SonarQube - bu ochiq kodli kod sifatini ta'minlash platformasi bo'lib, keng ko'lamli dasturlash tillarini qo'llab-quvvatlaydi va kodlarni takrorlash, kodlash standartlariga muvofiqligi, test qamrovi, kod murakkabligi, yuzaga kelishi mumkin bo'lgan xatolar va boshqalar kabi ko'rsatkichlar bo'yicha hisobot beradi. SonarQube qulay tarzda tahlil natijalarini vizualizatsiya qiladi va vaqt o'tishi bilan loyihani ishlab chiqish dinamikasini kuzatish imkonini beradi.
Maqsad: Ishlab chiquvchilarga SonarQube-da manba kodi sifatini nazorat qilish holatini ko'rsatish.
Ikkita yechim bor:
- SonarQube-da manba kodi sifatini nazorat qilish holatini tekshirish uchun skriptni ishga tushiring. Agar SonarQube-da manba kodining sifat nazorati o'tmasa, yig'ilish muvaffaqiyatsiz tugadi.
- Loyihaning asosiy sahifasida manba kodi sifatini nazorat qilish holatini ko'rsatish.
SonarQube o'rnatilmoqda
Sonarqube-ni rpm paketlaridan o'rnatish uchun biz ombordan foydalanamiz .
Keling, paketni CentOS 7 uchun ombor bilan o'rnatamiz.
yum install -y https://harbottle.gitlab.io/harbottle-main/7/x86_64/harbottle-main-release.rpmBiz sonarqube-ning o'zini o'rnatamiz.
yum install -y sonarqubeO'rnatish vaqtida ko'pchilik plaginlar o'rnatiladi, ammo findbugs va pmd-ni o'rnatishingiz kerak
yum install -y sonarqube-findbugs sonarqube-pmdXizmatni ishga tushiring va uni ishga tushirishga qo'shing
systemctl start sonarqube
systemctl enable sonarqubeAgar yuklash uchun uzoq vaqt kerak bo'lsa, sonar.web.javaOpts opsiyalarining oxiriga tasodifiy sonlar generatorini /dev/./urandom qo'shing.
sonar.web.javaOpts=другие параметры -Djava.security.egd=file:/dev/urandomSonarQube-da manba kodi sifatini nazorat qilish holatini tekshirish uchun skriptni ishga tushirish.
Afsuski, sonar-break-maven-plugin plagini uzoq vaqt davomida yangilanmagan. Shunday qilib, keling, o'z skriptimizni yozaylik.
Sinov uchun biz ombordan foydalanamiz .
Gitlabga import qilish. .gitlab-ci.yml faylini qo'shing:
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.226:9000"
LOGIN: "admin" # логин sonarqube
PASSWORD: "admin" # пароль sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- apt install -y jq || true
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
- export URL=$(cat target/sonar/report-task.txt | grep ceTaskUrl | cut -c11- ) #URL where report gets stored
- echo $URL
- |
while : ;do
curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED, IN_PROGRESS or FAILED
echo $status
if [ ${status} == "SUCCESS" ];then
echo "SONAR ANALYSIS SUCCESS";
break
fi
sleep 5
done
- curl -k -u "$LOGIN":"$PASSWORD" "$URL" -o analysis.txt
- export status=$(cat analysis.txt | jq -r '.task.status') #Status as SUCCESS, CANCELED or FAILED
- export analysisId=$(cat analysis.txt | jq -r '.task.analysisId') #Get the analysis Id
- |
if [ "$status" == "SUCCESS" ]; then
echo -e "SONAR ANALYSIS SUCCESSFUL...ANALYSING RESULTS";
curl -k -u "$LOGIN":"$PASSWORD" "$SONAR_HOST_URL/api/qualitygates/project_status?analysisId=$analysisId" -o result.txt; #Analysis result like critical, major and minor issues
export result=$(cat result.txt | jq -r '.projectStatus.status');
if [ "$result" == "ERROR" ];then
echo -e "91mSONAR RESULTS FAILED";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')"; #prints the critical, major and minor violations
exit 1 #breaks the build for violations
else
echo -e "SONAR RESULTS SUCCESSFUL";
echo "$(cat result.txt | jq -r '.projectStatus.conditions')";
exit 0
fi
else
echo -e "e[91mSONAR ANALYSIS FAILEDe[0m";
exit 1 #breaks the build for failure in Step2
fi
tags:
- docker.gitlab-ci.yml fayli mukammal emas. Sonarqube-dagi skanerlash vazifalari “MUVAFFAQIYAT” holati bilan tugaganmi yoki yoʻqmi, tekshirildi. Hozircha boshqa statuslar bo'lmagan. Boshqa statuslar paydo bo'lishi bilan men ushbu postda .gitlab-ci.yml ni tuzataman.
