SonarQube waa madal hubinta tayada koodhka isha furan oo taageerta luuqado badan oo barnaamijyo ah oo bixisa ka warbixinta cabbirada sida nuqulka koodhka, u hogaansanaanta heerarka koodka, caymiska tijaabada, kakanaanta koodka, dhiqlaha iman kara, iyo in ka badan. SonarQube waxay si ku habboon u sawirtaa natiijooyinka falanqaynta waxayna kuu oggolaaneysaa inaad la socoto dhaqdhaqaaqa horumarinta mashruuca waqti ka dib.
Ujeedada: Tus horumariyeyaasha heerka xakamaynta tayada koodhka isha ee SonarQube.
Waxaa jira laba xal:
- Samee qoraal si aad u hubiso heerka koontaroolka tayada summada isha ee SonarQube. Haddii xakamaynta tayada koodhka isha ee SonarQube aanu dhaafin, ka dibna fashilanto kulanka.
- Muuji heerka koontaroolka tayada summada isha ee bogga mashruuca ugu weyn.
Ku rakibida SonarQube
Si loo rakibo sonarqube ka xirmooyinka rpm, waxaan isticmaali doonaa kaydka .
Aan ku rakibno xirmada oo wadata kaydka CentOS 7.
yum install -y https://harbottle.gitlab.io/harbottle-main/7/x86_64/harbottle-main-release.rpmWaxaan rakibnaa sonarqube lafteeda.
yum install -y sonarqubeInta lagu jiro rakibidda, plugins-yada badankood waa la rakibi doonaa, laakiin waxaad u baahan tahay inaad ku rakibto findbugs iyo pMD
yum install -y sonarqube-findbugs sonarqube-pmdBilow adeegga oo ku dar bilow
systemctl start sonarqube
systemctl enable sonarqubeHaddii ay wakhti dheer qaadato in la soo shubo, ka dib ku dar koronto dhaliyaha nambarka random /dev/./urandom dhamaadka xulashada sonar.web.javaOpts
sonar.web.javaOpts=Π΄ΡΡΠ³ΠΈΠ΅ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΡ -Djava.security.egd=file:/dev/urandomKu socodsiinta qoraal si aad u hubiso heerka xakamaynta tayada koodhka isha ee SonarQube.
Nasiib darro, plugin sonar-break-maven-plugin lama cusboonaysiin muddo dheer. Haddaba aan qorno qoraalkeenna.
Baaritaanka waxaan u isticmaali doonaa kaydka .
Soo dejinta Gitlab Kudar faylka .gitlab-ci.yml:
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.226:9000"
LOGIN: "admin" # Π»ΠΎΠ³ΠΈΠ½ sonarqube
PASSWORD: "admin" # ΠΏΠ°ΡΠΎΠ»Ρ sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- apt install -y jq || true
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
- export URL=$(cat target/sonar/report-task.txt | grep ceTaskUrl | cut -c11- ) #URL where report gets stored
- echo $URL
- |
while : ;do
curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED, IN_PROGRESS or FAILED
echo $status
if [ ${status} == "SUCCESS" ];then
echo "SONAR ANALYSIS SUCCESS";
break
fi
sleep 5
done
- curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
- export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED or FAILED
- export analysisId=$(cat analysis.txt | jq -r '.task.analysisId') #Get the analysis Id
- |
if [ "$status" == "SUCCESS" ]; then
echo -e "SONAR ANALYSIS SUCCESSFUL...ANALYSING RESULTS";
curl -k -u "$LOGIN":"$PASSWORD" "$SONAR_HOST_URL/api/qualitygates/project_status?analysisId=$analysisId" -o result.txt; #Analysis result like critical, major and minor issues
export result=$(cat result.txt | jq -r '.projectStatus.status');
if [ "$result" == "ERROR" ];then
echo -e "91mSONAR RESULTS FAILED";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')"; #prints the critical, major and minor violations
exit 1 #breaks the build for violations
else
echo -e "SONAR RESULTS SUCCESSFUL";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')";
exit 0
fi
else
echo -e "e[91mSONAR ANALYSIS FAILEDe[0m";
exit 1 #breaks the build for failure in Step2
fi
tags:
- dockerFaylka .gitlab-ci.yml ma qummana. La tijaabiyay haddii hawlaha iskaanka ee sonarqube ay ku dhammaadeen heerka: "GUUL". Ilaa hadda ma jiraan maqaam kale. Isla marka ay jiraan xaalado kale, waxaan ku sixi doonaa .gitlab-ci.yml qoraalkan.
Muujinaya heerka koontaroolka tayada koodhka isha ee bogga mashruuca ugu weyn
Ku rakibida plugin ee SonarQube
yum install -y sonarqube-qualinsight-badgesWaxaan aadeynaa SonarQube at
Abuur isticmaale joogto ah, tusaale ahaan "calaamadaha".
Soo gal SonarQube hoosta isticmaalaha.
Tag "Akoonkayga", samee calaamad cusub, tusaale ahaan magaca "read_all_repository" oo dhagsii "Abuur".
Waxaan aragnaa in calaamad ay soo baxday. Waxa uu soo muuqan doonaa kaliya 1 mar.
Soo gal maamul ahaan
Tag Qaab-dhismeedka -> Calaamadaha SVG
Ku koobbi calaamaddan gudaha "calaamadaha dhaqdhaqaaqa" oo guji badhanka kaydinta.
Tag Maamulka -> Amniga -> Qaababka Oggolaanshaha -> Qaab-dhismeedka caadiga ah (iyo qaabab kale oo aad yeelan doonto).
Isticmaalaha calaamaduhu waa inuu lahaadaa "Browse" sanduuqa calaamadaynta.
Tijaabinta.
Tusaale ahaan, aynu soo qaadano mashruuca .
Aan soo dejino mashruucan.
Ku dar faylka .gitlab-ci.yml xididka mashruuca oo wata nuxurka soo socda.
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.115:9000"
LOGIN: "admin" # Π»ΠΎΠ³ΠΈΠ½ sonarqube
PASSWORD: "admin" # ΠΏΠ°ΡΠΎΠ»Ρ sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
tags:
- dockerGudaha SonarQube mashruucu wuxuu u ekaan doonaa sidan:
Ku dar bacaha README.md waxayna u ekaan doonaan sidan:
Koodhka muujinta calaamaduhu wuxuu u eg yahay sidan:
Falanqaynta xudduudaha soo bandhigay:
[](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[](http://172.26.9.115:9000/dashboard?id=id-ΠΏΡΠΎΠ΅ΠΊΡΠ°)
[](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[](http://172.26.9.115:9000/dashboard?id=id-ΠΏΡΠΎΠ΅ΠΊΡΠ°)Halka laga helayo/ka hubinayo Furaha Mashruuca iyo aqoonsiga mashruuca.
Furaha Mashruuca waxa uu ku yaalaa dhanka midig ee hoose. URL waxa ku jira aqoonsiga mashruuca
Ikhtiyaarada helitaanka cabbirada waxay noqon karaan .
Dhammaan codsiyada soo jiidashada hagaajinta, hagaajinta cayayaanka .
Telegram ka sheekeysta SonarQube
Telegram ka sheekee ku saabsan DevSecOps - ammaan ah DevOps
Source: www.habr.com