sonarqube代码核查+jenkins构建判断
Posted Sicc1107
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sonarqube代码核查+jenkins构建判断相关的知识,希望对你有一定的参考价值。
sonarqube代码核查+jenkins构建判断
版本说明
sonarqube 8.9
sonar-scanner 4.7
sonarqube部署
官网文档地址https://docs.sonarqube.org/latest/setup/operate-cluster/
官方镜像仓库地址https://hub.docker.com/_/sonarqube
# 运行postgres数据库
$ docker run --name postgresqldb --restart=always -p 15432:5432 \\
-e POSTGRES_USER=root \\
-e POSTGRES_PASSWORD='qwer123333' \\
-v /home/sonar/postgres/data:/var/lib/postgresql/data \\
-d postgres:9.6
# 进入postgres容器,创建用户名和密码
$ docker exec -it postgresqldb bash
# 登录数据库
psql -U root -W
# 创建用户名和密码
create user sonar with password 'sonar_123';
create database sonar owner sonar;
grant all privileges on database sonar to sonar;
#复制配置文件
docker run -it --name sonarqube sonarqube:8.9-community /bin/bash
docker cp sonarqube:/opt/sonarqube/conf/ /home/sonar/conf/
# 运行sonarqube容器
docker run -d --name sonarqube --restart=always \\
-p 9000:9000 \\
-e sonar.jdbc.username="sonar" \\
-e sonar.jdbc.password="sonar_123" \\
-e sonar.jdbc.url="jdbc:postgresql://192.168.0.77:15432/sonar" \\
-v /home/sonar/extensions:/opt/sonarqube/extensions \\
-v /home/sonar/data:/opt/sonarqube/data \\
-v /home/sonar/logs:/opt/sonarqube/logs \\
-v /home/sonar/conf:/opt/sonarqube/conf \\
sonarqube:8.9-community
sonar-scanner下载扫描客户端
文档地址 下载地址:https://docs.sonarqube.org/8.9/analysis/scan/sonarscanner/
#目录结构/home/sonar/sonar-scanner
sonar-scanner> ls
bin conf jre lib
#修改配置文件
cat conf/sonar-scanner.properties
#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here
#----- Default SonarQube server
#sonar.host.url=http://localhost:9000
#----- Default source code encoding
#sonar.sourceEncoding=UTF-8
sonar.host.url=http://192.168.0.77:9000
sonar.login=admin
sonar.password=aaaaaaa
sonar.exclusions=**/doc/** #排除核查的目录
jenkins配置
1 新增jdk sonar-scanner需要有jdk环境。由于我使用的是agent是镜像,所以需要在基础镜像中加入jdk(不做具体步骤)
2 pipline说明
将sonar-scanner 挂载到发布的容器agent内
def SONARLOCAL_PATH="/home/sonar/sonar-scanner" //定义了sonar-scanner宿主机目录
def SONAR_PATH="/opt/sonar-scanner" //定义了目标容器内目录
pipeline
agent
docker
label 'jenkins-test'
image 'golang:1.17-alpine'
args "-v $SONARLOCAL_PATH:$SONAR_PATH"
核查步骤 jenkins需要安装 HTTPRequest插件获取 代码核查结果
stage ("code_check")
steps
script
sh """
apk add --no-cache curl
java -version
/opt/sonar-scanner/bin/sonar-scanner -v
/opt/sonar-scanner/bin/sonar-scanner -Dsonar.projectKey=$app_name
"""
//sonar结果地址地址
def urlsonar = "http://192.168.0.77:9000/api/measures/component?component="
//定义了一个列表核查结果的类型
def typesonar = ['bugs','vulnerabilities','violations','duplicated_lines_density','coverage','ncloc']
//sonar平台的认证通过 posman获取
def authsonar = "YaaaaaaaFaaaa3Mz"
def retsonar = []
for (i in typesonar)
//使用HTTPRequest插件 $app_name为项目名metricKeys=$i 是类型
def response = httpRequest httpMode: "GET", customHeaders: [[name: 'Authorization', value: "Basic $authsonar"]], url: "$urlsonar$app_name&metricKeys=$i"
//定义获取的结果
def mes = response.content
//结果是个jison 字符串用" 进行字符串分割
def sampleText =mes.split('\\"')
//将结果值取出来,定义为 float类型
def countsonar = sampleText[23] as float
// println(i+":"+sampleText[23])
//将各自结果放入一个列表
retsonar += countsonar
//打印查看结果
println("扫描bug数:"+retsonar[0])
println("扫描漏洞数:"+retsonar[1])
println("扫描异味数:"+retsonar[2])
println("代码重复率:"+retsonar[3])
println("代码覆盖率:"+retsonar[4])
println("总代码长度:"+retsonar[5])
//判断是否继续发布
if (retsonar[0] > 0)
println("bug数太多,结束发布")
def code_check_status = "false"
// error "This pipeline stops here!"
else
def code_check_status = "success"
//判断是否继续发布
if (retsonar[1] > 0)
println("漏洞数数太多,结束发布")
def code_check_status = "false"
// error "This pipeline stops here!"
else
def code_check_status = "success"
sonarqube不需要新建项目,sonar-scanner会自动新增
以上是关于sonarqube代码核查+jenkins构建判断的主要内容,如果未能解决你的问题,请参考以下文章
Jenkins——Jenkins项目构建细节(触发构建和)和SonarQube代码审查