通过 ci-pipeline 发布声纳报告后对 sonarQube 的覆盖率为零
Posted
技术标签:
【中文标题】通过 ci-pipeline 发布声纳报告后对 sonarQube 的覆盖率为零【英文标题】:Getting zero coverage on sonarQube after publishing sonar report via ci-pipeline 【发布时间】:2021-10-08 09:41:59 【问题描述】:我正在做一个 maven 项目,想在 ci-pipeline 中设置声纳。 下面是我在 gitlab-ci.yml 中的声纳设置脚本。
before_script:
- |
run_mvn()
mvn -B \
-s $CI_PROJECT_DIR/.m2/settings.xml \
-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository \
-DfailIfNoTests=false \
"$@"
run_sonar()
run_mvn \
-Dsonar.projectKey=UI-Service \
-Dsonar.host.url=xxx \
-Dsonar.login=$SONAR_TOKEN \
-Dsonar.sources=src/main \
-Dsonar.tests=src/test \
-Dsonar.java.binaries=$CI_PROJECT_DIR/target/*.classes \
sonar:sonar
声纳级如下所示:
sonar:
stage: analyse
image: registry.git.xyyyy.com/containers/builder-images/maven/jdk-11:3.6.0
when: manual
script:
- ls $CI_PROJECT_DIR
- run_sonar
现在声纳阶段在管道中运行后,我得到了这些日志:
[INFO]
70[INFO] --- sonar-maven-plugin:3.9.0.2155:sonar (default-cli) @ ui-service ---
71[INFO] User cache: /root/.sonar/cache
72[INFO] SonarQube version: 8.9.0
73[INFO] Default locale: "en_US", source code encoding: "UTF-8"
74[INFO] Load global settings
75[INFO] Load global settings (done) | time=879ms
76[INFO] Server id: xxx
77[INFO] User cache: /root/.sonar/cache
78[INFO] Load/download plugins
79[INFO] Load plugins index
80[INFO] Load plugins index (done) | time=199ms
81[INFO] Load/download plugins (done) | time=28761ms
82[INFO] Loaded core extensions: developer-scanner
83[INFO] javascript/TypeScript frontend is enabled
84[INFO] Process project properties
85[INFO] Process project properties (done) | time=12ms
86[INFO] Execute project builders
87[INFO] Execute project builders (done) | time=2ms
88[INFO] Project key: UI-Service
89[INFO] Base dir: /builds/FJ8nuibS/0/xxx/ui-service
90[INFO] Working dir: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar
91[INFO] Load project settings for component key: 'UI-Service'
92[INFO] Load project settings for component key: 'UI-Service' (done) | time=160ms
93[INFO] Load project branches
94[INFO] Load project branches (done) | time=153ms
95[INFO] Load project pull requests
96[INFO] Load project pull requests (done) | time=147ms
97[INFO] Load branch configuration
98[INFO] Detected branch/PR in 'GitLab'
99[INFO] Auto-configuring branch 'feature/1242'
100[INFO] Load branch configuration (done) | time=3ms
101[INFO] Auto-configuring with CI 'Gitlab CI'
102[INFO] Load quality profiles
103[INFO] Load quality profiles (done) | time=220ms
104[INFO] Auto-configuring with CI 'Gitlab CI'
105[INFO] Load active rules
106[INFO] Load active rules (done) | time=5545ms
107[INFO] Branch name: feature/1242
108[INFO] Indexing files...
