Jenkins + Gitlab + SonarQube code quality management integration

First, prepare the environment

1.1, JDK11 installation environment

JDK11 installation and configuration under Linux system

1.2, PostgreSQL database structures required SonarQube under Docker environment

Since this will be installed SonarQube to the latest 7.9 version, so here is simple and practical to build a Docker PostgreSQL.

1.2.1, Docker installation

# 校验Linux的内核是否为3.10及以上
uname -r
# 安装docker
yum install docker
# 配置163镜像
vim /etc/docker/daemon.json

{
	"registry-mirrors": ["http://hub-mirror.c.163.com"]
}

Common docker command

1.2.2, PostgreSQL installation of Docker

1.2.2.1, download PostgreSQL mirrors

# 拉取最新的postgres镜像
docker pull postgres:10.10

1.2.2.2, data persistence

Docker Volume Profile

# 创建PostgreSQL的数据持久化
docker volume create pgdata
# 查看创建的数据持久化仓库
docker volume ls

1.2.2.3, start the container

docker run -d -it --rm -v pgdata:/var/lib/postgresql/data -p 5432:5432 docker.io/postgres:10.10
# -it：
# --rm：指定容器停止后自动删除容器(不支持以docker run -d启动的容器)
# -v：给容器挂载存储卷，挂载到容器的某个目录
# -p： 指定端口号
# -d：后台运行

View containers operating status

1.2.2.4, log in PostgreSQL

# 进入到PostgreSQL容器中
docker exec -it e20da0174db8 bash
# 切换到postgres系统用户
su postgres
# 创建一个给SonarQube使用的超级用户（-s 是指成为超级用户，-P(大定)是指定密码）
createuser -P -s -e sonar

1.2.2.5, database creation snor

# 连接数据库
psql
# 创建sonar数据库
create database sonar owner=sonar;

Create a database schema to sonar

# 切换到sonar数据库
\c sonar
# 创建schema指定owner
create schema my_schema authorization sonar;

Two, SonarQube installation

Reference links

2.1, download SonarQube

SonarQube download link
click on the link, go to the official website, choose to download version 7.9

# 下载SonarQube
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.9.1.zip

Here use wget to download applications on Linux hosts more slowly, or directly under the windows platform download is complete, use the command rz uploaded to the Linux host.

If you perform here rz following commands appear not found, then install about

uploading SonarQube archive

2.2, unzip the zip file SonarQube

Use unzip tool unzip the zip file

# 解压zip文件
unzip sonarqube-7.9.1.zip
# 安装unzip
yum install -y unzip zip

Unzip the file

2.3, users create SonarQube sonar

# 创建sonar用户
useradd sonar
# 修改/opt/sonarqube-7.9.1文件夹的所属用户组和用户都为sonar
chown -R sonar.sonar /opt/sonarqube-7.9.1

2.4, the system optimization parameter

Optimization parameters here, the configuration may still be a problem, the specific cause of the problem can go to view the error logs from the log, then the corresponding modification! ! !

sysctl -w  vm.max_map_count=262144
sysctl -w fs.file-max=65536
ulimit -u 4096 sonar
ulimit -n 65536 sonar

2.5, change the configuration file

# 修改配置文件
vim ./conf/sonar.properties

2.5.1, configure the database login user and password

sonar.jdbc.username=sonar
sonar.jdbc.password=123456

2.5.2, the configuration database connection pooling related properties

sonar.jdbc.maxActive=60
sonar.jdbc.maxIdle=5
sonar.jdbc.minIdle=2
sonar.jdbc.maxWait=5000
sonar.jdbc.minEvictableIdleTimeMillis=600000
sonar.jdbc.timeBetweenEvictionRunsMillis=30000

2.5.3, configure web access related

sonar.web.host=0.0.0.0
sonar.web.port=9000

2.6, start SonarQube (2G of memory required)

./bin/linux-x86-64/sonar.sh start

After a successful start you can see a lot of tables created in the previous schema.

Login SonarQubehttp: 9000: //192.168.2.200

enter the account after clicking login: admin; password: admin login management platform.

Install 2.7, SonarQube finished plug-ins

After waiting for the service to restart, refresh the page to the following Chinese version

2.8, install the sonar-scanner plugin (this plugin by following the installation and configuration of the part may be the same in Jenkins plugin, this part does not do the test again)

Described at the header, here primarily due to the host 200 is mounted on a sonar-scanner (host sonar installation), arranged below the sonar-scanner then Jenkins and services when they select the automatic installation. In theory this installation should be the same thing, but when I tested and found himself installed While sonar-scanner fill in to fill in the home directory is no problem, but when Jenkins's job to build or error occurred.

