gitlab-ci 集成 sonarqube

项目demo在github上:https://github.com/mkyong/maven-examples/tree/master/maven-code-coverage

使用helm安装gitlab ci runner到k8s集群

下载chart包或者使用以下命令:

helm repo add gitlab  https://charts.gitlab.io/
helm search gitlab-runner
helm fetch gitlab/gitlab-runner

解压并修改部分参数:

tar zxvf gitlab-runner-0.1.44.tgz
cd gitlab-runner
vim values.yaml
  • gitlabUrl gitlab的地址
  • runnerRegistrationToken 从gitlab project -> Settings -> CI/CD Runners settings ->Specific Runners中获取
  • rbac.create 设为true
  • runners.tags 自定义设置 方便在pipeline中调用。
  • runners.privileged 设为true为了使用docker in docker

安装

helm install ./

sonarqube 配置

安装插件:

  • GitLab
  • GitLab Auth
  • JaCoCo

security

Permission Templates -> Default template

将Creators 后面的权限全选(即 项目的创建者有项目的所有权限)
将sonar-administrators后面的权限全选(即 sonar的admin有所有项目的所有权限)
把sonar-users 的权限全部取消(每个人不能看到其他人的项目)

配置

General

  • Server base URL 配成自己的sonarqube的url。

GitLab

Authentication
  • Enabled 设为true
  • GitLab url 设为gitlab地址
  • Application ID 来源 gitlab admin area -> Applications 新建 application Scopes选择read_user。Redirect URI填 sonarqube url + /oauth2/callback/gitlab
  • Secret 同上
Reporting

Global template: 注意 sonarqubeurl 换成实际情况的url

<#if qualityGate??>
<#if  qualityGate.status == "OK">
[ :heavy_check_mark: SonarQube analysis indicates that quality gate is  "PASS"  ](http://sonarqubeurl/sessions/init/gitlab?return_to=/dashboard?id=${projectId?split('/')[0]}-${projectId?split('/')[1]})
<!--#if-->
<#if  qualityGate.status == "ERROR">
[ :heavy_multiplication_x: SonarQube analysis indicates that quality gate is  "FAILED"  ](http://sonarqubeurl/sessions/init/gitlab?return_to=/dashboard?id=${projectId?split('/')[0]}-${projectId?split('/')[1]})
<!--#if-->

<#list qualityGate.conditions() as condition>
<@c condition=condition/>

<!--#list-->
<!--#if-->
<#macro c condition>* ${condition.metricName} is <@s status=condition.status/>: Actual value ${condition.actual}<#if condition.status == WARN> is ${condition.symbol} ${condition.warning}<!--#if--><#if condition.status == ERROR> is ${condition.symbol} ${condition.error}<!--#if--><!--#macro-->
<#macro s status><#if status == OK>passed<#elseif status == WARN>warning<#elseif status == ERROR>failed<#else>unknown<!--#if--><!--#macro-->
<#assign newIssueCount = issueCount() notReportedIssueCount = issueCount(false)>
<#assign hasInlineIssues = newIssueCount gt notReportedIssueCount extraIssuesTruncated = notReportedIssueCount gt maxGlobalIssues>
<#if newIssueCount == 0>
SonarQube analysis reported no issues.
<#else>
SonarQube analysis reported ${newIssueCount} issue<#if newIssueCount gt 1>s<!--#if-->
<#assign newIssuesBlocker = issueCount(BLOCKER) newIssuesCritical = issueCount(CRITICAL) newIssuesMajor = issueCount(MAJOR) newIssuesMinor = issueCount(MINOR) newIssuesInfo = issueCount(INFO)>
<#if newIssuesBlocker gt 0>
* ${emojiSeverity(BLOCKER)} ${newIssuesBlocker} blocker
<!--#if-->
<#if newIssuesCritical gt 0>
* ${emojiSeverity(CRITICAL)} ${newIssuesCritical} critical
<!--#if-->
<#if newIssuesMajor gt 0>
* ${emojiSeverity(MAJOR)} ${newIssuesMajor} major
<!--#if-->
<#if newIssuesMinor gt 0>
* ${emojiSeverity(MINOR)} ${newIssuesMinor} minor
<!--#if-->
<#if newIssuesInfo gt 0>
* ${emojiSeverity(INFO)} ${newIssuesInfo} info
<!--#if-->
<#if !disableIssuesInline && hasInlineIssues>

Watch the comments in this conversation to review them.
<!--#if-->
<#if notReportedIssueCount gt 0>
<#if !disableIssuesInline>
<#if hasInlineIssues || extraIssuesTruncated>
<#if notReportedIssueCount <= maxGlobalIssues>

#### ${notReportedIssueCount} extra issue<#if notReportedIssueCount gt 1>s<!--#if-->
<#else>

#### Top ${maxGlobalIssues} extra issue<#if maxGlobalIssues gt 1>s<!--#if-->
<!--#if-->
<!--#if-->

Note: The following issues were found on lines that were not modified in the commit. Because these issues can't be reported as line comments, they are summarized here:
<#elseif extraIssuesTruncated>

#### Top ${maxGlobalIssues} issue<#if maxGlobalIssues gt 1>s<!--#if-->
<!--#if-->

<#assign reportedIssueCount = 0>
<#list issues(false) as issue>
<#if reportedIssueCount < maxGlobalIssues>
1. ${print(issue)}
<!--#if-->
<#assign reportedIssueCount++>
<!--#list-->
<#if notReportedIssueCount gt maxGlobalIssues>
* ... ${notReportedIssueCount-maxGlobalIssues} more
<!--#if-->
<!--#if-->
<!--#if-->

Inline template

<#list issues() as issue>
<@p issue=issue/>
<!--#list-->
<#macro p issue>
${emojiSeverity(issue.severity)} ${issue.message} [:blue_book:](${issue.ruleLink})
<!--#macro-->

Gitlab

在项目中添加 .gitlab-ci.yml

stages:
- scanner

example-sonar:
stage: scanner
tags:
- ****
image: stable.icp:8500/testcenter/maven:3.6.1-jdk-8
script:
- mvn test
- |
mvn sonar:sonar \
-Dsonar.host.url=http://sonarqubeurl \
-Dsonar.login=***********  \
-Dsonar.jacoco.reportPaths=target/jacoco.exec \
-Dsonar.projectKey=songjianxin-maven-jacoco \
-Dsonar.gitlab.project_id=$CI_PROJECT_PATH \
-Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA \
-Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME \
-Dsonar.gitlab.url=gitlab url \
-Dsonar.gitlab.user_token=********** \
-Dsonar.gitlab.comment_no_issue=true -X \
-Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID \
-Dsonar.gitlab.merge_request_discussion=true

修改:

  • tags 在创建gitlab runner时所输入的tags
  • image maven+jdk的即可
  • sonarqubeurl sonarqube的地址
  • sonar.login 登陆 sonarqube网页->login with gitlab -> 右上角自己的姓->My Account -> Security -> Generate Tokens
    生成的token只能看到一次。。如果忘记了 需要再生成一个
  • sonar.gitlab.user_token gitlab右上角用户 -> settings ->Personal Access Tokens Scopes选api

最终效果

gitlab commit会自动触发gitlab ci的过程(如果某次commit不想触发 可以在commit信息中写”[skip ci]”)。
从gitlab上点击本次commit。 在comment中可以看到sonarqube 返回的结果。返回结果的第一行链接可以带着gitlab的用户认证信息跳到sonarqube中(免登陆)。并且只展示自己创建的项目。

Author: jxin

发表评论

电子邮件地址不会被公开。 必填项已用*标注