首页> DevOps> devops使用SonarQube管理代码质量

[资源]devops使用SonarQube管理代码质量

收藏
0 1059 0

1. SonarQube 介绍

SonarQube 是一个用于管理源代码质量开放平台,它可以从多个维度检测代码质量,可以快速的定位代码中潜在的或者明显的 Bug、错误。它支持包括 JavaPythonPhpC/C++C#HTMLJavaScriptPL/SQLObjective C 等二十多种编程语言的代码质量管理与检测。可作为我们日常开发中检测代码质量的重要工具。

2. 环境、软件准备

Linux-centos7环境下安装,以下是安装的软件及版本:

SonarQubeversion 7.8

Jdkversion 11.0.4

Mysqlversion 5.7.24

SonarQube Scanner 4.0.0.1744

注:jdkmysql的安装不做介绍,重点介绍SonarQube的安装与使用

3. 安装SonarQube

SonarQube 安装很简单,只需去官网下载zip安装包(https://www.sonarqube.org/downloads/),下载社区版7.8注:SonarQube 7.8 is the last version that will support MySQL

,解压执行即可,解压目录结构如下:

 

新建用户(useradd sonar),后面以该普通用户身份起动sonarqube服务,chown  -R  sonar.  /data/sonarqube-7.8/

注:sonarqube6.x版本新增了es,启动的时候会先启动es,而且为了安全,不允许以root用户启动,所以后面启动sonar的时候将以普通用户启动服务。

修改配置文件配置数据库信息

vi conf/sonar.properties

 

注:登陆数据库服务器,新建sonar数据库,并授权远程访问

运行脚本启动服务

su sonar ./bin/linux-x86-64/sonar.sh start  //以普通用户起服务,不然es启动会报错,用法:console(查看start的命令打印的日志,即查看logs/sonar.log文件内容)startstatusstop

 

注:es和web必须up,sonarqube才能成功启动,如果启动失败基本上都是上面数据库配置有问题,可先不配置数据库信息启动是否成功

登陆web端,ip:端口,登陆用户名密码默认都是admin

 

可安装中文包插件,插件包下载地址,选择对应版本的插件下载:

https://github.com/SonarQubeCommunity/sonar-l10n-zh/releases?after=sonar-l10n-zh-plugin-1.22

将下载的插件包放到对应的目录:

 

重启sonarqube

启动失败:

1、数据库sonar未授权,启动sonar报错连不上数据库

 

解决:授权

登陆数据库服务器

use mysql;

 

 

 

4. 安装sonar-scanner

Dockerhost服务器安装扫描客户端sonar-scanner,下载地址https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/

上传包并解压,安装路径:

/data/bkee/public/ci/docker/apps/sonar-scanner/bin

修改配置文件,配置SonarQube服务器和数据库信息

 

 

修改环境变量,编辑/etc/profile文件追加如下内容:

export SONAR_RUNNER_HOME=/data/bkee/public/ci/docker/apps/sonar-scanner/bin

export PATH=$PATH:${SONAR_RUNNER_HOME}

source /etc/profile立马生效

检查是否成功

sonar-scanner -v

 

5. sonar-scanner扫描测试

下载要扫描的项目代码到sonar-scanner的服务器上

 

项目根目录下新建配置文件sonar-project.propertiessonar.projectKeysonar.projectName是不同扫描项目的区分标识

# must be unique in a given SonarQube instance

sonar.projectKey=TSF-test

# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.

sonar.projectName=TSF-test      

sonar.projectVersion=1.0

 

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.

# This property is optional if sonar.modules is set.

sonar.sources=.

sonar.java.binaries=.

 

# Encoding of the source code. Default is default system encoding

sonar.sourceEncoding=UTF-8

代码扫描测试

[root@dev128 TSF]# sonar-scanner

INFO: Scanner configuration file: /data/bkee/public/ci/docker/apps/sonar-scanner/conf/sonar-scanner.properties

INFO: Project root configuration file: /data/bkee/public/ci/docker/apps/sonarScannerTest/TSF/sonar-project.properties

INFO: SonarQube Scanner 4.0.0.1744

INFO: Java 11.0.3 AdoptOpenJDK (64-bit)

INFO: Linux 3.10.0-957.el7.x86_64 amd64

INFO: User cache: /root/.sonar/cache

INFO: SonarQube server 7.8.0

INFO: Default locale: "zh_CN", source code encoding: "UTF-8"

INFO: Load global settings

INFO: Load global settings (done) | time=923ms

INFO: Server id: 3499947A-AW1t2-au7hlW6sgIPXvy

INFO: User cache: /root/.sonar/cache

INFO: Load/download plugins

INFO: Load plugins index

INFO: Load plugins index (done) | time=430ms

INFO: Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.

INFO: Load/download plugins (done) | time=1592ms

INFO: Process project properties

INFO: Execute project builders

INFO: Execute project builders (done) | time=38ms

INFO: Project key: TSF-test

INFO: Base dir: /data/bkee/public/ci/docker/apps/sonarScannerTest/TSF

INFO: Working dir: /data/bkee/public/ci/docker/apps/sonarScannerTest/TSF/.scannerwork

INFO: Load project settings for component key: 'TSF-test'

INFO: Load quality profiles

INFO: Load quality profiles (done) | time=338ms

INFO: Load active rules

INFO: Load active rules (done) | time=8149ms

WARN: SCM provider autodetection failed. Please use "sonar.scm.provider" to define SCM of your project, or disable the SCM Sensor in the project settings.

