SonarQube waa madal hubinta tayada koodhka isha furan oo taageerta luuqado badan oo barnaamijyo ah oo bixisa ka warbixinta cabbirada sida nuqulka koodhka, u hogaansanaanta heerarka koodka, caymiska tijaabada, kakanaanta koodka, dhiqlaha iman kara, iyo in ka badan. SonarQube waxay si ku habboon u sawirtaa natiijooyinka falanqaynta waxayna kuu oggolaaneysaa inaad la socoto dhaqdhaqaaqa horumarinta mashruuca waqti ka dib.
Ujeedada: Tus horumariyeyaasha heerka xakamaynta tayada koodhka isha ee SonarQube.
Waxaa jira laba xal:
- Samee qoraal si aad u hubiso heerka koontaroolka tayada summada isha ee SonarQube. Haddii xakamaynta tayada koodhka isha ee SonarQube aanu dhaafin, ka dibna fashilanto kulanka.
- Muuji heerka koontaroolka tayada summada isha ee bogga mashruuca ugu weyn.
Ku rakibida SonarQube
Si loo rakibo sonarqube ka xirmooyinka rpm, waxaan isticmaali doonaa kaydka
Aan ku rakibno xirmada oo wadata kaydka CentOS 7.
yum install -y https://harbottle.gitlab.io/harbottle-main/7/x86_64/harbottle-main-release.rpm
Waxaan rakibnaa sonarqube lafteeda.
yum install -y sonarqube
Inta lagu jiro rakibidda, plugins-yada badankood waa la rakibi doonaa, laakiin waxaad u baahan tahay inaad ku rakibto findbugs iyo pMD
yum install -y sonarqube-findbugs sonarqube-pmd
Bilow adeegga oo ku dar bilow
systemctl start sonarqube
systemctl enable sonarqube
Haddii ay wakhti dheer qaadato in la soo shubo, ka dib ku dar koronto dhaliyaha nambarka random /dev/./urandom dhamaadka xulashada sonar.web.javaOpts
sonar.web.javaOpts=Π΄ΡΡΠ³ΠΈΠ΅ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΡ -Djava.security.egd=file:/dev/urandom
Ku socodsiinta qoraal si aad u hubiso heerka xakamaynta tayada koodhka isha ee SonarQube.
Nasiib darro, plugin sonar-break-maven-plugin lama cusboonaysiin muddo dheer. Haddaba aan qorno qoraalkeenna.
Baaritaanka waxaan u isticmaali doonaa kaydka
Soo dejinta Gitlab Kudar faylka .gitlab-ci.yml:
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.226:9000"
LOGIN: "admin" # Π»ΠΎΠ³ΠΈΠ½ sonarqube
PASSWORD: "admin" # ΠΏΠ°ΡΠΎΠ»Ρ sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- apt install -y jq || true
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
- export URL=$(cat target/sonar/report-task.txt | grep ceTaskUrl | cut -c11- ) #URL where report gets stored
- echo $URL
- |
while : ;do
curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED, IN_PROGRESS or FAILED
echo $status
if [ ${status} == "SUCCESS" ];then
echo "SONAR ANALYSIS SUCCESS";
break
fi
sleep 5
done
- curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
- export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED or FAILED
- export analysisId=$(cat analysis.txt | jq -r '.task.analysisId') #Get the analysis Id
- |
if [ "$status" == "SUCCESS" ]; then
echo -e "SONAR ANALYSIS SUCCESSFUL...ANALYSING RESULTS";
curl -k -u "$LOGIN":"$PASSWORD" "$SONAR_HOST_URL/api/qualitygates/project_status?analysisId=$analysisId" -o result.txt; #Analysis result like critical, major and minor issues
export result=$(cat result.txt | jq -r '.projectStatus.status');
if [ "$result" == "ERROR" ];then
echo -e "91mSONAR RESULTS FAILED";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')"; #prints the critical, major and minor violations
exit 1 #breaks the build for violations
else
echo -e "SONAR RESULTS SUCCESSFUL";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')";
exit 0
fi
else
echo -e "e[91mSONAR ANALYSIS FAILEDe[0m";
exit 1 #breaks the build for failure in Step2
fi
tags:
- docker
Faylka .gitlab-ci.yml ma qummana. La tijaabiyay haddii hawlaha iskaanka ee sonarqube ay ku dhammaadeen heerka: "GUUL". Ilaa hadda ma jiraan maqaam kale. Isla marka ay jiraan xaalado kale, waxaan ku sixi doonaa .gitlab-ci.yml qoraalkan.
