SonarQube集成Jenkinsfile

406
文章

1
评论

2021年3月23日18:08:43 评论 3,426 4855字阅读16分11秒

安装好SonarQube后开启强制认证

SonarQube集成Jenkinsfile

SonarQube 扫描仪配置

安装配置sonarscanner
下载地址：https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner

SonarQube集成Jenkinsfile

[root@jenkins ~]# wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.0.2311-linux.zip
[root@jenkins ~]# unzip sonar-scanner-cli-4.6.0.2311-linux.zip -d /usr/local
[root@jenkins ~]# vim /etc/profile
export MAVEN_HOME=/usr/local/apache-maven-3.6.3
export ANT_HOME=/usr/local/apache-ant-1.9.15
export GRADLE_HOME=/usr/local/gradle-5.3
export NODE_HOME=/usr/local/node-v14.15.2-linux-x64
export JAVA_HOME=/usr/local/jdk1.8.0_151
export SCANNER_HOME=/usr/local/sonar-scanner-4.6.0.2311-linux
export PATH=$PATH:$MAVEN_HOME/bin:$ANT_HOME/bin:$GRADLE_HOME/bin:$NODE_HOME/bin
export PATH=$PATH:$JAVA_HOME/bin
export PATH=$PATH:$SCANNER_HOME/bin
[root@jenkins ~]# source /etc/profile

验证

[root@jenkins ~]# sonar-scanner -h
INFO: 
INFO: usage: sonar-scanner [options]
INFO: 
INFO: Options:
INFO: -D,--define <arg> Define property
INFO: -h,--help Display help information
INFO: -v,--version Display version information
INFO: -X,--debug Produce execution debug output

本地使用扫描仪项目分析配置

找一个maven项目

[root@jenkins spring-boot]# pwd
/var/lib/jenkins/workspace/spring-boot
[root@jenkins spring-boot]# ls
1.sh Dockerfile images.sh pom.xml README.md src target

使用脚本方式运行

[root@jenkins spring-boot]# cat 1.sh 
sonar-scanner -Dsonar.host.url=http://192.168.90.18:9000 \
-Dsonar.projectKey=spring-boot \
-Dsonar.projectName=spring-boot \
-Dsonar.projectVersion=1.0 \
-Dsonar.login=admin \
-Dsonar.password=admin \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription="my first project!" \
-Dsonar.links.homepage=http://www.baidu.com \
-Dsonar.sources=src \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports

扫描

[root@jenkins spring-boot]# sh 1.sh 
INFO: Scanner configuration file: /usr/local/sonar-scanner-4.6.0.2311-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.6.0.2311
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 3.10.0-1160.el7.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Scanner configuration file: /usr/local/sonar-scanner-4.6.0.2311-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: Analyzing on SonarQube server 7.9.6
INFO: Default locale: "zh_CN", source code encoding: "UTF-8"
INFO: Load global settings
INFO: Load global settings (done) | time=536ms
INFO: Server id: A7EE8CF2-AXheZ9Y7vcyLwGV30GwA

在SonarQube上查看扫描完成的状态

SonarQube集成Jenkinsfile

安装 JenkinsSonar 插件

SonarQube集成Jenkinsfile

配置sonar插件

SonarQube集成Jenkinsfile

添加凭据---先去sonar上生成口令

SonarQube集成Jenkinsfile

jenkinsfile

#!groovy

@Library('jenkinslibrary@master') _

//func from shareibrary
def build = new org.devops.build()
def tools = new org.devops.tools()
def gitlab = new org.devops.gitlab()
def toemail = new org.devops.toemail()
def sonar = new org.devops.sonarqube()


def runOpts
//env
String buildType = "${env.buildType}"
String buildShell = "${env.buildShell}"
String srcUrl = "${env.srcUrl}"
String branchName = "${env.branchName}"



if ("${runOpts}" == "GitlabPush"){
    branchName = branch - "refs/heads/"
    
    currentBuild.description = "Trigger by ${userName} ${branch}"
    gitlab.ChangeCommitStatus(projectId,commitSha,"running")
    env.runOpts = "GitlabPush"

    
} else {
   userEmail = "lucky@centoscn.vip"
}


//pipeline
pipeline{
    agent { node { label "master"}}
    
    
    stages{

        stage("检出代码"){
            steps{
                script{
                   
                    
                    println("${branchName}")
                
                    tools.PrintMes("获取代码","green")
                    checkout([$class: 'GitSCM', branches: [[name: "${branchName}"]], 
                                      doGenerateSubmoduleConfigurations: false, 
                                      extensions: [], 
                                      submoduleCfg: [], 
                                      userRemoteConfigs: [[credentialsId: 'ef208191-527c-4630-a677-b81696446562', url: "${srcUrl}"]]])

                }
            }
        }
        stage("编译打包"){
            steps{
                script{
                
                    tools.PrintMes("执行打包","green")
                    build.Build(buildType,buildShell)   
                }
            }
       }
        stage("代码扫描"){
            steps {
                 script{
                     tools.PrintMes("代码扫描","green")
                     sonar.SonarScan("${JOB_NAME}","${JOB_NAME}","src")
                }
            } 
        }          
    }
    post {
        always{
            script{
                println("always")
            }
        }
        
        success{
            script{
                println("success")
                if ("${runOpts}" == "GitlabPush"){
                    gitlab.ChangeCommitStatus(projectId,commitSha,"success")
                }
                toemail.Email("流水线成功",userEmail)
            
            }
        
        }
        failure{
            script{
                println("failure")
                if ("${runOpts}" == "GitlabPush"){
                    gitlab.ChangeCommitStatus(projectId,commitSha,"failed")
                }
                toemail.Email("流水线失败了！",userEmail)
            }
        }
        
        aborted{
            script{
                println("aborted")
                if ("${runOpts}" == "GitlabPush"){
                    gitlab.ChangeCommitStatus(projectId,commitSha,"canceled")
                }
               toemail.Email("流水线被取消了！",userEmail)
            }
        
        }
    
    }
    
    
}

共享库

package org.devops


//scan
def SonarScan(projectName,projectDesc,projectPath){
    
    //使用sonar服务器
    withSonarQubeEnv("sonarqube-test"){

        def scannerHome = "/usr/local/sonar-scanner-4.6.0.2311-linux/"
        def sonarDate = sh  returnStdout: true, script: 'date  +%Y%m%d%H%M%S'
        sonarDate = sonarDate - "\n"
        
        sh """ 
            ${scannerHome}/bin/sonar-scanner  \
                           -Dsonar.projectKey=${projectName} \
                           -Dsonar.projectName=${projectName} \
                           -Dsonar.projectVersion=${sonarDate} \
                           -Dsonar.ws.timeout=30 \
                           -Dsonar.projectDescription=${projectDesc} \
                           -Dsonar.links.homepage=http://www.baidu.com \
                           -Dsonar.sources=${projectPath} \
                           -Dsonar.sourceEncoding=UTF-8 \
                           -Dsonar.java.binaries=target/classes \
                           -Dsonar.java.test.binaries=target/test-classes \
                           -Dsonar.java.surefire.report=target/surefire-reports
        """
    }
}