SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式
CI流水线集成
shell 命令行方式
流水线中添加代码扫描阶段(如果觉得下面参数太多,可以在项目里面加上sonar的配置参数文件)
def buildTools = ["maven": "/usr/local/apache-maven-3.8.1",
"sonar": "/usr/local/sonar-scanner-4.6.0.2311-linux"]
pipeline{
agent {label "build"}
stages{
stage("GetCode"){
steps{
script{
println("下载分支代码----->${env.branchName}")
checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: "$credentialsId", url: "${gitHttpURL}"]]])
}
}
}
stage("Build"){
steps{
script{
sh "${buildTools["maven"]}/bin/mvn clean package"
}
}
}
stage("UnitTest"){
steps{
script{
sh "${buildTools["maven"]}/bin/mvn test"
}
}
post{
success{
script{
junit 'target/surefire-reports/*.xml'
}
}
}
}
stage("SonarScan"){
steps{
script{
sh """
${buildTools["sonar"]}/bin/sonar-scanner -Dsonar.host.url=http://139.198.170.122:9000 \
-Dsonar.projectKey=devops-maven-service \
-Dsonar.projectName=devops-maven-service \
-Dsonar.projectVersion=1.0 \
-Dsonar.login=admin \
-Dsonar.password=admin \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription="my first project!" \
-Dsonar.links.homepage=http://139.198.170.122:81/root/devops-maven-service \
-Dsonar.links.ci=http://139.198.170.122:8080/job/devops-maven-service/ \
-Dsonar.sources=src/main \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports
"""
}
}
}
}
}Jenkins 插件方式
参考:SonarScanner for Jenkins | SonarQube Docs
Jenkins插件的好处是可以在这里面进行跳转
在Jenkins中安装插件sonarqube scanner
在这里主要是配置sonar的信息,先去配置凭据,这个token要去sonar上进行配置
令牌:如果想强化安全,不想在执行代码扫描或调用Web Service时使用真实SonarQube用户的密码,可以使用用户令牌来代替用户登录。这样可以通过避免把分析用户的密码在网络传输,从而提升安全性
将token保存到Jenkins凭据中
这样就创建好了一个凭据,然后转到"管理Jenkins>系统配置",向下滚动到SonarQube配置部分,单击Add SonarQube,添加服务器,选择凭据。
使用withSonarQubeEnv DSL引入在Jenkins中配置的sonar环境
在片段生成器中查看用法, 注入与所选SonarQube 安装相关的环境变量。将设置以下变量:
SONAR_HOST_URL ## 在jenkins管理页面配置的sonar地址
SONAR_AUTH_TOKEN ## 在jenkins管理页面配置的sonar认证信息@Library("devopslib@main") _
def project = new org.devops.build()
def sonar = new org.devops.sonarquebscanner()
def buildTools = ["maven": "/usr/local/apache-maven-3.8.1"]
def credentials = ["devops-maven-sonarqube": "f8b33d17-c1cf-428e-aa31-99d4038e59d0"]
String buildType = "${env.buildType}"
String projectDescription = "this is maven project"
currentBuild.description = "maven project"
pipeline {
agent {
label 'build'
}
stages {
stage('CheckOut') {
steps {
checkout([$class: 'GitSCM',
branches: [[name: "${branchName}"]],
extensions: [], userRemoteConfigs:
[[credentialsId: "${credentialsId}",
url: "${srcUrl}"]]])
}
}
stage('Build'){
steps{
script{
project.build(buildType,buildTools)
}
}
}
stage("UnitTest"){
steps{
script{
sh "${buildTools["maven"]}/bin/mvn test"
}
}
post{
success{
script{
junit 'target/surefire-reports/*.xml'
}
}
}
}
stage('Sonar-plugin'){
steps{
script{
withSonarQubeEnv("sonarqube-devops-maven"){
sh """
sonar-scanner \
-Dsonar.host.url=${SONAR_HOST_URL} \
-Dsonar.projectKey=${env.JOB_NAME} \
-Dsonar.projectName=${env.JOB_NAME} \
-Dsonar.projectVersion=${env.BUILD_NUMBER} \
-Dsonar.login=${SONAR_AUTH_TOKEN} \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription="my first project!" \
-Dsonar.links.homepage=${env.srcUrl} \
-Dsonar.links.ci=${env.BUILD_URL} \
-Dsonar.sources=src \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports
"""
}
}
}
}
stage('CodeScan'){
steps{
script{
withCredentials([string(credentialsId: "${credentials['devops-maven-sonarqube']}", variable: 'token')]) {
//sonar.scanner(buildType,token,projectDescription,srcUrl)
println("....")
