Docker部署Sonarqube
创建数据目录
mkdir -pv /data/postgre/PostgreSqlData
mkdir -pv /data/sonarqube/{
data,extensions,logs}
chown 999 /data/sonarqube -R
修改主机配置
vim /etc/sysctl.conf
加入
vm.max_map_count=655360
sysctl -p
Docker编排文件
version: "3"
services:
postgre:
container_name: postgre
image: postgres:9.6.21
restart: always
ports:
- 5432:5432
volumes:
- /etc/localtime:/etc/localtime
- /data/postgre/PostgreSqlData:/var/lib/postgresql/data
environment:
- POSTGRES_USER=sonar
- POSTGRES_PASSWORD=sonar
networks:
- sonarqube
sonar:
container_name: sonar
image: sonarqube:7.9.6-community
restart: always
links:
- postgre
depends_on:
- postgre
ports:
- "9000:9000"
volumes:
- /etc/localtime:/etc/localtime
- /data/sonarqube/data:/opt/sonarqube/data
- /data/sonarqube/extensions:/opt/sonarqube/extensions
- /data/sonarqube/logs:/opt/sonarqube/logs
environment:
- bootstrap.memory_lock=true
- ES_JAVA_OPTS="-Xms1g -Xmx1g"
- SONARQUBE_JDBC_USERNAME=sonar
- SONARQUBE_JDBC_PASSWORD=sonar
- SONARQUBE_JDBC_URL=jdbc:postgresql://postgre:5432/sonar
ulimits:
memlock:
soft: -1
hard: -1
networks:
- sonarqube
networks:
sonarqube:
登录配置
登录地址:
http://IP:9000/
帐号: admin
口令: admin
插件安装
下载地址:
- 中文插件
https://github.com/xuhuisheng/sonar-l10n-zh/releases
- java插件
https://binaries.sonarsource.com/Distribution/sonar-java-plugin/sonar-java-plugin-6.9.0.23563.jar
下载版本要与sonarqube版本对应
使用插件
mkdir /data/sonarqube/extensions/plugins
mv sonar-l10n-zh-plugin-1.29.jar /data/sonarqube/extensions/plugins/
mv sonar-java-plugin-6.9.0.23563.jar /data/sonarqube/extensions/plugins/
chown 999.999 /data/sonarqube/extensions/plugins/ -R
cd /data/docker-compose/sonarqube
docker-compose restart sonar
集成到Jenkins
- 这里jenkins为docker方式部署
SonarQube创建令牌
我的账号-> 安全
输入令牌名称,比如Jenkins,点击生成,会生成如下令牌
fced26d48ac737a93b95c0aba5d35334b43f0a44
jenkins配置
下载插件
下载地址:
https://plugins.jenkins.io/
搜索SonarQube, 下载对应插件, 放到jenkins_home/plugins下
配置插件
配置SonarQube Server
jenkins->系统管理->系统配置->SonarQube servers-> Add SonarQube
name: SonarQubeServer
Server URL: http://sonarqube_IP:9000
Server authentication token: 选中之前配置好的凭证
sonarqube凭证配置:
系统管理->凭证管理(Manager Credentials)->全局[下拉箭头]->添加凭据
类型: secret text 范围: 全局 Secret: 上面保存的sonarqube令牌 ID: 不填,会自动生成 描述: SonarQube_Auth
配置SonarQube Scanner
-
下载SonarQube Scanner,下载地址
https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.0.2311-linux.zip
解压安装,并映射到jenkins容器中
sonar-scanner安装目录映射 - /data/sonarqube/sonar-scanner:/opt/sonar-scanner 环境变量文件映射 - /data/sonarqube/sonar-scanner/sonar-scanner.sh:/etc/profile.d/sonar-scanner.sh 环境变量配置 cat sonar-scanner.sh SCANNERHOME=/opt/sonar-scanner PATH=$SCANNERHOME/bin:$PATH
如果是本机安装jenkins,直接在本机安装sonar-scanner即可
sonar-scanner.properties配置文件
cat /data/sonarqube/sonar-scanner/conf/sonar-scanner.properties
#----- Default SonarQube server
#sonar.host.url=http://3.1.101.36:9000
#----- Default source code encoding
#sonar.sourceEncoding=UTF-8
sonar.projectVersion=1.0
sonar.sourceEncoding=UTF-8
sonar.scm.disabled=true
sonar.modules=java-module,javascript-module,html-module
# Java module
java-module.sonar.language=java
java-module.sonar.java.sources=1.8
java-module.sonar.java.target=1.8
java-module.sonar.sources=.
