SonarQube se yon platfòm asirans kalite kòd sous louvri ki sipòte yon pakèt lang pwogramasyon ak rapò sou mezi tankou kopi kòd, konfòmite estanda kodaj, pwoteksyon tès, konpleksite kòd, ensèk potansyèl, ak plis ankò. SonarQube fasilman vizyalize rezilta analiz yo epi li pèmèt ou swiv dinamik devlopman pwojè yo sou tan.
Objektif: Montre devlopè estati kontwòl kalite kòd sous nan SonarQube.
Gen de solisyon:
- Kouri yon script pou tcheke estati kontwòl kalite kòd sous nan SonarQube. Si kontwòl kalite kòd sous la nan SonarQube pa pase, Lè sa a, echwe asanble a.
- Montre estati kontwòl kalite kòd sous sou paj prensipal pwojè a.
Enstale SonarQube
Pou enstale sonarqube soti nan pakè rpm, nou pral itilize repozitwa a
Ann enstale pake a ak depo pou CentOS 7.
yum install -y https://harbottle.gitlab.io/harbottle-main/7/x86_64/harbottle-main-release.rpm
Nou enstale sonarqube tèt li.
yum install -y sonarqube
Pandan enstalasyon, pifò grefon yo pral enstale, men ou bezwen enstale findbugs ak pmd
yum install -y sonarqube-findbugs sonarqube-pmd
Lanse sèvis la epi ajoute li nan demaraj
systemctl start sonarqube
systemctl enable sonarqube
Si li pran anpil tan pou chaje, Lè sa a, ajoute yon dèlko nimewo o aza /dev/./urandom nan fen opsyon yo sonar.web.javaOpts
sonar.web.javaOpts=другие параметры -Djava.security.egd=file:/dev/urandom
Kouri yon script pou tcheke estati kontwòl kalite kòd sous nan SonarQube.
Malerezman, plugin sonar-break-maven-plugin pa te mete ajou depi lontan. Se konsa, ann ekri pwòp script nou an.
Pou tès nou pral sèvi ak depo a
Enpòte nan Gitlab. Ajoute .gitlab-ci.yml fichye a:
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.226:9000"
LOGIN: "admin" # логин sonarqube
PASSWORD: "admin" # пароль sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- apt install -y jq || true
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
- export URL=$(cat target/sonar/report-task.txt | grep ceTaskUrl | cut -c11- ) #URL where report gets stored
- echo $URL
- |
while : ;do
curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED, IN_PROGRESS or FAILED
echo $status
if [ ${status} == "SUCCESS" ];then
echo "SONAR ANALYSIS SUCCESS";
break
fi
sleep 5
done
- curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
- export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED or FAILED
- export analysisId=$(cat analysis.txt | jq -r '.task.analysisId') #Get the analysis Id
- |
if [ "$status" == "SUCCESS" ]; then
echo -e "SONAR ANALYSIS SUCCESSFUL...ANALYSING RESULTS";
curl -k -u "$LOGIN":"$PASSWORD" "$SONAR_HOST_URL/api/qualitygates/project_status?analysisId=$analysisId" -o result.txt; #Analysis result like critical, major and minor issues
export result=$(cat result.txt | jq -r '.projectStatus.status');
if [ "$result" == "ERROR" ];then
echo -e "91mSONAR RESULTS FAILED";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')"; #prints the critical, major and minor violations
exit 1 #breaks the build for violations
else
echo -e "SONAR RESULTS SUCCESSFUL";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')";
exit 0
fi
else
echo -e "e[91mSONAR ANALYSIS FAILEDe[0m";
exit 1 #breaks the build for failure in Step2
fi
tags:
- docker
Fichye .gitlab-ci.yml la pa pafè. Teste si travay optik nan sonarqube te fini ak estati a: "SIKSÈ". Jiskaprezan pa te gen lòt estati. Le pli vit ke gen lòt estati, mwen pral korije .gitlab-ci.yml nan pòs sa a.
Montre estati kontwòl kalite kòd sous la sou paj prensipal pwojè a
Enstale Plugin la pou SonarQube
yum install -y sonarqube-qualinsight-badges
Nou ale nan SonarQube nan
Kreye yon itilizatè regilye, pou egzanp "badj".
Konekte sou SonarQube anba itilizatè sa a.
Ale nan "Kont mwen an", kreye yon nouvo siy, pou egzanp ak non "read_all_repository" epi klike sou "Genereate".
Nou wè ke yon siy te parèt. Li pral parèt sèlman 1 fwa.
Konekte kòm administratè.
Ale nan Konfigirasyon -> Badj SVG
Kopi siy sa a nan jaden "Siy badj Aktivite" epi klike sou bouton sove a.
Ale nan Administrasyon -> Sekirite -> Modèl Pèmisyon -> Modèl Default (ak lòt modèl ou pral genyen).
Itilizatè badj yo dwe make kaz "Browse".
Tès.
Pa egzanp, ann pran pwojè a
Ann enpòte pwojè sa a.
Ajoute .gitlab-ci.yml fichye a nan rasin pwojè a ak kontni sa a.
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.115:9000"
LOGIN: "admin" # логин sonarqube
PASSWORD: "admin" # пароль sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
tags:
- docker
Nan SonarQube pwojè a pral sanble sa a:
Ajoute sak nan README.md epi yo pral sanble sa a:
Kòd ekspozisyon badj yo sanble sa a:
Analize kòd ekspozisyon badj yo:
[![Quality Gate](http://172.26.9.115:9000/api/badges/gate?key=com.github.jitpack:maven-simple)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![Название](http://172.26.9.115:9000/api/badges/gate?key=Project Key)](http://172.26.9.115:9000/dashboard?id=id-проекта)
[![Coverage](http://172.26.9.115:9000/api/badges/measure?key=com.github.jitpack:maven-simple&metric=coverage)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![Название Метрики](http://172.26.9.115:9000/api/badges/measure?key=Project Key&metric=МЕТРИКА)](http://172.26.9.115:9000/dashboard?id=id-проекта)
Ki kote pou jwenn/tcheke Kle Pwojè ak id pwojè.
Kle Pwojè a se nan pati anba a dwat. URL la gen id pwojè a.
Opsyon pou jwenn mezi yo kapab
Tout demann rale pou amelyorasyon, ranje ensèk
Telegram chat sou SonarQube
Telegram chat sou DevSecOps - sekirite DevOps
Sous: www.habr.com