SonaQube代码审查平台
SonarQube是一个用于管理代码质量的开放平台,可以快速的定位代码中潜在的或者明显的错误。目前支持java,C#,C/C++,Python,PL/SQL,Cobol,JavaScrip,Groovy等二十几种编程语言的代码质量管理与检测。
官网:https://www.sonarqube.org/
安装SonarQube
1)安装MySQL(会把一些代码审查的结果保存到数据库)
2)安装SonarQube
在MySQL创建sonar数据库
create database sonar;
下载sonar压缩包: https://www.sonarqube.org/downloads/
解压sonar,并设置权限
yum install unzip
unzip sonarqube-6.7.4.zip #解压
mkdir /opt/sonar #创建目录
mv sonarqube-6.7.4/* /opt/sonar #移动文件
useradd sonar #创建sonar用户,必须sonar用于启动,否则报错
chown -R sonar. /opt/sonar #更改sonar目录及文件权限修改sonar配置文件
vi /opt/sonarqube-6.7.4/conf/sonar.properties
内容如下:
sonar.jdbc.username=root sonar.jdbc.password=Root@123
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs= maxPerformance&useSSL=false
注意:sonar默认监听9000端口,如果9000端口被占用,需要更改。启动sonar
cd /opt/sonarqube-6.7.4
su sonar ./bin/linux-x86-64/sonar.sh start 启动
su sonar ./bin/linux-x86-64/sonar.sh status 查看状态
su sonar ./bin/linux-x86-64/sonar.sh stop 停止
tail -f logs/sonar.logs 查看日志访问sonar http://192.168.66.101:9000
默认账户:admin/admin创建token
bb8b6c53d9d921e101343cef0395243e6c1dc8a3
token要记下来后面要使用
实现代码审查
安装SonarQube Scanner插件
Jenkins进行SonarQube配置
Manage Jenkins->Configure System->SonarQube servers
Manage Jenkins->Global Tool Configuration
然后在Global Tool Configuration里点击新增SonarQube Scanner,点击install automatically,点击保存
然后在configure system里,点击SonaQube Servers,添加之前安装的sonarQube的地址,localhost:9000
添加SonarQube凭证,这里要填写之前保存的那个秘钥
SonaQube关闭审查结果上传到SCM功能
在项目添加SonaQube代码审查(非流水线项目)
在Jenkins中点击之前的freestyle项目 ---- 配置 ---- 可以看到之前写的构建shell,添加构建步骤
----Execute SonarQube Scanner----
Task to run::scan
jdk:在Jenkins里配置过的jdk
Analysis properties内容为:
# must be unique in a given SonarQube instance
sonar.projectKey=web_demo
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=web_demo
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
# 扫描的路径
sonar.sources=.
sonar.exclusions=**/test/**,**/target/**
sonar.java.source=1.8
sonar.java.target=1.8
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
在Jenkins里的freestyle项目点击构建,在项目里随便写个100/0,然后push,点击构建,在sonaQube里就能看到报错。
在项目添加SonaQube代码审查(流水线项目)
1)IDEA项目根目录下,创建sonar-project.properties文件
# must be unique in a given SonarQube instance
sonar.projectKey=web_demo
# this is the name and version displayed in the SonarQube UI. Was mandatory
prior to SonarQube 6.1.
sonar.projectName=web_demo
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.
sonar.exclusions=**/test/**,**/target/**
sonar.java.source=1.8
sonar.java.target=1.8
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
2)在DEA修改Jenkinsfile,加入SonarQube代码审查阶段
pipeline{
agentanystages{
stage('拉取代码'){
steps{
checkout([
$class: 'GitSCM',
branches: [ [name: '*/master']],
doGenerateSubmoduleConfigurations: false,
extensions: [ ],
submoduleCfg: [],
userRemoteConfigs: [
[
credentialsId: '68f2087f-a034-4d39-a9ff-1f776dd3dfa8',
url: 'git@192.168.66.100: itheima_group/web_demo.git'
]
]
])
}
}stage('编译构建'){
steps{
shlabel: '',
script: 'mvncleanpackage'
}
}stage('SonarQube代码审查'){
steps{
script{
scannerHome=tool'sonarqube-scanner'#tool代表要引入Jenkins的一些工具,'sonarqube-scanner'是之前我们自己起的名字#自由风格默认会找全局工具
}withSonarQubeEnv('sonarqube6.7.4'){
#这个配置在系统配置里
sh"${scannerHome}/bin/sonar-scanner"
}
}
}stage('项目部署'){
#代码审查都放到项目部署之前
steps{
deployadapters: [
tomcat8(credentialsId: 'afc43e5e-4a4e-4de6-984fb1d5a254e434',
path: '',
url: 'http: //192.168.66.102: 8080')
],
contextPath: null,
war: 'target/*.war'
}
}
}
post{
always{
emailext(subject: '构建通知:${ PROJECT_NAME}-Build#${ BUILD_NUMBER}-${BUILD_STATUS}!',
body: '${FILE, path="email.html"}',
to: '1357388630@qq.com')
}
}
}
3)到SonarQube的UI界面查看审查结果