CI流水线集成

shell 命令行方式

流水线中添加代码扫描阶段(如果觉得下面参数太多,可以在项目里面加上sonar的配置参数文件)

def buildTools = ["maven": "/usr/local/apache-maven-3.8.1",
                  "sonar": "/usr/local/sonar-scanner-4.6.0.2311-linux"]

pipeline{
   
   agent {label "build"}

   stages{
     
     stage("GetCode"){
        steps{
            script{
                println("下载分支代码----->${env.branchName}")
                checkout([$class: 'GitSCM', branches: [[name: '*/master']], extensions: [], userRemoteConfigs: [[credentialsId: "$credentialsId", url: "${gitHttpURL}"]]])
            }
        }
     }

     stage("Build"){
         steps{
             script{
                sh "${buildTools["maven"]}/bin/mvn clean package"
             }
         }
     }

     stage("UnitTest"){
         steps{
             script{
               sh "${buildTools["maven"]}/bin/mvn test"
             }
         }
         post{
             success{
                script{
                     junit 'target/surefire-reports/*.xml'
                }
             }
         }
     }

     stage("SonarScan"){
         steps{
             script{
                 sh """
                ${buildTools["sonar"]}/bin/sonar-scanner -Dsonar.host.url=http://139.198.170.122:9000 \
                -Dsonar.projectKey=devops-maven-service \
                -Dsonar.projectName=devops-maven-service \
                -Dsonar.projectVersion=1.0 \
                -Dsonar.login=admin \
                -Dsonar.password=admin \
                -Dsonar.ws.timeout=30 \
                -Dsonar.projectDescription="my first project!" \
                -Dsonar.links.homepage=http://139.198.170.122:81/root/devops-maven-service \
                -Dsonar.links.ci=http://139.198.170.122:8080/job/devops-maven-service/ \
                -Dsonar.sources=src/main \
                -Dsonar.sourceEncoding=UTF-8 \
                -Dsonar.java.binaries=target/classes \
                -Dsonar.java.test.binaries=target/test-classes \
                -Dsonar.java.surefire.report=target/surefire-reports
                """
             }
         }
     }
  }

}

Jenkins 插件方式

参考:SonarScanner for Jenkins | SonarQube Docs

Jenkins插件的好处是可以在这里面进行跳转

在Jenkins中安装插件sonarqube scanner

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_git

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_java_02

在这里主要是配置sonar的信息,先去配置凭据,这个token要去sonar上进行配置

令牌:如果想强化安全,不想在执行代码扫描或调用Web Service时使用真实SonarQube用户的密码,可以使用用户令牌来代替用户登录。这样可以通过避免把分析用户的密码在网络传输,从而提升安全性

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_sonarqube_03

将token保存到Jenkins凭据中 

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_java_04

 这样就创建好了一个凭据,然后转到"管理Jenkins>系统配置",向下滚动到SonarQube配置部分,单击Add SonarQube,添加服务器,选择凭据。

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_git_05

  使用withSonarQubeEnv DSL引入在Jenkins中配置的sonar环境

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_maven_06

在片段生成器中查看用法, 注入与所选SonarQube 安装相关的环境变量。将设置以下变量: 

SONAR_HOST_URL     ## 在jenkins管理页面配置的sonar地址
SONAR_AUTH_TOKEN   ## 在jenkins管理页面配置的sonar认证信息
@Library("devopslib@main") _

def project = new org.devops.build()
def sonar = new org.devops.sonarquebscanner()

def buildTools = ["maven": "/usr/local/apache-maven-3.8.1"]
def credentials = ["devops-maven-sonarqube": "f8b33d17-c1cf-428e-aa31-99d4038e59d0"]

String buildType = "${env.buildType}"
String projectDescription = "this is maven project"

currentBuild.description = "maven project"


pipeline {
    
   agent {
      label 'build'
   }

    stages {
        stage('CheckOut') {
            steps {
                checkout([$class: 'GitSCM', 
                          branches: [[name: "${branchName}"]], 
                          extensions: [], userRemoteConfigs: 
                          [[credentialsId: "${credentialsId}", 
                          url: "${srcUrl}"]]])
            }
        }
        
        stage('Build'){
           steps{
             script{
                project.build(buildType,buildTools)
             }
         }
     }
     
       stage("UnitTest"){
          steps{
             script{
               sh "${buildTools["maven"]}/bin/mvn test"
             }
         }
          post{
             success{
                script{
                     junit 'target/surefire-reports/*.xml'
                }
             }
         }
     }

     stage('Sonar-plugin'){
           steps{
             script{
                withSonarQubeEnv("sonarqube-devops-maven"){
            sh """
            sonar-scanner \
                -Dsonar.host.url=${SONAR_HOST_URL} \
                -Dsonar.projectKey=${env.JOB_NAME} \
                -Dsonar.projectName=${env.JOB_NAME} \
                -Dsonar.projectVersion=${env.BUILD_NUMBER} \
                -Dsonar.login=${SONAR_AUTH_TOKEN} \
                -Dsonar.ws.timeout=30 \
                -Dsonar.projectDescription="my first project!" \
                -Dsonar.links.homepage=${env.srcUrl} \
                -Dsonar.links.ci=${env.BUILD_URL} \
                -Dsonar.sources=src \
                -Dsonar.sourceEncoding=UTF-8 \
                -Dsonar.java.binaries=target/classes \
                -Dsonar.java.test.binaries=target/test-classes \
                -Dsonar.java.surefire.report=target/surefire-reports
               """
                }
             }
         }
     }

      stage('CodeScan'){
           steps{
             script{
                 withCredentials([string(credentialsId: "${credentials['devops-maven-sonarqube']}", variable: 'token')]) {
        
