🥇Nampilkeun status kontrol kualitas kode sumber di SonarQube ka pamekar

SonarQube mangrupikeun platform jaminan kualitas kode sumber terbuka anu ngadukung rupa-rupa basa pamrograman sareng nyayogikeun laporan ngeunaan métrik sapertos duplikasi kode, patuh standar coding, sinyalna tés, kompleksitas kode, bug poténsial, sareng seueur deui. SonarQube gampang ngabayangkeun hasil analisa sareng ngamungkinkeun anjeun pikeun ngalacak dinamika pangwangunan proyék dina waktosna.

Tujuan: Témbongkeun pamekar status kontrol kualitas kode sumber di SonarQube.

Aya dua solusi:

Jalankeun skrip pikeun pariksa status kontrol kualitas kode sumber di SonarQube. Lamun kadali kualitas kode sumber di SonarQube teu lulus, lajeng gagal assembly.
Témbongkeun status kontrol kualitas kode sumber dina kaca proyék utama.

Masang SonarQube

Pikeun masang sonarqube tina bungkusan rpm, kami bakal nganggo gudang https://harbottle.gitlab.io/harbottle-main.

Hayu urang pasang pakét sareng gudang pikeun CentOS 7.

yum install -y https://harbottle.gitlab.io/harbottle-main/7/x86_64/harbottle-main-release.rpm

Urang install sonarqube sorangan.

yum install -y sonarqube

Salila instalasi, paling plugins bakal dipasang, tapi anjeun kudu install findbugs na pmd

yum install -y sonarqube-findbugs sonarqube-pmd

Jalankeun jasa sareng tambahkeun kana ngamimitian

systemctl start sonarqube
systemctl enable sonarqube

Lamun butuh waktu lila pikeun muka, lajeng nambahkeun generator angka acak /dev/./urandom ka tungtung pilihan sonar.web.javaOpts

sonar.web.javaOpts=другие параметры -Djava.security.egd=file:/dev/urandom

Ngajalankeun naskah pikeun pariksa status kontrol kualitas kode sumber di SonarQube.

Hanjakalna, plugin sonar-break-maven-plugin parantos lami teu diropéa. Ku kituna hayu urang nulis naskah sorangan.

Pikeun nguji kami bakal nganggo Repository https://github.com/uweplonus/spotbugs-examples.

Ngimpor kana Gitlab. Tambahkeun file .gitlab-ci.yml:

variables:
  MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
  MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
  SONAR_HOST_URL: "http://172.26.9.226:9000"
  LOGIN: "admin" # логин sonarqube
  PASSWORD: "admin" # пароль sonarqube

cache:
  paths:
    - .m2/repository

build:
  image: maven:3.3.9-jdk-8
  stage: build
  script:
    - apt install -y jq || true
    - mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
    - mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
    - export URL=$(cat target/sonar/report-task.txt | grep ceTaskUrl | cut -c11- ) #URL where report gets stored
    - echo $URL
    - |
      while : ;do
          curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
          export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED, IN_PROGRESS or FAILED
          echo $status
          if [ ${status} == "SUCCESS" ];then
            echo "SONAR ANALYSIS SUCCESS";
            break
          fi
          sleep 5
      done
    - curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
    - export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED or FAILED
    - export analysisId=$(cat analysis.txt | jq -r '.task.analysisId') #Get the analysis Id
    - |
      if [ "$status" == "SUCCESS" ]; then
        echo -e "SONAR ANALYSIS SUCCESSFUL...ANALYSING RESULTS";
        curl -k -u "$LOGIN":"$PASSWORD" "$SONAR_HOST_URL/api/qualitygates/project_status?analysisId=$analysisId" -o result.txt; #Analysis result like critical, major and minor issues
        export result=$(cat result.txt | jq -r '.projectStatus.status');

        if [ "$result" == "ERROR" ];then
          echo -e "91mSONAR RESULTS FAILED";
          echo "$(cat result.txt | jq -r '.projectStatus.conditions')"; #prints the critical, major and minor violations
          exit 1 #breaks the build for violations
        else
          echo -e "SONAR RESULTS SUCCESSFUL";
          echo "$(cat result.txt | jq -r '.projectStatus.conditions')";
          exit 0
        fi
      else
          echo -e "e[91mSONAR ANALYSIS FAILEDe[0m";
          exit 1 #breaks the build for failure in Step2
      fi
  tags:
    - docker

file .gitlab-ci.yml teu sampurna. Diuji lamun tugas scanning dina sonarqube dipungkas ku status: "SUCCESS". Sajauh ieu can aya status séjén. Pas aya statuses séjén, Kuring baris ngabenerkeun .gitlab-ci.yml dina pos ieu.

Mintonkeun status kontrol kualitas kode sumber dina kaca proyék utama

Masang plugin pikeun SonarQube

yum install -y sonarqube-qualinsight-badges

Urang buka SonarQube di http://172.26.9.115:9000/
Jieun pamaké biasa, contona "badges".
Asup kana SonarQube handapeun pamaké ieu.

Pindah ka "Akun abdi", jieun token anyar, contona nganggo nami "read_all_repository" teras klik "Genereate".

Kami ningali yén token parantos muncul. Anjeunna bakal muncul ngan 1 waktos.

Pindah ka Konfigurasi -> Lencana SVG

Salin token ieu kana widang "Token lencana kagiatan" teras klik tombol simpen.

Pindah ka Administrasi -> Kaamanan -> Témplat Idin -> Citakan standar (sareng témplat sanés anu anjeun gaduh).

Pamaké lencana kedah gaduh kotak centang "Browse".

Nguji.

Contona, hayu urang nyandak proyek https://github.com/jitpack/maven-simple.

Hayu urang ngimpor proyék ieu.

Tambahkeun file .gitlab-ci.yml kana akar proyék kalawan eusi handap.

variables:
  MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
  MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
  SONAR_HOST_URL: "http://172.26.9.115:9000"
  LOGIN: "admin" # логин sonarqube
  PASSWORD: "admin" # пароль sonarqube

cache:
  paths:
    - .m2/repository

build:
  image: maven:3.3.9-jdk-8
  stage: build
  script:
    - mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
    - mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
  tags:
    - docker

Dina SonarQube proyékna bakal siga kieu:

Tambihkeun kantong ka README.md sareng aranjeunna bakal siga kieu:

Kode tampilan badges sapertos kieu:

Parsing string tampilan lencana:

[![Quality Gate](http://172.26.9.115:9000/api/badges/gate?key=com.github.jitpack:maven-simple)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![Название](http://172.26.9.115:9000/api/badges/gate?key=Project Key)](http://172.26.9.115:9000/dashboard?id=id-проекта)
[![Coverage](http://172.26.9.115:9000/api/badges/measure?key=com.github.jitpack:maven-simple&metric=coverage)](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[![Название Метрики](http://172.26.9.115:9000/api/badges/measure?key=Project Key&metric=МЕТРИКА)](http://172.26.9.115:9000/dashboard?id=id-проекта)

Dimana kéngingkeun / pariksa Project Key sareng id proyék.

Project Key aya di katuhu handap. URL ngandung id proyék.