Montre estati kontwòl kalite kòd sous nan SonarQube bay devlopè yo

SonarQube se yon platfòm asirans kalite kòd sous louvri ki sipòte yon pakèt lang pwogramasyon ak rapò sou mezi tankou kopi kòd, konfòmite estanda kodaj, pwoteksyon tès, konpleksite kòd, ensèk potansyèl, ak plis ankò. SonarQube fasilman vizyalize rezilta analiz yo epi li pèmèt ou swiv dinamik devlopman pwojè yo sou tan.

Objektif: Montre devlopè estati kontwòl kalite kòd sous nan SonarQube.

Gen de solisyon:

• Kouri yon script pou tcheke estati kontwòl kalite kòd sous nan SonarQube. Si kontwòl kalite kòd sous la nan SonarQube pa pase, Lè sa a, echwe asanble a.
• Montre estati kontwòl kalite kòd sous sou paj prensipal pwojè a.

Enstale SonarQube

Pou enstale sonarqube soti nan pakè rpm, nou pral itilize repozitwa a https://harbottle.gitlab.io/harbottle-main.

Ann enstale pake a ak depo pou CentOS 7.

yum install -y https://harbottle.gitlab.io/harbottle-main/7/x86_64/harbottle-main-release.rpm

Nou enstale sonarqube tèt li.

yum install -y sonarqube

Pandan enstalasyon, pifò grefon yo pral enstale, men ou bezwen enstale findbugs ak pmd

yum install -y sonarqube-findbugs sonarqube-pmd

Lanse sèvis la epi ajoute li nan demaraj

systemctl start sonarqube
systemctl enable sonarqube

Si li pran anpil tan pou chaje, Lè sa a, ajoute yon dèlko nimewo o aza /dev/./urandom nan fen opsyon yo sonar.web.javaOpts

sonar.web.javaOpts=другие параметры -Djava.security.egd=file:/dev/urandom

Kouri yon script pou tcheke estati kontwòl kalite kòd sous nan SonarQube.

Malerezman, plugin sonar-break-maven-plugin pa te mete ajou depi lontan. Se konsa, ann ekri pwòp script nou an.

Pou tès nou pral sèvi ak depo a https://github.com/uweplonus/spotbugs-examples.

Enpòte nan Gitlab. Ajoute .gitlab-ci.yml fichye a:

variables:
  MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
  MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
  SONAR_HOST_URL: "http://172.26.9.226:9000"
  LOGIN: "admin" # логин sonarqube
  PASSWORD: "admin" # пароль sonarqube

cache:
  paths:
    - .m2/repository

build:
  image: maven:3.3.9-jdk-8
  stage: build
  script:
    - apt install -y jq || true
    - mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
    - mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
    - export URL=$(cat target/sonar/report-task.txt | grep ceTaskUrl | cut -c11- ) #URL where report gets stored
    - echo $URL
    - |
      while : ;do
          curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
          export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED, IN_PROGRESS or FAILED
          echo $status
          if [ ${status} == "SUCCESS" ];then
            echo "SONAR ANALYSIS SUCCESS";
            break
          fi
          sleep 5
      done
    - curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
    - export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED or FAILED
    - export analysisId=$(cat analysis.txt | jq -r '.task.analysisId') #Get the analysis Id
    - |
      if [ "$status" == "SUCCESS" ]; then
        echo -e "SONAR ANALYSIS SUCCESSFUL...ANALYSING RESULTS";
        curl -k -u "$LOGIN":"$PASSWORD" "$SONAR_HOST_URL/api/qualitygates/project_status?analysisId=$analysisId" -o result.txt; #Analysis result like critical, major and minor issues
        export result=$(cat result.txt | jq -r '.projectStatus.status');

        if [ "$result" == "ERROR" ];then
          echo -e "91mSONAR RESULTS FAILED";
          echo "$(cat result.txt | jq -r '.projectStatus.conditions')"; #prints the critical, major and minor violations
          exit 1 #breaks the build for violations
        else
          echo -e "SONAR RESULTS SUCCESSFUL";
          echo "$(cat result.txt | jq -r '.projectStatus.conditions')";
          exit 0
        fi
      else
          echo -e "e[91mSONAR ANALYSIS FAILEDe[0m";
          exit 1 #breaks the build for failure in Step2
      fi
  tags:
    - docker

Fichye .gitlab-ci.yml la pa pafè. Teste si travay optik nan sonarqube te fini ak estati a: "SIKSÈ". Jiskaprezan pa te gen lòt estati. Le pli vit ke gen lòt estati, mwen pral korije .gitlab-ci.yml nan pòs sa a.

Montre estati kontwòl kalite kòd sous la sou paj prensipal pwojè a

Enstale Plugin la pou SonarQube

yum install -y sonarqube-qualinsight-badges

Nou ale nan SonarQube nan http://172.26.9.115:9000/
Kreye yon itilizatè regilye, pou egzanp "badj".
Konekte sou SonarQube anba itilizatè sa a.

Ale nan "Kont mwen an", kreye yon nouvo siy, pou egzanp ak non "read_all_repository" epi klike sou "Genereate".

Nou wè ke yon siy te parèt. Li pral parèt sèlman 1 fwa.

Konekte kòm administratè.

Ale nan Konfigirasyon -> Badj SVG

Kopi siy sa a nan jaden "Siy badj Aktivite" epi klike sou bouton sove a.

Ale nan Administrasyon -> Sekirite -> Modèl Pèmisyon -> Modèl Default (ak lòt modèl ou pral genyen).

Itilizatè badj yo dwe make kaz "Browse".

Tès.

Pa egzanp, ann pran pwojè a https://github.com/jitpack/maven-simple.

Ann enpòte pwojè sa a.

Ajoute .gitlab-ci.yml fichye a nan rasin pwojè a ak kontni sa a.

variables:
  MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
  MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
  SONAR_HOST_URL: "http://172.26.9.115:9000"
  LOGIN: "admin" # логин sonarqube
  PASSWORD: "admin" # пароль sonarqube

cache:
  paths:
    - .m2/repository

build:
  image: maven:3.3.9-jdk-8
  stage: build
  script:
    - mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
    - mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
  tags:
    - docker

Nan SonarQube pwojè a pral sanble sa a:

Ajoute sak nan README.md epi yo pral sanble sa a:

Kòd ekspozisyon badj yo sanble sa a:

Analize kòd ekspozisyon badj yo:

[![Quality Gate](http://172.26.9.115:9000/api/badges/gate?key=com.github.jitpack:maven-simple)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![Название](http://172.26.9.115:9000/api/badges/gate?key=Project Key)](http://172.26.9.115:9000/dashboard?id=id-проекта)
[![Coverage](http://172.26.9.115:9000/api/badges/measure?key=com.github.jitpack:maven-simple&metric=coverage)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![Название Метрики](http://172.26.9.115:9000/api/badges/measure?key=Project Key&metric=МЕТРИКА)](http://172.26.9.115:9000/dashboard?id=id-проекта)

Ki kote pou jwenn/tcheke Kle Pwojè ak id pwojè.

Kle Pwojè a se nan pati anba a dwat. URL la gen id pwojè a.

Opsyon pou jwenn mezi yo kapab gade isit la.

Tout demann rale pou amelyorasyon, ranje ensèk soumèt nan depo sa a.

Telegram chat sou SonarQube https://t.me/sonarqube_ru
Telegram chat sou DevSecOps - sekirite DevOps https://t.me/sec_devops

Sous: www.habr.com