Muujinaya heerka koontaroolka tayada koodhka isha ee bogga mashruuca ugu weyn
Ku rakibida plugin ee SonarQube
yum install -y sonarqube-qualinsight-badges
Waxaan aadeynaa SonarQube at
Abuur isticmaale joogto ah, tusaale ahaan "calaamadaha".
Soo gal SonarQube hoosta isticmaalaha.
Tag "Akoonkayga", samee calaamad cusub, tusaale ahaan magaca "read_all_repository" oo dhagsii "Abuur".
Waxaan aragnaa in calaamad ay soo baxday. Waxa uu soo muuqan doonaa kaliya 1 mar.
Soo gal maamul ahaan
Tag Qaab-dhismeedka -> Calaamadaha SVG
Ku koobbi calaamaddan gudaha "calaamadaha dhaqdhaqaaqa" oo guji badhanka kaydinta.
Tag Maamulka -> Amniga -> Qaababka Oggolaanshaha -> Qaab-dhismeedka caadiga ah (iyo qaabab kale oo aad yeelan doonto).
Isticmaalaha calaamaduhu waa inuu lahaadaa "Browse" sanduuqa calaamadaynta.
Tijaabinta.
Tusaale ahaan, aynu soo qaadano mashruuca
Aan soo dejino mashruucan.
Ku dar faylka .gitlab-ci.yml xididka mashruuca oo wata nuxurka soo socda.
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.115:9000"
LOGIN: "admin" # Π»ΠΎΠ³ΠΈΠ½ sonarqube
PASSWORD: "admin" # ΠΏΠ°ΡΠΎΠ»Ρ sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
tags:
- docker
Gudaha SonarQube mashruucu wuxuu u ekaan doonaa sidan:
Ku dar bacaha README.md waxayna u ekaan doonaan sidan:
Koodhka muujinta calaamaduhu wuxuu u eg yahay sidan:
Falanqaynta xudduudaha soo bandhigay:
[![Quality Gate](http://172.26.9.115:9000/api/badges/gate?key=com.github.jitpack:maven-simple)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![ΠΠ°Π·Π²Π°Π½ΠΈΠ΅](http://172.26.9.115:9000/api/badges/gate?key=Project Key)](http://172.26.9.115:9000/dashboard?id=id-ΠΏΡΠΎΠ΅ΠΊΡΠ°)
[![Coverage](http://172.26.9.115:9000/api/badges/measure?key=com.github.jitpack:maven-simple&metric=coverage)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![ΠΠ°Π·Π²Π°Π½ΠΈΠ΅ ΠΠ΅ΡΡΠΈΠΊΠΈ](http://172.26.9.115:9000/api/badges/measure?key=Project Key&metric=ΠΠΠ’Π ΠΠΠ)](http://172.26.9.115:9000/dashboard?id=id-ΠΏΡΠΎΠ΅ΠΊΡΠ°)
Halka laga helayo/ka hubinayo Furaha Mashruuca iyo aqoonsiga mashruuca.
Furaha Mashruuca waxa uu ku yaalaa dhanka midig ee hoose. URL waxa ku jira aqoonsiga mashruuca
Ikhtiyaarada helitaanka cabbirada waxay noqon karaan
Dhammaan codsiyada soo jiidashada hagaajinta, hagaajinta cayayaanka
Telegram ka sheekeysta SonarQube
Telegram ka sheekee ku saabsan DevSecOps - ammaan ah DevOps
Source: www.habr.com