INFO: Indexing files...

INFO: Project configuration:

INFO: 73 files indexed

INFO: Quality profile for java: Sonar way

INFO: Quality profile for xml: Sonar way

INFO: ------------- Run sensors on module TSF-test

INFO: Load metrics repository

INFO: Load metrics repository (done) | time=248ms

WARNING: An illegal reflective access operation has occurred

WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/root/.sonar/cache/866bb1adbf016ea515620f1aaa15ec53/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)

WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1

WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations

WARNING: All illegal access operations will be denied in a future release

INFO: Sensor JavaSquidSensor [java]

INFO: Configured Java source version (sonar.java.source): none

INFO: JavaClasspath initialization

WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property.

INFO: JavaClasspath initialization (done) | time=109ms

INFO: JavaTestClasspath initialization

INFO: JavaTestClasspath initialization (done) | time=1ms

INFO: Java Main Files AST scan

INFO: 31 source files to be analyzed

INFO: Load project repositories

INFO: Load project repositories (done) | time=47ms

ERROR: Unable to parse source file : 'src/main/java/HttpTest.java'

ERROR: Parse error at line 53 column 9:

 

43:             put(".zip", "zip");

44:             put(".tar.gz", "tar.gz");

45:         }

46:     };

47:

48:

49:     //private final static String TOKEN = "106181f50d79b63b17c5490011d0f143";

50:

51:     public static void main(String[] args) throws Exception {

52:         String str = null

53:         str.equals("a");

            ^

54:         int d = 2/0;

55:         //String pwd = new String(Base64.getDecoder().decode("QktkZXZvcHNAMjAxOQ=="), "UTF-8");

56:         //System.out.println(s);

57:

58:         // 1.登录

59:         LoginResponse login = login(USERNAME, PASSWORLD);

60:         String token = login.getToken();

61:

62:         //String userId = login.getUsers().get(0).getUserId();

63:

 

INFO: 20/31 files analyzed, current file: src/main/java/docker/DockerTest.java

INFO: 31/31 source files have been analyzed

INFO: Java Main Files AST scan (done) | time=16189ms

INFO: Java Test Files AST scan

INFO: 0 source files to be analyzed

INFO: Java Test Files AST scan (done) | time=26ms

INFO: Sensor JavaSquidSensor [java] (done) | time=19728ms

INFO: Sensor JaCoCo XML Report Importer [jacoco]

INFO: 0/0 source files have been analyzed

INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=31ms

INFO: Sensor SurefireSensor [java]

INFO: parsing [/data/bkee/public/ci/docker/apps/sonarScannerTest/TSF/target/surefire-reports]

INFO: Sensor SurefireSensor [java] (done) | time=16ms

INFO: Sensor JaCoCoSensor [java]

INFO: Sensor JaCoCoSensor [java] (done) | time=9ms

INFO: Sensor JavaXmlSensor [java]

INFO: 1 source files to be analyzed

INFO: Sensor JavaXmlSensor [java] (done) | time=1433ms

INFO: 1/1 source files have been analyzed

INFO: Sensor HTML [web]

INFO: Sensor HTML [web] (done) | time=122ms

INFO: Sensor XML Sensor [xml]

INFO: 1 source files to be analyzed

INFO: Sensor XML Sensor [xml] (done) | time=952ms

INFO: 1/1 source files have been analyzed

INFO: ------------- Run sensors on project

INFO: Sensor Zero Coverage Sensor

INFO: Sensor Zero Coverage Sensor (done) | time=108ms

INFO: Sensor Java CPD Block Indexer

INFO: Sensor Java CPD Block Indexer (done) | time=519ms

INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.

INFO: 15 files had no CPD blocks

INFO: Calculating CPD for 16 files

INFO: CPD calculation finished

INFO: Analysis report generated in 563ms, dir size=176 KB

INFO: Analysis report compressed in 746ms, zip size=74 KB

INFO: Analysis report uploaded in 2988ms

INFO: ANALYSIS SUCCESSFUL, you can browse http://192.168.0.132:9000/dashboard?id=TSF-test

INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report

INFO: More about the report processing at http://192.168.0.132:9000/api/ce/task?id=AW9RkkPTjZC69mA1Menk

INFO: Analysis total time: 51.287 s

INFO: ------------------------------------------------------------------------

INFO: EXECUTION SUCCESS

INFO: ------------------------------------------------------------------------

INFO: Total time: 1:01.663s

INFO: Final Memory: 7M/40M

INFO: ------------------------------------------------------------------------

查看扫描结果

 

6. Devops使用SonarQube插件

研发商店上传sonarqube插件

 

 

 

7. 流水线测试

 

附件
devops使用SonarQube管理代码质量.doc 879.54KB
DevOps
最近热帖
{{item.Title}} {{item.ViewCount}}
近期热议
{{item.Title}} {{item.PostCount}}