SonarQube ืืื ืคืืืคืืจืืช ืืืืืช ืืืืืช ืงืื ืคืชืื ืืชืืืืช ืืืืืื ืจืื ืฉื ืฉืคืืช ืชืื ืืช ืืืกืคืงืช ืืืืื ืขื ืืืืื ืืืื ืฉืืคืื ืงืื, ืชืืืืืช ืืชืงื ื ืงืืืื, ืืืกืื ืืืืงืืช, ืืืจืืืืช ืงืื, ืืืืื ืคืืื ืฆืืืืืื ืืขืื. SonarQube ืืืืืื ืืฆืืจื ื ืืื ืืช ืชืืฆืืืช ืื ืืชืื ืืืืคืฉืจ ืื ืืขืงืื ืืืจ ืืืื ืืืงื ืฉื ืคืืชืื ืืคืจืืืงื ืืืืจื ืืื.
ืืืืจื: ืืฆื ืืืคืชืืื ืืช ืืืฆื ืฉื ืืงืจืช ืืืืืช ืงืื ืืืงืืจ ื- SonarQube.
ืืฉ ืฉื ื ืคืชืจืื ืืช:
- ืืคืขื ืกืงืจืืคื ืืื ืืืืืง ืืช ืืฆื ืืงืจืช ืืืืืช ืงืื ืืืงืืจ ื- SonarQube. ืื ืืงืจืช ืืืืืืช ืฉื ืงืื ืืืงืืจ ื- SonarQube ืื ืขืืืจืช, ืื ื ืืฉื ืืืจืืื.
- ืืฆื ืืช ืืฆื ืืงืจืช ืืืืืืช ืฉื ืงืื ืืืงืืจ ืืืฃ ืืคืจืืืงื ืืจืืฉื.
ืืชืงื ืช SonarQube
ืืื ืืืชืงืื ืืช sonarqube ืืืืืืืช rpm, ื ืฉืชืืฉ ืืืืืจ
ืืืื ื ืชืงืื ืืช ืืืืืื ืขื ืืืืืจ ืขืืืจ CentOS 7.
yum install -y https://harbottle.gitlab.io/harbottle-main/7/x86_64/harbottle-main-release.rpm
ืื ื ืืชืงืื ืื ืืช sonarqube ืขืฆืื.
yum install -y sonarqube
ืืืืื ืืืชืงื ื, ืจืื ืืชืืกืคืื ืืืชืงื ื, ืื ืขืืื ืืืชืงืื findbugs ื-pmd
yum install -y sonarqube-findbugs sonarqube-pmd
ืืคืขื ืืช ืืฉืืจืืช ืืืืกืฃ ืืืชื ืืืคืขืื
systemctl start sonarqube
systemctl enable sonarqube
ืื ืืืงื ืืจืื ืืื ืืืขืื, ืืืกืฃ ืืืืื ืืกืคืจืื ืืงืจืืืื /dev/./urandom ืืกืืฃ ืืืคืฉืจืืืืช sonar.web.javaOpts
sonar.web.javaOpts=ะดััะณะธะต ะฟะฐัะฐะผะตััั -Djava.security.egd=file:/dev/urandom
ืืคืขืืช ืกืงืจืืคื ืืืืืงืช ืืฆื ืืงืจืช ืืืืืช ืงืื ืืืงืืจ ื- SonarQube.
ืืืจืื ืืฆืขืจ, ืชืืกืฃ sonar-break-maven-plugin ืื ืขืืืื ืืืฉื ืืื ืจื. ืื ืืืื ื ืืชืื ืชืกืจืื ืืฉืื ื.
ืืืืืงื ื ืฉืชืืฉ ืืืืืจ
ืืืืื ืืชืื Gitlab. ืืืกืฃ ืืช ืืงืืืฅ .gitlab-ci.yml:
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.226:9000"
LOGIN: "admin" # ะปะพะณะธะฝ sonarqube
PASSWORD: "admin" # ะฟะฐัะพะปั sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- apt install -y jq || true
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
- export URL=$(cat target/sonar/report-task.txt | grep ceTaskUrl | cut -c11- ) #URL where report gets stored
- echo $URL
- |
while : ;do
curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED, IN_PROGRESS or FAILED
echo $status
if [ ${status} == "SUCCESS" ];then
echo "SONAR ANALYSIS SUCCESS";
break
fi
sleep 5
done
- curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
- export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED or FAILED
- export analysisId=$(cat analysis.txt | jq -r '.task.analysisId') #Get the analysis Id
- |
if [ "$status" == "SUCCESS" ]; then
echo -e "SONAR ANALYSIS SUCCESSFUL...ANALYSING RESULTS";
curl -k -u "$LOGIN":"$PASSWORD" "$SONAR_HOST_URL/api/qualitygates/project_status?analysisId=$analysisId" -o result.txt; #Analysis result like critical, major and minor issues
export result=$(cat result.txt | jq -r '.projectStatus.status');
if [ "$result" == "ERROR" ];then
echo -e "91mSONAR RESULTS FAILED";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')"; #prints the critical, major and minor violations
exit 1 #breaks the build for violations
else
echo -e "SONAR RESULTS SUCCESSFUL";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')";
exit 0
fi
else
echo -e "e[91mSONAR ANALYSIS FAILEDe[0m";
exit 1 #breaks the build for failure in Step2
fi
tags:
- docker
ืงืืืฅ .gitlab-ci.yml ืืื ื ืืืฉืื. ื ืืืง ืื ืืฉืืืืช ืกืจืืงื ื-sonarqube ืืกืชืืืื ืืกืืืืก: "ืืฆืืื". ืขื ืื ืื ืืื ืกืืืืกืื ืืืจืื. ืืจืืข ืฉืืืื ืกืืืืกืื ืืืจืื, ืื ื ืืชืงื ืืช .gitlab-ci.yml ืืคืืกื ืืื.
