils \
zlib1g-dev && \
rm -rf /var/lib/apt/lists/*
备注:如果有在扫描容器上安装python的需要。最好在infer的容器上安装python,不要在python容器上安装infer。安装方法:apt install python3,然后通过
1),wget https://bootstrap.pypa.io/get-pip.py
2), python3 get-pip.py 完成pip的安装
3), 在启动扫描容器时,加好-v 及-p参数。方便后面扩展功能
5,Dependency 集成
安装到infer及sonar-scan所在docker容器。为方便集成,sonar-scan、infer、dependency在一个容器内部署
6,Infer及denpendency扫描报告集成到sonar
1),infer报告合并(前提是已经正常infer扫描并生成报告了)
sonar安装sonar-swift组件后,并保证激活相关规则库。sonar-project.properties文件中添加:sonar.java.infer.report=infer-out/report.json或者在sonar-scanner命令行中加上-Dsonar.java.infer.report=infer-out/report.json。执行扫描时先完成infer扫描,后执行sonar-sanner,
2),denpendency 报告集成
先使用denpendency完成扫描,生成报告
sonar-project.properties文件中添加:
sonar.dependencyCheck.htmlReportPath=./dpreport/dependency-check-report.html
sonar.dependencyCheck.xmlReportPath=./dpreport/dependency-check-report.xml
sonar.dependencyCheck.jsonReportPath=./dpreport/dependency-check-report.json
添加后执行:sonar-sanner。
各组件安装配置完成后,对外提供一个http接口,用于集成到CI
from flask import Flask, request
from concurrent.futures import ThreadPoolExecutor
import os,datetime
app = Flask(__name__)
# 创建线程池执行器
executor = ThreadPoolExecutor(1)
# 待扫描的代码根目,可按自己情况调整
rootdir = "/home/work/procode"
@app.route('/sonar')
def testGet():
'''使用异步方式处理'''
proname = request.args.get('proname')
executor.submit(api_task,proname)
return "测试任务已提交"
def api_task(proname):
os.chdir(rootdir+"/"+proname)
r = os.system("infer run -- mvn package")
r = os.system("dependency-check.sh --disableRetireJS --disableNodeJS " \
"--project {} -s ./target --format ALL -o ./".format(proname)
)
r = os.system("sonar-scanner " \
"-Dsonar.projectKey={0} " \
"-Dsonar.projectName={0} " \
"-Dsonar.projectVersion=1.0 " \
"-Dsonar.sources=src " \
"-Dsonar.sourceEncoding=UTF-8 " \
"-Dsonar.language=java " \
"-Dsonar.java.binaries=target/classes " \
"-Dsonar.dependencyCheck.htmlReportPath=./dependency-check-report.html " \
"-Dsonar.dependencyCheck.jsonReportPath=./dependency-check-report.json " \
"-Dsonar.dependencyCheck.xmlReportPath=./dependency-check-report.xml " \
"-Dsonar.java.infer.report=infer-out/report.json ".format(proname)
)
if __name__ == '__main__':
app.run(host="0.0.0.0",port=5000,debug=True)