【DevOps】第五章 SonarQube与jenkins集成和优化(二)
文章目录
- 一、添加流水线步骤实现代码自动扫描
-
- 1、在共享库中创建sonarqube.groovy文件
- 2、修改jenkinsfile
- 3、提交项目触发流水线
- 4、扫描结果展示
- 二、使用sonar插件完成代码扫描
-
- 1、在jenkins中安装SonarQube Scanner插件
- 2、配置SonarQbue服务器
- 3、 在jenkins中配置SonarQube服务器
- 4、修改流水线
- 5、使用jenkins插件的效果:
- 6、支持多sonar服务方式
一、添加流水线步骤实现代码自动扫描
1、在共享库中创建sonarqube.groovy文件
1.1 生成流水线语法
通过创建时间戳,添加项目标签,后边项目即可看到效果。
1.2 在gitlab共享库中创建sonarqube.groovy文件
- 文件内容
package org.devops
//scan
def SonarScan(projectName,projectDesc,projectPath){
def scannerHome = "/usr/local/sonar-scanner/"
def sonarServer = "http://192.168.223.92:9000"
def sonarDate = sh returnStdout: true, script: 'date +%Y%m%d%H%M%S'
sonarDate = sonarDate - "\n"
sh """
${scannerHome}/bin/sonar-scanner -Dsonar.host.url=${sonarServer} \
-Dsonar.projectKey=${projectName} \
-Dsonar.projectName=${projectName} \
-Dsonar.projectVersion=${sonarDate} \
-Dsonar.login=admin \
-Dsonar.password=yanglt123. \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription=${projectDesc} \
-Dsonar.links.homepage=http://www.baidu.com \
-Dsonar.sources=${projectPath} \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports
"""
}
**文件内容说明: **
def scannerHome = “/usr/local/sonar-scanner/” #定义扫描器的安装目录变量
def sonarServer = “http://192.168.223.92:9000” #定义sonarqubede 的web地址变量
sonar.projectKey= #sonar平台中相对应项目的key
key sonar.projectName= #sonar平台中相对应项目的名字
2、修改jenkinsfile
在jenkinsfile加载共享库,并进行类的实例化。
#!groovy
@Library('jenkinslib@master')_
//func from sharelibrary
....
def sonar = new org.devops.sonarqube()
#在pipeline中添加stage步骤:
stage ("QA"){
steps {
script{
tools.PrintMes("代码扫描","green")
sonar.SonarScan("$JOB_NAME","$JOB_NAME","src")
}
}
}
- 完整jenkins文件如下:
#!groovy
@Library('jenkinslib@master')_
//func from sharelibrary
def build = new org.devops.build()
def deploy = new org.devops.deploy()
def tools = new org.devops.tools()
def gitlab = new org.devops.gitlab()
def toemail = new org.devops.toemail()
def sonar = new org.devops.sonarqube()
//env
String buildType = "${env.buildType}"
String buildShell = "${env.buildShell}"
String deployHosts = "${env.deployHosts}"
String srcUrl = "${env.srcUrl}"
String branchName = "${env.branchName}"
if("${runOpts}" == "GitlabPush"){
branchName = branch - "refs/heads/"
currentBuild.description = "Trigger by ${userName} ${branch}"
gitlab.ChangeCommitStatus(projectId,commitSha,"running")
}
//pipeline
pipeline{
//agent { node{label 'master'}}
agent any
stages {
stage("CheckOut"){
steps{
script{
println("${branchName}")
tools.PrintMes("获取代码","green")
checkout([$class: 'GitSCM', branches: [[name: '${branchName}']], extensions: [], userRemoteConfigs: [[credentialsId: '112fd041-4195-49e6-aeb6-004f40dcd437', url: '${srcUrl}']]])
}
}
}
stage ("build"){
steps{
script{
tools.PrintMes("执行打包","green")
build.Build(buildType,buildShell)
//deploy.SaltDeploy("${deployHosts}", "test.ping")
//deploy.AnsibleDeploy("$deployHosts", "-m ping")
}
}
}
stage ("QA"){
steps {
script{
tools.PrintMes("代码扫描","green")
sonar.SonarScan("$JOB_NAME","$JOB_NAME","src")
}
}
}
}
post {
//(1)不管失败与否,都执行
always{
script{
tools.PrintMes("总是执行","green")
}
}
success{
script{
tools.PrintMes("sucess","green")
gitlab.ChangeCommitStatus(projectId,commitSha,"success")
//参数:构建状态-给谁发信息
toemail.Email("流水线成功了!",userEmail)
}
}
failure{
script{
tools.PrintMes("failure","red")
gitlab.ChangeCommitStatus(projectId,commitSha,"failed")
toemail.Email("流水线失败了!",userEmail)
}
}
aborted{
script{
println("aborted")
gitlab.ChangeCommitStatus(projectId,commitSha,"canceled")
toemail.Email("流水线被取消了!",userEmail)
}
}
}
}
3、提交项目触发流水线
修改项目文件README.md,提交触发流线。
4、扫描结果展示
再次提交代码
查看代码扫描记录(文章开头配置的时间戳项目标签)
二、使用sonar插件完成代码扫描
1、在jenkins中安装SonarQube Scanner插件
插件名称:SonarQube Scanner
2、配置SonarQbue服务器
2.1 登录sonarqube的web端获取令牌
点击->生成->生成如下令牌
2.2 登录jenkins使用sonarqube中获取的token创建凭据