                    //sonar.scanner(buildType,token,projectDescription,srcUrl)
                    println("....")
                 }
             }
         }
      }
   }
}

 FAQ: sonar服务器名称错误,需要与系统设置中配置的一致。

ERROR: SonarQube installation defined in this job (mysonarserver) does not match any configured installation. Number of installations that can be configured: 1.
If you want to reassign jobs to a different SonarQube installation, check the documentation under https://redirect.sonarsource.com/plugins/jenkins.html

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_java_07

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_maven_08

最后插件扫描代码放到共享库当中

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_git_09

package org.devops

def scannerWithPlugin(buildType){
    switch(buildType){
        case "maven":
         sh """
            sonar-scanner \
                -Dsonar.host.url=${SONAR_HOST_URL} \
                -Dsonar.projectKey=${env.JOB_NAME} \
                -Dsonar.projectName=${env.JOB_NAME} \
                -Dsonar.projectVersion=${env.BUILD_NUMBER} \
                -Dsonar.login=${SONAR_AUTH_TOKEN} \
                -Dsonar.ws.timeout=30 \
                -Dsonar.projectDescription="my first project!" \
                -Dsonar.links.homepage=${env.srcUrl} \
                -Dsonar.links.ci=${env.BUILD_URL} \
                -Dsonar.sources=src \
                -Dsonar.sourceEncoding=UTF-8 \
                -Dsonar.java.binaries=target/classes \
                -Dsonar.java.test.binaries=target/test-classes \
                -Dsonar.java.surefire.report=target/surefire-reports
                """
          break
        case "npm":
          sh """
          sonar-scanner \
                -Dsonar.projectKey=${env.JOB_NAME} \
                -Dsonar.projectName=${env.JOB_NAME} \
                -Dsonar.sources=src \
                -Dsonar.host.url=${SONAR_HOST_URL} \
                -Dsonar.login=${SONAR_AUTH_TOKEN} \
                -Dsonar.projectVersion=${env.BUILD_NUMBER} \
                -Dsonar.ws.timeout=30 \
                -Dsonar.projectDescription="my first project!" \
                -Dsonar.links.homepage=${env.srcUrl} \
                -Dsonar.links.ci=${env.BUILD_URL} \
                -Dsonar.sourceEncoding=UTF-8

          """
          break
        default:
        println("sonar error !")
    }
}
@Library("devopslib@main") _

def project = new org.devops.build()
def sonar = new org.devops.sonarquebscanner()

def buildTools = ["maven": "/usr/local/apache-maven-3.8.1"]
def credentials = ["devops-maven-sonarqube": "f8b33d17-c1cf-428e-aa31-99d4038e59d0"]

String buildType = "${env.buildType}"
String projectDescription = "this is maven project"

currentBuild.description = "maven project"


pipeline {
    
   agent {
      label 'build'
   }

    stages {
        stage('CheckOut') {
            steps {
                checkout([$class: 'GitSCM', 
                          branches: [[name: "${branchName}"]], 
                          extensions: [], userRemoteConfigs: 
                          [[credentialsId: "${credentialsId}", 
                          url: "${srcUrl}"]]])
            }
        }
        
        stage('Build'){
           steps{
             script{
                project.build(buildType,buildTools)
             }
         }
     }
     
       stage("UnitTest"){
          steps{
             script{
               sh "${buildTools["maven"]}/bin/mvn test"
             }
         }
          post{
             success{
                script{
                     junit 'target/surefire-reports/*.xml'
                }
             }
         }
     }

     stage('Sonar-plugin'){
           steps{
             script{
                withSonarQubeEnv("sonarqube-devops-maven"){
                   sonar.scannerWithPlugin(buildType)
                }
             }
         }
     }

      stage('CodeScan'){
           steps{
             script{
                 withCredentials([string(credentialsId: "${credentials['devops-maven-sonarqube']}", variable: 'token')]) {
        
                    //sonar.scanner(buildType,token,projectDescription,srcUrl)
                    println("....")
                 }
             }
         }
      }
   }
}

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_sonarqube_10

def scannerWithPlugin(buildType){
  def sonarDate = sh returnStdout: true, script: 'date +%F'
      sonarDate = sonarDate - "\n"
      
    switch(buildType){
        case "maven":
         sh """
            sonar-scanner \

                -Dsonar.projectVersion=${sonarDate} \

                """
          break

SonarQube 05 CI流水线集成 shell 命令行方式和Jenkins 插件方式_maven_11