109[INFO] Project configuration:
110[INFO] 54 files indexed
111[INFO] 0 files ignored because of scm ignore settings
112[INFO] Quality profile for java: Sonar way
113[INFO] ------------- Run sensors on module ui-service
114[INFO] JavaScript/TypeScript frontend is enabled
115[INFO] Load metrics repository
116[INFO] Load metrics repository (done) | time=156ms
117[INFO] Sensor JavaSquidSensor [java]
118[INFO] Configured Java source version (sonar.java.source): 11
119[INFO] JavaClasspath initialization
120[INFO] JavaClasspath initialization (done) | time=7ms
121[INFO] JavaTestClasspath initialization
122[INFO] JavaTestClasspath initialization (done) | time=2ms
123[INFO] Java Main Files AST scan
124[INFO] 47 source files to be analyzed
125[INFO] Load project repositories
126[INFO] Load project repositories (done) | time=164ms
127[INFO] 47/47 source files have been analyzed
128[WARNING] Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
129[INFO] Java Main Files AST scan (done) | time=7835ms
130[INFO] Java Test Files AST scan
131[INFO] 6 source files to be analyzed
132[INFO] 6/6 source files have been analyzed
133[INFO] Java Test Files AST scan (done) | time=587ms
134[INFO] Java Generated Files AST scan
135[INFO] 0 source files to be analyzed
136[INFO] 0/0 source files have been analyzed
137[INFO] Java Generated Files AST scan (done) | time=1ms
138[INFO] Sensor JavaSquidSensor [java] (done) | time=8839ms
139[INFO] Sensor CSS Rules [cssfamily]
140[INFO] No CSS, php, html or VueJS files are found in the project. CSS analysis is skipped.
141[INFO] Sensor CSS Rules [cssfamily] (done) | time=1ms
142[INFO] Sensor PmdSensor [pmd]
143[INFO] Sensor PmdSensor [pmd] (done) | time=0ms
144[INFO] Sensor C# Project Type Information [csharp]
145[INFO] Sensor C# Project Type Information [csharp] (done) | time=1ms
146[INFO] Sensor C# Properties [csharp]
147[INFO] Sensor C# Properties [csharp] (done) | time=1ms
148[INFO] Sensor SurefireSensor [java]
149[INFO] parsing [/builds/FJ8nuibS/0/xxx/ui-service/target/surefire-reports]
150[INFO] Sensor SurefireSensor [java] (done) | time=127ms
151[INFO] Sensor Removed properties sensor [java]
152[WARNING] Property 'sonar.jacoco.reportPath' is no longer supported. Use JaCoCo's xml report and sonar-jacoco plugin.
153[INFO] Sensor Removed properties sensor [java] (done) | time=1ms
154[INFO] Sensor JavaXmlSensor [java]
155[INFO] Sensor JavaXmlSensor [java] (done) | time=2ms
156[INFO] Sensor HTML [web]
157[INFO] Sensor HTML [web] (done) | time=3ms
158[INFO] Sensor CheckstyleSensor [checkstyle]
159[INFO] Checkstyle output report: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/checkstyle-result.xml
160[INFO] Checkstyle configuration: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/checkstyle.xml
161[INFO] Checkstyle charset: UTF-8
162[INFO] Sensor CheckstyleSensor [checkstyle] (done) | time=888ms
163[INFO] Sensor VB.NET Project Type Information [vbnet]
164[INFO] Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
165[INFO] Sensor VB.NET Properties [vbnet]
166[INFO] Sensor VB.NET Properties [vbnet] (done) | time=1ms
167[INFO] Sensor JaCoCo XML Report Importer [jacoco]
168[INFO] 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
169[INFO] No report imported, no coverage information will be imported by JaCoCo XML Report Importer
170[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=4ms
171[INFO] Sensor ThymeLeaf template sensor [securityjavafrontend]
172[INFO] Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
173[INFO] Sensor FindBugs Sensor [findbugs]
174[INFO] Loading findbugs plugin: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/findbugs/findsecbugs-plugin.jar
175[INFO] Findbugs output report: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/findbugs-result.xml
176The following classes needed for analysis were missing:
177 makeConcatWithConstants
178 requestResponse
179 requestStream
180 apply
181 test
182 accept
183 compare
184 run
185[INFO] Sensor FindBugs Sensor [findbugs] (done) | time=8138ms
186[INFO] Sensor JavaSecuritySensor [security]
187[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/java
188[INFO] Read 172 type definitions
189[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/java
190[INFO] 09:43:23.968449 Building Runtime Type propagation graph
191[INFO] 09:43:23.994976 Running Tarjan on 1615 nodes
192[INFO] 09:43:24.000773 Tarjan found 1608 components
193[INFO] 09:43:24.007245 Variable type analysis: done
194[INFO] 09:43:24.009926 Building Runtime Type propagation graph
195[INFO] 09:43:24.021118 Running Tarjan on 1615 nodes
196[INFO] 09:43:24.022848 Tarjan found 1608 components
197[INFO] 09:43:24.026061 Variable type analysis: done
198[INFO] Analyzing 173 ucfgs to detect vulnerabilities.