2.8.1, sonar-scanner download and unzip

sonar-scanner plugin download portal

# 进入software文件夹(该文件夹为自己创建用来存放软件的zip安装包)
cd ./software
# 下载sonar-scanner插件zip包
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.0.0.1744-linux.zip
# 将该zip文件解压到opt文件夹下
unzip sonar-scanner-cli-4.0.0.1744-linux.zip -d /opt
# 进入到opt文件夹，然后修改解压后的文件夹名称为sonar-scanner
mv sonar-scanner-4.0.0.1744-linux sonar-scanner

2.8.2, sonar-scanner environment variable configuration

# 配置环境变量
vim /etc/profile

export SONAR_SCANNER_HOME=/opt/sonar-scanner
export PATH=$PATH:${SONAR_SCANNER_HOME}/bin

After saving execute the following commands to validate the configuration!

# 使配置生效
source /etc/profile

2.8.3 disposed sonar-scanner

vim /opt/sonar-scanner/conf/sonar-scanner.properties 

2.8.4 verify sonar-scanner

sonar-scanner -h

After you do see the figure below, the configuration was successful.

Three, GitLab installation

[Jenkins + Ansible + Gitlab automated deployment Musketeers] study notes - Chapter 2-1 ~ 2-3 GitLab Introduction and Configuration Management

Four, Jenkins installation

[Jenkins + Ansible + Gitlab automated deployment Musketeers] study notes - Chapter 4-1 ~ 4-3 Jenkins introduced

Five, Jenkins integrated SonarQube

5.1, install SonarQube Scanner plug-in

Quietly wait for the installation of plug-ins.

5.2, jenkins configuration sonar information service

Log on to the management platform sonar, operation as shown below

token value acquisition created by the user.

token: 903d9f33ac6c1f3d6dd9e1bb23ebcb968fd6510b
then log on to the management platform Jenkins, the system management of system settings to find the portion shown below, then click the button of the circle.

Configuring the host name and sonar access to IP addresses.

5.3, Jenkins configuration SonarQube Scanner service information

5.3.1, installed their own SonarQube Scanner configuration

It should be noted that, currently my sonar is installed on the host 192.168.2.200, while Jenkins is 192.168.2.203. Here added SONAR_RUNNER_HOME, also reported yellow warning that not in the current host, it does not matter. (Configuration issue that is here at the red text content described above)

5.3.2, using automatic installation Jenkins SonarQube Scanner Configuration

Log on to Jenkins management platform, and then configure the following figure.

5.4, ​​Maven integration SonarQube

Log on to the host computer 203 Jenkins, and then find maven in the host

# 进入到maven的安装目录
cd /opt/apache-maven-3.6.2/

5.4.1, set plugin prefix

vim conf/settings.xml

<settings>
    <pluginGroups>
        <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
    </pluginGroups>
</settings>

5.4.2 configuration sonar server URL

<settings>   
    <profiles>
        <profile>
            <id>sonar</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <!-- Optional URL to server. Default value is http://localhost:9000 -->
                <sonar.host.url>
                  http://192.168.2.200:9000
                </sonar.host.url>
            </properties>
        </profile>
     </profiles>
</settings>

. . . . . . . . . . . . . . . . . To be continued. . . . . . . . . .

Six, direct execution construct and generate the code in the test report the IDEA

6.1, log on to sonarqube management platform, a new project

Specific operation as shown in FIG.

6.2, a copy of the above maven command to execute the test project execution IDEA

# 直接黏贴到idea的maven插件中执行
mvn sonar:sonar \
  -Dsonar.projectKey=test01 \
  -Dsonar.host.url=http://192.168.2.200:9000 \
  -Dsonar.login=9dd99f1c2a31899a6cda897d65e403e89ff41b40

After the wait appeared analysis diagram (content ~~~ omitted)

Seven, the use of Job Jenkins to build the code scan task

7.1, build maven project

If you build a project need to add a maven pom.xml file in the configuration path

7.2, to build a free-style software project

7.2.1 Create a project

7.2.2, click on the building

As for the log output portion

switches back sonarqube management interface

7.3 The configuration is committed trigger for the construction of Job add GitLab

The previous 7.1 and 7.2 have been completed manually perform tasks to complete the build jenkins perform sonar deployment tasks, the following instructions on how to make the code after submitting gitlab automatically trigger jenkins perform sonar tasks.

7.3.1, Jenkins plug-in installation GitLab

7.3.2, to create the access token in GitLab

7.3.3, the plug-in configuration GitLab in Jenkins

In jenkins, go to "System Management" - "System Settings" - "Gitlab" configuration.



After completion of the addition to the current options, select just added gitlab credentials, click on the right side after selecting " the Test Connection " to test whether the connection is successful.

7.3.4, Jenkins configuration tasks, enable the trigger

Jenkins into the task of setting interface, in the "build trigger", the hook on "Build when a change pushed to Gitlab.Gitlab webhook URL ..." (webhook where URL needs when configuring gitlab back), according to their need to set other Options. Click the "Advanced" button, then click the "Generate" button to generate the Secret token (token required when configuring gitlab back here).

7.3.5, the configuration webhook in GitLab

7.3.6, webhook test

With a click you can see Jenkins build tasks in the console

reference documentation