持续集成之代码质量管理 Sonar

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了持续集成之代码质量管理 Sonar相关的知识,希望对你有一定的参考价值。

一、Sonar 介绍

Sonar 是一个用于代码质量管理的开放平台。通过插件机制,Sonar可以集成不同的测试工具,代码分析工具,以及持续集成工具。与持续集成工具(例如 Hudson/Jenkins 等)不同,Sonar 并不是简单地把不同的代码检查工具结果(例如 FindBugs,PMD 等)直接显示在 Web 页面上,而是通过不同的插件对这些结果进行再加工处理,通过量化的方式度量代码质量的变化,从而可以方便地对不同规模和种类的工程进行代码质量管理。

在对其他工具的支持方面,Sonar 不仅提供了对 IDE 的支持,可以在 Eclipse和 IntelliJ IDEA 这些工具里联机查看结果;同时 Sonar 还对大量的持续集成工具提供了接口支持,可以很方便地在持续集成中使用 Sonar。

此外,Sonar 的插件还可以对 Java 以外的其他编程语言提供支持,对国际化以及报告文档化也有良好的支持。

二、Sonar 安装

Sonar 的相关下载和文档可以在下面的链接中找到:http://www.sonarqube.org/downloads 。 需要注意最新版的 Sonar 需要至少JDK 1.8及以上版本。

之前我们已经可以成功的使用 git 进行拉取,Sonar 的功能就是来检查代码是否有BUG。除了检查代码是否有 bug 还有其他的功能,比如说:你的代码注释率是多少,代码有一些建议,编写语法的建议。所以我们叫质量管理

Sonar 还可以给代码打分,并且引用了技术宅的功能(告诉你有很多地方没改)

1、安装 jdk

JDK 可以去 Oracle 官网去下载,也可以使用 yum 仓库的 JDK。

rpm -ivh jdk-8u45-linux-x64.rpm

2、下载安装包

我这里下载的是长期维护的一个版本6.7.5。

wget https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-6.7.5.zip

3、解压

unzip sonarqube-6.7.5.zip
mv sonarqube-6.7.5 /usr/local/sonarqube

三、准备数据库

因为 sonar 会用到数据库,所以我们要事先准备好数据库,它支持多种数据库,我们这里选择的是 mysql/Mariadb,注意 MySQL 的版本最低要5.6,因为我这里有现有的数据库,所以安装过程省略。

mysql> CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
mysql> GRANT ALL ON sonar.* TO ‘sonar‘@‘localhost‘ IDENTIFIED BY ‘[email protected]‘;
mysql> GRANT ALL ON sonar.* TO ‘sonar‘@‘%‘ IDENTIFIED BY ‘[email protected]‘;
mysql> FLUSH PRIVILEGES;

四、配置 Sonar

1、配置数据库连接

编辑/usr/local/sonarqube/conf/sonar.properties,修改内容如下:

# 数据库连接
sonar.jdbc.username=sonar           
[email protected]    
sonar.jdbc.url=jdbc:mysql://10.0.1.13:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false

# Web 端口
sonar.web.host=0.0.0.0
sonar.web.port=9000

2、创建用户 sonar

因为程序不允许我们使用 root 执行,所以我们需要注册一个普通用户

useradd sonar
chown sonar.sonar /usr/local/sonarqube -R

3、启动 sonar

[[email protected] ~]$ /usr/local/sonarqube/bin/linux-x86-64/sonar.sh start
Starting SonarQube...
Started SonarQube.

4、检查是否启动成功

[[email protected] ~]# netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 127.0.0.1:32000             0.0.0.0:*                   LISTEN      8126/java           
tcp        0      0 0.0.0.0:10050               0.0.0.0:*                   LISTEN      1804/zabbix_agentd  
tcp        0      0 0.0.0.0:10051               0.0.0.0:*                   LISTEN      2202/zabbix_server  
tcp        0      0 0.0.0.0:873                 0.0.0.0:*                   LISTEN      16611/rsync         
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2040/mysqld         
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1586/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1677/master         
tcp        0      0 ::ffff:127.0.0.1:8005       :::*                        LISTEN      16486/java          
tcp        0      0 :::9000                     :::*                        LISTEN      8258/java           
tcp        0      0 ::ffff:127.0.0.1:9001       :::*                        LISTEN      8151/java           
tcp        0      0 :::873                      :::*                        LISTEN      16611/rsync         
tcp        0      0 :::8080                     :::*                        LISTEN      16486/java          
tcp        0      0 :::80                       :::*                        LISTEN      4841/httpd          