199[INFO] All rules entrypoints : 0 Retained UCFGs : 0
200[INFO] rule: S5131, entrypoints: 0
201[INFO] rule: S5131 done
202[INFO] rule: S3649, entrypoints: 0
203[INFO] rule: S3649 done
204[INFO] rule: S2076, entrypoints: 0
205[INFO] rule: S2076 done
206[INFO] rule: S2091, entrypoints: 0
207[INFO] rule: S2091 done
208[INFO] rule: S2078, entrypoints: 0
209[INFO] rule: S2078 done
210[INFO] rule: S2631, entrypoints: 0
211[INFO] rule: S2631 done
212[INFO] rule: S5135, entrypoints: 0
213[INFO] rule: S5135 done
214[INFO] rule: S2083, entrypoints: 0
215[INFO] rule: S2083 done
216[INFO] rule: S5167, entrypoints: 0
217[INFO] rule: S5167 done
218[INFO] rule: S5144, entrypoints: 0
219[INFO] rule: S5144 done
220[INFO] rule: S5145, entrypoints: 0
221[INFO] rule: S5145 done
222[INFO] rule: S5146, entrypoints: 0
223[INFO] rule: S5146 done
224[INFO] rule: S5334, entrypoints: 0
225[INFO] rule: S5334 done
226[INFO] rule: S6096, entrypoints: 0
227[INFO] rule: S6096 done
228[INFO] Sensor JavaSecuritySensor [security] (done) | time=1507ms
229[INFO] Sensor CSharpSecuritySensor [security]
230[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/ucfg_cs2
231[INFO] Read 0 type definitions
232[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/ucfg_cs2
233[INFO] No UCFGs have been included for analysis.
234[INFO] Sensor CSharpSecuritySensor [security] (done) | time=1ms
235[INFO] Sensor PhpSecuritySensor [security]
236[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/php
237[INFO] Read 0 type definitions
238[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/php
239[INFO] No UCFGs have been included for analysis.
240[INFO] Sensor PhpSecuritySensor [security] (done) | time=1ms
241[INFO] Sensor PythonSecuritySensor [security]
242[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/python
243[INFO] Read 0 type definitions
244[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/python
245[INFO] No UCFGs have been included for analysis.
246[INFO] Sensor PythonSecuritySensor [security] (done) | time=1ms
247[INFO] Sensor JsSecuritySensor [security]
248[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/js
249[INFO] Read 0 type definitions
250[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/js
251[INFO] No UCFGs have been included for analysis.
252[INFO] Sensor JsSecuritySensor [security] (done) | time=1ms
253[INFO] ------------- Run sensors on project
254[INFO] Sensor Dependency-Check [dependencycheck]
255[INFO] Process Dependency-Check report
256[INFO] Using JSON-Reportparser
257[INFO] Dependency-Check JSON report does not exists. Please check property sonar.dependencyCheck.jsonReportPath:/builds/FJ8nuibS/0/xxx/ui-service/$WORKSPACE/dependency-check-report.json
258[INFO] JSON-Analysis skipped/aborted due to missing report file
259[INFO] Using XML-Reportparser
260[INFO] Dependency-Check XML report does not exists. Please check property sonar.dependencyCheck.xmlReportPath:/builds/FJ8nuibS/0/xxx/ui-service/$WORKSPACE/dependency-check-report.xml
261[INFO] XML-Analysis skipped/aborted due to missing report file
262[INFO] Dependency-Check HTML report does not exists. Please check property sonar.dependencyCheck.htmlReportPath:/builds/FJ8nuibS/0/xxx/ui-service/$WORKSPACE/dependency-check-report.html
263[INFO] HTML-Dependency-Check report does not exist.