3、 在jenkins中配置SonarQube服务器
jenkins配置–>系统配置–>SonarQube servers
4、修改流水线
官网文档:https://docs.sonarqube.org/8.9/analysis/scan/sonarscanner-for-jenkins/
使用Jenkins管道,提供了一个withSonarQubeEnv块,允许你选择要与之交互的 SonarQube 服务器。在 Jenkins 全局配置中配置的连接详细信息将自动传递给扫描仪。
修改共享库文件:sonarqube.groov
withSonarQubeEnv("${sonarqube-test}"){
}
#使用个该参数,就不用管在pipline中指定用户名密码了
package org.devops
//scan
def SonarScan(projectName,projectDesc,projectPath){
withSonarQubeEnv("sonarqube-test"){
def scannerHome = "/usr/local/sonar-scanner/"
def sonarDate = sh returnStdout: true, script: 'date +%Y%m%d%H%M%S'
sonarDate = sonarDate - "\n"
sh """
${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=${projectName} \
-Dsonar.projectName=${projectName} \
-Dsonar.projectVersion=${sonarDate} \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription=${projectDesc} \
-Dsonar.links.homepage=http://www.baidu.com \
-Dsonar.sources=${projectPath} \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports
"""
}
}
5、使用jenkins插件的效果:
如图会多出一个sonar图标
点击图标:
6、支持多sonar服务方式
package org.devops
//scan
def SonarScan(sonarServer,projectName,projectDesc,projectPath){
//定义服务器列表
def servers = ["test":"sonarqube-test","prod":"sonarqube-prod"]
withSonarQubeEnv("sonarqube-test"){
def scannerHome = "/usr/local/sonar-scanner/"
def sonarDate = sh returnStdout: true, script: 'date +%Y%m%d%H%M%S'
sonarDate = sonarDate - "\n"
sh """
${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=${projectName} \
-Dsonar.projectName=${projectName} \
-Dsonar.projectVersion=${sonarDate} \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription=${projectDesc} \
-Dsonar.links.homepage=http://www.baidu.com \
-Dsonar.sources=${projectPath} \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports
"""
}
}
添加sonarServer参数,
//定义服务器列表
def servers = [“test”:“sonarqube-test”,“prod”:“sonarqube-prod”]
修改pipline的ci.jenkinsfile文件,传递test参数
#!groovy
@Library('jenkinslib@master')_
//func from sharelibrary
def build = new org.devops.build()
def deploy = new org.devops.deploy()
def tools = new org.devops.tools()
def gitlab = new org.devops.gitlab()
def toemail = new org.devops.toemail()
def sonar = new org.devops.sonarqube()
//env
String buildType = "${env.buildType}"
String buildShell = "${env.buildShell}"
String deployHosts = "${env.deployHosts}"
String srcUrl = "${env.srcUrl}"
String branchName = "${env.branchName}"
if("${runOpts}" == "GitlabPush"){
branchName = branch - "refs/heads/"
currentBuild.description = "Trigger by ${userName} ${branch}"
gitlab.ChangeCommitStatus(projectId,commitSha,"running")
}
//pipeline
pipeline{
//agent { node{label 'master'}}
agent any
stages {
stage("CheckOut"){
steps{
script{
println("${branchName}")
tools.PrintMes("获取代码","green")
checkout([$class: 'GitSCM', branches: [[name: '${branchName}']], extensions: [], userRemoteConfigs: [[credentialsId: '112fd041-4195-49e6-aeb6-004f40dcd437', url: '${srcUrl}']]])
}
}
}
stage ("build"){
steps{
script{
tools.PrintMes("执行打包","green")
build.Build(buildType,buildShell)
//deploy.SaltDeploy("${deployHosts}", "test.ping")
//deploy.AnsibleDeploy("$deployHosts", "-m ping")
}
}
}
stage ("QA"){
steps {
script{
tools.PrintMes("代码扫描","green")
sonar.SonarScan("test","$JOB_NAME","$JOB_NAME","src")
}
}
}
}
post {
//(1)不管失败与否,都执行
always{
script{
tools.PrintMes("总是执行","green")
}
}
success{
script{
tools.PrintMes("sucess","green")
gitlab.ChangeCommitStatus(projectId,commitSha,"success")
//参数:构建状态-给谁发信息
toemail.Email("流水线成功了!",userEmail)
}
}
failure{
script{
tools.PrintMes("failure","red")
gitlab.ChangeCommitStatus(projectId,commitSha,"failed")
toemail.Email("流水线失败了!",userEmail)
}
}
aborted{
script{
println("aborted")
gitlab.ChangeCommitStatus(projectId,commitSha,"canceled")
toemail.Email("流水线被取消了!",userEmail)
}
}
}
}
再次修改项目提交:
查看jenkins效果
另一种方法:可以根据项目名称选择不同的环境