ืืฆืืช ืืฆื ืืงืจืช ืืืืืช ืงืื ืืืงืืจ ืืขืืื ืืคืจืืืงื ืืจืืฉื
ืืชืงื ืช ืืคืืืืื ืขืืืจ SonarQube
yum install -y sonarqube-qualinsight-badges
ืื ืื ื ืืืืืื ื- SonarQube ืืฉืขื
ืฆืืจ ืืฉืชืืฉ ืจืืื, ืืืฉื "ืชืืื".
ืืชืืืจ ืื SonarQube ืชืืช ืืฉืชืืฉ ืื.
ืขืืืจ ืื "ืืืฉืืื ืฉืื", ืฆืืจ ืืกืืืื ืืืฉ, ืืืฉื ืืฉื "read_all_repository" ืืืืฅ ืขื "ืฆืืจ".
ืื ื ืจืืืื ืฉืืืคืืข ืืกืืืื. ืืื ืืืคืืข ืจืง ืคืขื ืืืช.
ืืชืืืจ ืืื ืื.
ืขืืืจ ืื ืชืฆืืจื -> ืชืื SVG
ืืขืชืง ืืช ืืืกืืืื ืืื ืืฉืื "ืืกืืืื ืชื ืคืขืืืืช" ืืืืฅ ืขื ืืคืชืืจ ืืฉืืืจื.
ืขืืืจ ืื ื ืืืื -> ืืืืื -> ืชืื ืืืช ืืจืฉืืืช -> ืชืื ืืช ืืจืืจืช ืืืื (ืืชืื ืืืช ืืืจืืช ืฉืืืื ืื).
ืขื ืืฉืชืืฉ ืืชืืื ืืกืื ืืช ืชืืืช ืืกืืืื "ืขืืื".
ืืืืงื
ืืืืืื, ื ืืงื ืืช ืืคืจืืืงื
ืืืื ืืืืื ืืช ืืคืจืืืงื ืืื.
ืืืกืฃ ืืช ืืงืืืฅ .gitlab-ci.yml ืืฉืืจืฉ ืืคืจืืืงื ืขื ืืชืืื ืืื.
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.115:9000"
LOGIN: "admin" # ะปะพะณะธะฝ sonarqube
PASSWORD: "admin" # ะฟะฐัะพะปั sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
tags:
- docker
ื- SonarQube ืืคืจืืืงื ืืืจืื ืื:
ืืืกืฃ ืชืืงืื ื-README.md ืืื ืืืจืื ืื:
ืงืื ืืชืฆืืื ืฉื ืืชืืื ื ืจืื ืื:
ื ืืชืื ืืืจืืืช ืชืฆืืืช ืืชืืื:
[![Quality Gate](http://172.26.9.115:9000/api/badges/gate?key=com.github.jitpack:maven-simple)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![ะะฐะทะฒะฐะฝะธะต](http://172.26.9.115:9000/api/badges/gate?key=Project Key)](http://172.26.9.115:9000/dashboard?id=id-ะฟัะพะตะบัะฐ)
[![Coverage](http://172.26.9.115:9000/api/badges/measure?key=com.github.jitpack:maven-simple&metric=coverage)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![ะะฐะทะฒะฐะฝะธะต ะะตััะธะบะธ](http://172.26.9.115:9000/api/badges/measure?key=Project Key&metric=ะะะขะ ะะะ)](http://172.26.9.115:9000/dashboard?id=id-ะฟัะพะตะบัะฐ)
ืืืื ื ืืชื ืืืฉืื/ืืืืืง ืืช ืืคืชื ืืคืจืืืงื ืืืืื ืืคืจืืืงื.
ืืคืชื ืืคืจืืืงื ื ืืฆื ืืคืื ื ืืฉืืืืืช ืืชืืชืื ื. ืืชืืืช ืืืชืจ ืืืืื ืืช ืืืื ืืคืจืืืงื.
ืืคืฉืจืืืืช ืืงืืืช ืืืืื ืืืืืืช ืืืืืช
ืื ืืงืฉืืช ืืืฉืืื ืืฉืืคืืจืื, ืชืืงืื ื ืืืืื
ืฆ'ืื ืืืืืจื ืขื SonarQube
ืฆ'ืื ืืืืืจื ืขื DevSecOps - DevOps ืืืืืื
ืืงืืจ: www.habr.com