Loyihaning asosiy sahifasida manba kodining sifat nazorati holatini ko'rsatish
SonarQube uchun plagin o'rnatilmoqda
yum install -y sonarqube-qualinsight-badgesBiz SonarQube-ga boramiz
Oddiy foydalanuvchi yarating, masalan, "belgilar".
Ushbu foydalanuvchi ostida SonarQube-ga kiring.
"Mening hisobim" ga o'ting, yangi token yarating, masalan, "read_all_repository" nomi bilan va "Yaratish" tugmasini bosing.
Biz token paydo bo'lganini ko'ramiz. U faqat 1 marta paydo bo'ladi.
Administrator sifatida tizimga kiring.
Konfiguratsiya -> SVG nishonlari bo'limiga o'ting
Ushbu tokenni "Faoliyat nishoni belgisi" maydoniga nusxalang va saqlash tugmasini bosing.
Ma'muriyat -> Xavfsizlik -> Ruxsat shablonlari -> Standart shablonga (va sizda bo'ladigan boshqa shablonlarga) o'ting.
Belgilar foydalanuvchisi "Browse" katagiga belgi qo'yishi kerak.
Viktorina
Masalan, loyihani olaylik .
Keling, ushbu loyihani import qilaylik.
.gitlab-ci.yml faylini quyidagi tarkib bilan loyiha ildiziga qo'shing.
variables:
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=~/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
SONAR_HOST_URL: "http://172.26.9.115:9000"
LOGIN: "admin" # логин sonarqube
PASSWORD: "admin" # пароль sonarqube
cache:
paths:
- .m2/repository
build:
image: maven:3.3.9-jdk-8
stage: build
script:
- mvn $MAVEN_CLI_OPTS -Dmaven.test.failure.ignore=true org.jacoco:jacoco-maven-plugin:0.8.5:prepare-agent clean verify org.jacoco:jacoco-maven-plugin:0.8.5:report
- mvn $MAVEN_CLI_OPTS -Dmaven.test.skip=true verify sonar:sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$LOGIN -Dsonar.password=$PASSWORD -Dsonar.gitlab.project_id=$CI_PROJECT_PATH -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
tags:
- dockerSonarQube-da loyiha quyidagicha ko'rinadi:
README.md-ga sumkalar qo'shing va ular quyidagicha ko'rinadi:
Nishonlarni ko'rsatish kodi quyidagicha ko'rinadi:
Nishonlarni ko'rsatish qatorini tahlil qilish:
[](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[](http://172.26.9.115:9000/dashboard?id=id-проекта)
[](http://172.26.9.115:9000/dashboard?id=com.github.jitpack%3Amaven-simple)
[](http://172.26.9.115:9000/dashboard?id=id-проекта)Loyiha kaliti va loyiha identifikatorini qayerdan olish/tekshirish mumkin.
Loyiha kaliti pastki o'ngda. URLda loyiha identifikatori mavjud.
Ko'rsatkichlarni olish variantlari bo'lishi mumkin .
Yaxshilash, xatolarni tuzatish uchun barcha tortishish so'rovlari .
SonarQube haqida Telegram chati
DevSecOps haqida Telegram chati - xavfsiz DevOps
Manba: www.habr.com