}
}
}
}
}
}
FAQ: sonar服务器名称错误,需要与系统设置中配置的一致。
ERROR: SonarQube installation defined in this job (mysonarserver) does not match any configured installation. Number of installations that can be configured: 1.
If you want to reassign jobs to a different SonarQube installation, check the documentation under https://redirect.sonarsource.com/plugins/jenkins.html
最后插件扫描代码放到共享库当中
package org.devops
def scannerWithPlugin(buildType){
switch(buildType){
case "maven":
sh """
sonar-scanner \
-Dsonar.host.url=${SONAR_HOST_URL} \
-Dsonar.projectKey=${env.JOB_NAME} \
-Dsonar.projectName=${env.JOB_NAME} \
-Dsonar.projectVersion=${env.BUILD_NUMBER} \
-Dsonar.login=${SONAR_AUTH_TOKEN} \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription="my first project!" \
-Dsonar.links.homepage=${env.srcUrl} \
-Dsonar.links.ci=${env.BUILD_URL} \
-Dsonar.sources=src \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports
"""
break
case "npm":
sh """
sonar-scanner \
-Dsonar.projectKey=${env.JOB_NAME} \
-Dsonar.projectName=${env.JOB_NAME} \
-Dsonar.sources=src \
-Dsonar.host.url=${SONAR_HOST_URL} \
-Dsonar.login=${SONAR_AUTH_TOKEN} \
-Dsonar.projectVersion=${env.BUILD_NUMBER} \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription="my first project!" \
-Dsonar.links.homepage=${env.srcUrl} \
-Dsonar.links.ci=${env.BUILD_URL} \
-Dsonar.sourceEncoding=UTF-8
"""
break
default:
println("sonar error !")
}
}@Library("devopslib@main") _
def project = new org.devops.build()
def sonar = new org.devops.sonarquebscanner()
def buildTools = ["maven": "/usr/local/apache-maven-3.8.1"]
def credentials = ["devops-maven-sonarqube": "f8b33d17-c1cf-428e-aa31-99d4038e59d0"]
String buildType = "${env.buildType}"
String projectDescription = "this is maven project"
currentBuild.description = "maven project"
pipeline {
agent {
label 'build'
}
stages {
stage('CheckOut') {
steps {
checkout([$class: 'GitSCM',
branches: [[name: "${branchName}"]],
extensions: [], userRemoteConfigs:
[[credentialsId: "${credentialsId}",
url: "${srcUrl}"]]])
}
}
stage('Build'){
steps{
script{
project.build(buildType,buildTools)
}
}
}
stage("UnitTest"){
steps{
script{
sh "${buildTools["maven"]}/bin/mvn test"
}
}
post{
success{
script{
junit 'target/surefire-reports/*.xml'
}
}
}
}
stage('Sonar-plugin'){
steps{
script{
withSonarQubeEnv("sonarqube-devops-maven"){
sonar.scannerWithPlugin(buildType)
}
}
}
}
stage('CodeScan'){
steps{
script{
withCredentials([string(credentialsId: "${credentials['devops-maven-sonarqube']}", variable: 'token')]) {
//sonar.scanner(buildType,token,projectDescription,srcUrl)
println("....")
}
}
}
}
}
}
def scannerWithPlugin(buildType){
def sonarDate = sh returnStdout: true, script: 'date +%F'
sonarDate = sonarDate - "\n"
switch(buildType){
case "maven":
sh """
sonar-scanner \
-Dsonar.projectVersion=${sonarDate} \
"""
break
目录 返回
首页