264[INFO] Process Dependency-Check report (done) | time=5ms
265[INFO] Sensor Dependency-Check [dependencycheck] (done) | time=5ms
266[INFO] Sensor Zero Coverage Sensor
267[INFO] Sensor Zero Coverage Sensor (done) | time=56ms
268[INFO] Sensor Java CPD Block Indexer
269[INFO] Sensor Java CPD Block Indexer (done) | time=87ms
270[INFO] SCM Publisher SCM provider for this project is: git
271[INFO] SCM Publisher 50 source files to be analyzed
272[INFO] SCM Publisher 50/50 source files have been analyzed (done) | time=490ms
273[INFO] CPD Executor 9 files had no CPD blocks
274[INFO] CPD Executor Calculating CPD for 38 files
275[INFO] CPD Executor CPD calculation finished (done) | time=14ms
276[INFO] Load New Code definition
277[INFO] Load New Code definition (done) | time=973ms
278[INFO] Analysis report generated in 1101ms, dir size=602 KB
279[INFO] Analysis report compressed in 169ms, zip size=220 KB
280[INFO] Analysis report uploaded in 1642ms
然后生成报告链接,但是当我打开 sonarQube 查看覆盖率时,它的覆盖率为 0%,即使所有主文件和测试文件都可以在代码部分中看到。
查看日志,我无法理解为什么在 sonarQube 上没有生成覆盖范围的问题。
任何对管道上的 ci-pipeline 或声纳设置有良好经验的人请帮我解决这个问题。
【问题讨论】:
【参考方案1】:根据我从您的 cmets 中看出的状态,我想说您必须处理两个常见的症结。
首先,关于“sonar.jacoco.reportPath”,您现在应该使用“sonar.coverage.jacoco.xmlReportPaths”,它的值应该类似于“$basedir/target/jacoco_report/jacoco.xml” .
其次,您必须确保 Surefire 和 Jacoco maven 插件可以正常协同工作。 Jacoco 计算必须进入 Surefire 命令行的参数。这可以通过以下两个块来促进:
这是 Surefire 插件配置的一部分:
<execution>
<id>pre-unit-test</id>
<goals>
<goal>prepare-agent</goal>
</goals>
<configuration>
<propertyName>surefireArgLine</propertyName>
</configuration>
</execution>
这是在 jacoco 插件配置块中:
<argLine>$surefireArgLine</argLine>
【讨论】:
【参考方案2】:你需要编译的类来做声纳分析。所以在你的 run_sonar() 中添加 package 到 maven 命令。
run_sonar()
run_mvn \
-Dsonar.projectKey=UI-Service \
-Dsonar.host.url=xxx \
-Dsonar.login=$SONAR_TOKEN \
-Dsonar.sources=src/main \
-Dsonar.tests=src/test \
package \
sonar:sonar
【讨论】:
这个问题现在不会出现,我所做的不是并行运行“构建”和“声纳”阶段,而是将它们更改为它们应该一个接一个运行的方式。这将有助于 sonar 阶段访问构建阶段之后形成的编译库。 报告发布后有新问题出现,我正在更新有关该问题的问题。 你在用jacoco吗? 是的,我正在使用 jacoco 报告,让我分享构建命令。build: stage: build image: registry.git.xxyy.com/containers/builder-images/maven/jdk-11:3.6.0 script: - run_mvn clean install artifacts: paths: - target/
在 sonarqube 用户界面中,收到此警告 Property 'sonar.jacoco.reportPath' is no longer supported. Use JaCoCo's xml report and sonar-jacoco plugin以上是关于通过 ci-pipeline 发布声纳报告后对 sonarQube 的覆盖率为零的主要内容,如果未能解决你的问题,请参考以下文章