五、登录 sonar

Web登录:IP:9000
技术分享图片

sonar跟jenkins类似,也是以插件为主。
sonar安装插件有2种方式:第一种将插件下载完存放在sonar的插件目录,第二种使用web界面来使用安装存放插件路径[/usr/local/sonarqube/extensions/plugins/]。

1、安装中文插件

登陆:用户名:admin 密码:admin
技术分享图片

技术分享图片

重启才会生效。

技术分享图片

生效后界面如下。

技术分享图片

和 jenkins 一样,需要什么插件直接去应用市场下载即可。

2、安装 sonar 扫描器

Sonar通过SonarQube Scanner(扫描器)来对代码进行分析。

wget https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-2.8.zip
unzip sonar-scanner-2.8.zip
mv sonar-scanner-2.8 /usr/local/sonar-scanner

3、扫描器和 sonar 关联起来

编辑文件/usr/local/sonar-scanner/conf/sonar-scanner.properties,修改为如下内容:

sonar.host.url=http://localhost:9000        
sonar.sourceEncoding=UTF-8                  
sonar.jdbc.username=sonar 
[email protected]
sonar.jdbc.url=jdbc:mysql:/10.0.1.13:3306/sonar?useUnicode=true&characterEncoding=utf8

六、代码扫描

1、下载代码

sonar 插件提供了一个测试的代码库。
github:https://github.com/SonarSource/sonar-scanning-examples
下载地址:https://codeload.github.com/SonarSource/sonar-scanning-examples/zip/master

wget https://codeload.github.com/SonarSource/sonar-scanning-examples/zip/master
unzip master
cd sonar-scanning-examples-master/sonarqube-scanner

2、sonar-project.properties

我们会看到项目下面有一个文件 sonar-project.properties,如果想要代码被扫描,就需要在代码路径下放一个配置文件。

[[email protected] sonarqube-scanner]# cat sonar-project.properties 
sonar.projectKey=org.sonarqube:sonarqube-scanner            #Key
sonar.projectName=Example of SonarQube Scanner Usage    #这里的名称会显示在web上面
sonar.projectVersion=1.0                                            #版本,也会显示在web上面

sonar.sources=src,copybooks                            软件包存放路径

sonar.sourceEncoding=UTF-8                           #字体编码

## Cobol Specific Properties

# comma-separated paths to directories with copybooks
sonar.cobol.copy.directories=copybooks
# comma-separated list of suffixes
sonar.cobol.file.suffixes=cbl,cpy
sonar.cobol.copy.suffixes=cpy

## Flex Specific Properties

# retrieve code coverage data from the Cobertura report
sonar.flex.cobertura.reportPath=coverage-report/coverage-cobertua-flex.xml

# PL/I Specific Properties
sonar.pli.marginLeft=2
sonar.pli.marginRight=0

3、扫描

需要在项目文件里面进行执行,程序会在当面目录下扫描sonar-project.properties文件,根据配置文件进行扫描工作。扫描之后我们在web界面上就可以看到代码的扫描结果。

