在上一篇文章Devops关键工具及技术(三)—基于Pipeline的Git+Maven+Junit持续集成中,我们实现了基于Pipeline的Git+Maven+Junit持续集成,并利用Pipeline的Junit插件进行Jenkins图形化展示Junit结果。
这篇文章我们将会介绍基于Pipeline的静态代码扫描。利用SonarQube进行先前持续集成中Spring-boot的Java web工程代码扫描。代码工程Github地址为:https://github.com/zbbkeepgoing/springboot-demo 。
SonarQube
SonarQube是一个开源的代码质量管理平台,它可以扫描出我们代码中的一些bug、重复代码、单元测试覆盖率等问题。Sonar对应有服务端和客户端,服务端需要我们安装Sonar Server,而客户端通过Sonar Scanner进行项目源码扫描,然后上传导Sonar Server中。Sonar的整体架构如下图:
- 准备工作
既然我们在第一篇文章Devops关键工具及技术(一)—Jenkins 容器化就介绍了Jenkins的容器化,所以Sonar Server我们也采用容器的方式进行启动。而Scanner则用Jenkins的插件进行实现。
Sonar Server本身是需要安装数据库进行存储的,但是由于我们目前只是做一些测试,所以对应也没有安装额外的数据库,只是用了容器内部的H2数据库。当然在生产环境或者特殊要求下,我们还是需要安装额外的数据库来保证更好的稳定性。细节请查看SonarQube Images。
- 启动SonarQube
通过Docker启动SonarQube。细节请查看SonarQube
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube
-
SonarQube界面
-
SonarQube用法
Java+Maven
mvn sonar:sonar \
-Dsonar.host.url=http://xxxx:9000 \
-Dsonar.login=2382ac098363521b98731e286e52e1ad22adef2b //sonar token
更多可以在Sonar的向导中获取:
Pipeline
我们继续沿用上一篇文章Devops关键工具及技术(三)—基于Pipeline的Git+Maven+Junit持续集成中的Pipeline,并在其后面加上Sonar的Stage。
Pipeline内容
内容也可以在Github中找到
https://github.com/zbbkeepgoing/pipeline-sample
pipeline {
agent none
stages {
stage('Preparation') {
agent { node { label 'master' } }
steps {
checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'binbin', url: 'https://github.com/zbbkeepgoing/springboot-demo.git']]])
}
}
stage('Build') {
agent { node { label 'master' } }
steps {
dir(env.WORKSPACE){
sh "mvn clean install"
junit allowEmptyResults: true, keepLongStdio: true, testResults: 'target/surefire-reports/*.xml'
sh "mv target/sample-0.0.1-SNAPSHOT.jar target/sample.jar"
}
}
}
stage('Sonarqube') {
agent { node { label 'master' } }
steps {
dir(env.WORKSPACE){
sh "mvn sonar:sonar -Dsonar.host.url=http://192.168.88.130:9000 -Dsonar.login=2382ac098363521b98731e286e52e1ad22adef2b" //指定sonar的ip和token
}
}
}
}
}
新建Pipeline
执行Pipeline
Started by user admin
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] stage
[Pipeline] { (Preparation)
[Pipeline] node
Running on Jenkins in /var/jenkins_home/workspace/CI
[Pipeline] {
[Pipeline] checkout
> git rev-parse --is-inside-work-tree # timeout=10
......
Commit message: "Rename mian.yml to main.yml"
> git rev-list --no-walk 76c01188ae3f7497796e2238bd91e28b7629cd12 # timeout=10
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Build)
[Pipeline] node
Running on Jenkins in /var/jenkins_home/workspace/CI
[Pipeline] {
[Pipeline] dir
Running in /var/jenkins_home/workspace/CI
[Pipeline] {
[Pipeline] sh
[CI] Running shell script
+ mvn clean install
[INFO] Scanning for projects...
......
Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 26.005 sec - in com.dxc.ddccloud.demo.DemoControllerTests
2018-10-04 15:12:55.909 INFO 4406 --- [ Thread-2] o.s.w.c.s.GenericWebApplicationContext : Closing org.springframework.web.context.support.GenericWebApplicationContext@68e965f5: startup date [Thu Oct 04 15:12:33 UTC 2018]; root of context hierarchy
Results :
Tests run: 3, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-jar-plugin:2.6:jar (default-jar) @ sample ---
[INFO] Building jar: /var/jenkins_home/workspace/CI/target/sample-0.0.1-SNAPSHOT.jar
[INFO]
[INFO] --- spring-boot-maven-plugin:1.5.9.RELEASE:repackage (default) @ sample ---
[INFO]
[INFO] --- maven-install-plugin:2.5.2:install (default-install) @ sample ---
[INFO] Installing /var/jenkins_home/workspace/CI/target/sample-0.0.1-SNAPSHOT.jar to /var/jenkins_home/.m2/repository/com/dxc/ddccloud/sample/0.0.1-SNAPSHOT/sample-0.0.1-SNAPSHOT.jar
[INFO] Installing /var/jenkins_home/workspace/CI/pom.xml to /var/jenkins_home/.m2/repository/com/dxc/ddccloud/sample/0.0.1-SNAPSHOT/sample-0.0.1-SNAPSHOT.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.582 s
[INFO] Finished at: 2018-10-04T15:12:59+00:00
[INFO] Final Memory: 29M/70M
[INFO] ------------------------------------------------------------------------
[Pipeline] junit
Recording test results
[Pipeline] sh
[CI] Running shell script
+ mv target/sample-0.0.1-SNAPSHOT.jar target/sample.jar
......
[Pipeline] // stage
[Pipeline] End of Pipeline
Finished: SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:49 min
[INFO] Finished at: 2018-10-09T14:43:57+00:00
[INFO] Final Memory: 29M/70M
[INFO] ------------------------------------------------------------------------
[Pipeline] junit
Recording test results
[Pipeline] sh
[CI+Sonar] Running shell script
+ mv target/sample-0.0.1-SNAPSHOT.jar target/sample.jar
......
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Sonarqube)
[Pipeline] node
Running on Jenkins in /var/jenkins_home/workspace/CI+Sonar
[Pipeline] {
[Pipeline] dir
Running in /var/jenkins_home/workspace/CI+Sonar
[Pipeline] {
[Pipeline] sh
[CI+Sonar] Running shell script
+ mvn sonar:sonar -Dsonar.host.url=http://192.168.88.130:9000 -Dsonar.login=2382ac098363521b98731e286e52e1ad22adef2b
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building demo 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- sonar-maven-plugin:3.5.0.1254:sonar (default-cli) @ sample ---
[INFO] User cache: /var/jenkins_home/.sonar/cache
[INFO] SonarQube version: 7.1.0
......
[INFO] Analysis report uploaded in 13828ms
[INFO] ANALYSIS SUCCESSFUL, you can browse http://192.168.88.130:9000/dashboard/index/com.dxc.ddccloud:sample
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at http://192.168.88.130:9000/api/ce/task?id=AWZZSd6S0lpWOImFf9fI
[INFO] Task total time: 47.461 s
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 59.526 s
[INFO] Finished at: 2018-10-09T14:45:05+00:00
[INFO] Final Memory: 33M/151M
[INFO] ------------------------------------------------------------------------
......
[Pipeline] // stage
[Pipeline] End of Pipeline
Finished: SUCCESS
扫描结果
回到Sonar的界面,找到刚才的项目。
查看项目代码扫描的细节
细节中的每一个都可以点进去看具体的详细内容,这里不展开叙述,如有需求,可自行进行Sonar的一些研究。
以上既是基于Pipeline的SonarQube静态代码扫描,后面我们将介绍经过单元测试和静态代码扫描后的持续部署,如何使用Bash脚本进行应用部署。
802
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
