DevOps

1、jenkins pipeline从git下载代码执行sonarqube扫描

pipeline {
    agent any
    options{
        //超时设置 单位：分钟 
        timeout(time: 5)
        //重试次数
        retry(0)
        //保持构建的最大个数
        buildDiscarder(logRotator(numToKeepStr:'3'))
        //不允许并发构建
        disableConcurrentBuilds()
        gitLabConnection('AMS gitlab')
    }
    tools {
        maven 'apache-maven-3.6.3'
        jdk 'jdk1.8.0_261'
    }
    stages {
        //下载代码
        stage('pull code') {
            steps {
                deleteDir()
                git branch: 'develop', credentialsId: 'fa87a0cc-9dea-4aea-927a-b6c4137c5bac', url: 'ssh://git@X:X/X.git'
            }
        }
        //代码扫描
        stage('scan code') {
            
            steps {
                script {
                    scannerHome = tool 'sonar-scanner-4.6.0'
                }                
                withSonarQubeEnv('SonarQube ') {
                    sh "${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=X -Dsonar.java.binaries=$WORKSPACE -Dsonar.java.source=1.8 -Dsonar.analysis.branch=develop  -Dsonar.coverage.exclusions=**/**/**"
                } 
                sleep time: 5, unit: 'SECONDS'
                script{
                    qg = waitForQualityGate()
                    if (qg.status != 'OK') {
                        updateGitlabCommitStatus name: 'scan', state: 'failed'
                        error "未通过Sonarqube的代码质量阈检查，请及时修改！failure: ${qg.status}"
                    }else{
                        updateGitlabCommitStatus name: 'scan', state: 'success'
                    }                    
                }

            }
        } 
        //打包
        stage('package code') {
            steps {
                sh 'mvn clean package'  
                updateGitlabCommitStatus name: 'build', state: 'success'
            }
        }   
        //发布
        stage('publish code') {
            steps {
                sh 'scp $WORKSPACE/X/X.jar X:/X'  
                sh 'ssh X "ps -ef|grep 8096|grep -v grep |awk \'{print \$2}\'|xargs -r kill -9;nohup /data/software/jdk1.8.0_261/bin/java -jar /X/X.jar --server.port=8096 > /dev/null 2>&1 &"'
                updateGitlabCommitStatus name: 'publish', state: 'success'
            }
        }          
    }
  post {
    success {
      updateGitlabCommitStatus name: 'complete', state: 'success'
    }
    failure {
      updateGitlabCommitStatus name: 'complete', state: 'failed'
      emailext to: 'X@X',subject: '${PROJECT_NAME} - Build #${BUILD_NUMBER} - ${BUILD_STATUS}!',body: 'Check console output at ${BUILD_URL} to view the results'
    }
  }
}

2、使用凭证中的用户名密码

1、pipeline形式

pipeline {
    agent {
        node {
            label 'common-frontend'
        }
    }

    stages {
        stage('pull-code') {
            steps {
                // wsl_git_token为用户名密码形式的凭据名
                git credentialsId: 'wsl_git_token', url: 'http://XX.git' ,branch: 'release' 
            }
        }
        stage('package code') {
            steps {
                
                withCredentials([usernamePassword(credentialsId: "nexus_ams_credential", passwordVariable: 'password', usernameVariable: 'username')]) {
                    sh "nexus_login.sh ${username} ${password} [email protected] npm_ams_group"
                }
                sh 'npm install  --registry=http://X:8081/repository/npm_ams_group'
                sh 'npm run build:prod' 
            }
        } 
        stage('publish code') {
            steps {
                sh 'tar -cvf dist.tar dist'
                sh 'scp -o StrictHostKeyChecking=no dist.tar X:/data/app/eamap/app'  
                sh 'ssh X "cd /data/app/eamap/app;rm -rf dist;tar -xvf dist.tar;"'
            }
        }         
    }
}

2、图形化形式

图片.png