OpenShift容器中进行代码扫描

 

使用容器进行代码扫描，速度相对快些！快来体验~~ 首先需要创建一个包含jenkins slave的镜像，然后将构建工具maven、sonarscanner加入镜像。最后下载代码编译构建扫描。

 

  制作SonarScaner镜像  

•  

FROM registry.it.com/jenkins/jenkins-slave:latest#tool mavenADD apache-maven-3.5.0.tar.gz /usr/local/#tool sonarADD sonar-scanner.tar.gz /usr/local/

 

  编写Jenkinsfile

•  

def label = "mypod-${UUID.randomUUID().toString()}"
//代码扫描def SonarScan(projectType,skipSonar,srcDir,serviceName){    def scanHome = "/usr/local/sonar-scanner"    if (projectType == 'java'){        if ("${buildType}" == 'gradle'){            codepath = 'build/classes'        } else{            codepath = 'target/classes'        }        try {            sh """                cd ${srcDir}                 ${scanHome}/bin/sonar-scanner -Dsonar.projectName=${serviceName} -Dsonar.projectKey=${serviceName}  \                -Dsonar.sources=src/main -Dsonar.tests=src/test -Dsonar.language=java -Dsonar.sourceEncoding=UTF-8 \                -Dsonar.java.binaries=${codepath} -Dsonar.java.coveragePlugin=jacoco \                -Dsonar.jacoco.reportPath=target/jacoco.exec -Dsonar.junit.reportsPath=target/surefire-reports \                -Dsonar.surefire.reportsPath=target/surefire-reports -Dsonar.projectDescription='devopsdevops'             """         } catch (e){            currentBuild.description="代码扫描失败!"            error '代码扫描失败!'        }    }}
//dockerpodTemplate(    label: label,    cloud: 'kubernetes',     containers: [         containerTemplate(            name: 'jnlp',            image: 'registry.it.com/jenkins/slave-maven-sonar-jdk8u111:latest',            ttyEnabled: true,            privileged: false,            alwaysPullImage: true,            args: '${computer.jnlpmac} ${computer.name}',            resourceRequestCpu: '4000m',            resourceLimitCpu: '8000m',            resourceRequestMemory: '8Gi',            resourceLimitMemory: '16Gi',            envVars: [                envVar(key: 'PATH', value: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/apache-maven-3.5.0/bin'),                envVar(key: 'CLASS_PATH', value: '/docker-java-home/jre/lib/rt.jar:/docker-java-home/jre/lib/dt.jar:/docker-java-home/jre/lib/tools.jar')]        )    ],    volumes: [persistentVolumeClaim(mountPath: '/etc/data/', claimName: 'jenkins')],    //idleMinutes: '60',    //activeDeadlineSeconds: '60',    slaveConnectTimeout: '60'    ){        node(label) {            ws("${workspace}"){                stage('GetCode'){                    .......                }                                stage('Build'){                    .......                }                          stage('CodeScan'){                    SonarScan('java',skipSonar,srcDir,serviceName)                }                            }        }}

更多技术实践，多多分享关注！

长按识别二维码关注