[[email protected] sonarqube-scanner]# /usr/local/sonar-scanner/bin/sonar-scanner
INFO: Scanner configuration file: /usr/local/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: /root/tmp/sonar-scanning-examples-master/sonarqube-scanner/sonar-project.properties
INFO: SonarQube Scanner 2.8
INFO: Java 1.8.0_45 Oracle Corporation (64-bit)
INFO: Linux 2.6.32-573.el6.x86_64 amd64
INFO: User cache: /root/.sonar/cache
INFO: Publish mode
INFO: Load global settings
INFO: Load global settings (done) | time=72ms
INFO: Server id: A737A953-AWVGKXYQugQwgVmc5Jb0
WARN: Property ‘sonar.jdbc.url‘ is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property ‘sonar.jdbc.username‘ is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
WARN: Property ‘sonar.jdbc.password‘ is not supported any more. It will be ignored. There is no longer any DB connection to the SQ database.
INFO: User cache: /root/.sonar/cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=48ms
INFO: Plugin [l10nzh] defines ‘l10nen‘ as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
INFO: SonarQube server 6.7.5
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Process project properties
INFO: Load project repositories
INFO: Load project repositories (done) | time=13ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=30ms
INFO: Load active rules
INFO: Load active rules (done) | time=505ms
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=22ms
WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
INFO: Project key: org.sonarqube:sonarqube-scanner
INFO: -------------  Scan Example of SonarQube Scanner Usage
INFO: Load server rules
INFO: Load server rules (done) | time=69ms
INFO: Base dir: /root/tmp/sonar-scanning-examples-master/sonarqube-scanner
INFO: Working dir: /root/tmp/sonar-scanning-examples-master/sonarqube-scanner/.sonar
INFO: Source paths: src, copybooks
INFO: Source encoding: UTF-8, default locale: en_US
INFO: Index files
INFO: 36 files indexed
INFO: Quality profile for flex: Sonar way
INFO: Quality profile for js: Sonar way
INFO: Quality profile for php: Sonar way
INFO: Quality profile for py: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: Sensor PythonXUnitSensor [python]
INFO: Sensor PythonXUnitSensor [python] (done) | time=10ms
INFO: Sensor Python Squid Sensor [python]
INFO: Python unit test coverage
INFO: Python integration test coverage
INFO: Python overall test coverage
INFO: Sensor Python Squid Sensor [python] (done) | time=397ms
INFO: Sensor SonarJavaXmlFileSensor [java]
INFO: 1 source files to be analyzed
INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=66ms
INFO: 1/1 source files have been analyzed
INFO: Sensor Flex [flex]
INFO: 2 source files to be analyzed
INFO: 2/2 source files have been analyzed
INFO: Sensor Flex [flex] (done) | time=96ms
INFO: Sensor Flex Cobertura [flex]
INFO: Analyzing Cobertura report: coverage-report/coverage-cobertua-flex.xml
WARN: Using absolute path pattern is deprecated. Please use relative path instead of ‘file:**/Circle.as‘
WARN: Using absolute path pattern is deprecated. Please use relative path instead of ‘file:**/UncoveredCircle.as‘
INFO: Sensor Flex Cobertura [flex] (done) | time=64ms
INFO: Sensor XML Sensor [xml]
INFO: Sensor XML Sensor [xml] (done) | time=124ms
INFO: Sensor PHP sensor [php]
INFO: 1 source files to be analyzed
INFO: 1/1 source files have been analyzed
INFO: No PHPUnit test report provided (see ‘sonar.php.tests.reportPath‘ property)
INFO: No PHPUnit coverage reports provided (see ‘sonar.php.coverage.reportPaths‘ property)
INFO: Sensor PHP sensor [php] (done) | time=382ms
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=2ms
INFO: Sensor javascript Squid Sensor [javascript]
INFO: 1 source files to be analyzed
INFO: Unit Test Coverage Sensor is started
INFO: 1/1 source files have been analyzed
INFO: Integration Test Coverage Sensor is started
INFO: Overall Coverage Sensor is started
INFO: Sensor JavaScript Squid Sensor [javascript] (done) | time=198ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=23ms
INFO: Sensor CPD Block Indexer
INFO: Sensor CPD Block Indexer (done) | time=17ms
INFO: No SCM system was detected. You can use the ‘sonar.scm.provider‘ property to explicitly specify it.
INFO: 7 files had no CPD blocks
INFO: Calculating CPD for 6 files
INFO: CPD calculation finished
INFO: Analysis report generated in 92ms, dir size=91 KB
INFO: Analysis reports compressed in 26ms, zip size=42 KB
INFO: Analysis report uploaded in 140ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/org.sonarqube:sonarqube-scanner
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AWVGrCcUySdQw75xjxNM
INFO: Task total time: 3.969 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 4.929s
INFO: Final Memory: 54M/414M
INFO: ------------------------------------------------------------------------

4、web查看扫描结果

技术分享图片

技术分享图片

以上是关于持续集成之代码质量管理 Sonar的主要内容,如果未能解决你的问题,请参考以下文章

持续集成之代码质量管理———Sonar

持续集成之代码质量管理——Sonar

持续集成之代码质量管理-Sonar [三]

持续集成之②:整合jenkins与代码质量管理平台Sonar并实现构建失败邮件通知

jenkins代码管理

devops持续集成开发——jenkins的全局工具配置之sonar qube环境安装及配置