java-module.sonar.java.binaries=.
java-module.sonar.projectBaseDir=src
#java-module.sonar.exclusions=**./target/**
# JavaScript module
javascript-module.sonar.language=js
javascript-module.sonar.sources=.
javascript-module.sonar.projectBaseDir=src
# Html module
html-module.sonar.language=html
html-module.sonar.sources=.
html-module.sonar.projectBaseDir=dist
集成jenkins不需要配置login和passwd, 根据项目需求将此文件复制到对应根目录修改sonar.modules即可
jenkins->系统管理->全局工具配置->SonarQube Scanner 安装
-
新增SonarQubeScanner
取消自动安装,使用jenkins本机安装的Scanner
Name: SonarQubeScanner SONAR_RUNNER_HOME: /opt/sonar-scanner/bin -
pipeline流水线调用sonarqube检测
pipeline {
agent any tools {
maven 'MAVEN3' jdk 'JDK1.8' } environment {
// 项目代码拉取 git_path = "http://3.1.101.36:3000/credit-rebuild/bank-credit-sy.git" git_auth_id = "cfa69b9a-5c02-4992-b09a-6dd4e757700c" git_branch = "master" } parameters { extendedChoice name: 'project_names', type: 'PT_CHECKBOX', description: '请勾选所要发布的项目模块', quoteValue: false, saveJSONParameterToFile: false, value: 'account-server,account-api', descriptionPropertyValue: 'account-server,account-api', visibleItemCount: 2, multiSelectDelimiter: ',', defaultValue: 'account-server' } stages { stage('项目代码拉取') { steps { deleteDir() // clean up current workspace // sh "rm -rf /root/.m2" checkout([$class: 'GitSCM', branches: [[name: "${git_branch}"]], extensions: [], userRemoteConfigs: [[credentialsId: "${git_auth_id}", url: "${git_path}"]]]) } } stage('代码质量检查'){ steps{ script { for (project_name in project_names.tokenize(',')) { // SonarQubeScanner为全局变量配置的名称 ScannerHome = tool 'SonarQubeScanner' // SonarQubeServer为系统配置中配置的名称 withSonarQubeEnv('SonarQubeServer') { sh """ cd ${JOB_NAME}/${project_name}; ${ScannerHome}/bin/sonar-scanner -Dsonar.projectKey="${project_name}" -Dsonar.projectName="${project_name}" """ } } } } } stage('项目构建') { steps { sh ''' mvn clean package -Dmaven.test.skip=true ''' } } stage('项目发布') { steps { script { for (project_name in project_names.tokenize(',')) { // 项目代码发布 def target_dir = "${JOB_NAME}/${project_name}/target" def target_file = "*.jar" def source_file = "${target_dir}/${target_file}" def remove_prefix = "${target_dir}" def remote_server = "weblogic1" def remote_path = "/opt/ccms-auto-deploy" def remote_dir = "${JOB_NAME}/${project_name}" def remote_cmd = "/bin/bash /data/scripts/chmod.sh; cd ${remote_path}/${remote_dir}; ps aux |grep ${project_name}.*.jar|grep -v grep|awk '{print \$2}'|xargs kill -9; source /etc/profile; nohup java -jar `ls ${project_name}-*-SNAPSHOT.jar -1t|head -n1` >> ${project_name}.log &" sshPublisher(publishers: [sshPublisherDesc(configName: "${remote_server}", transfers: [sshTransfer(execCommand: "${remote_cmd}", remoteDirectory: "${remote_dir}", removePrefix: "${remove_prefix}", sourceFiles: "${source_file}")],)]) } } } } }}