I scanned the code quality of my project some time ago. I thought my code quality was good, but found a bunch of bugs or smell codes, and my soul suffered 1w points of damage.
It is conceivable that in the case of tight time and tasks, the quality of the code cannot be guaranteed. Although the function is complete, there may be countless bugs lurking in a hidden corner, so if you have time Do code quality checks on your own code. Although there is no guarantee of perfect code, the number of bugs can be reduced, and good programming habits can be developed based on the results of the scan.
As a programmer, you have to be rigorous.
No more gossip.
This article mainly introduces the integration of Jenkins Pipeline and SonarQube to scan the code, here is Jenkins2.19.1, SonarQube6.4.
1. Basic work
1.1 Install the plug-in
Install the latest SonarQube plugin plugin in System Management -> Plugin Management in the Jenkins management interface , and restart Jenkins:
[External link image transfer failed. The source site may have an anti-hotlink mechanism. It is recommended to save the image and upload it directly (img-ANFkfLuY-1572081094426)(http://www.howardliu.cn/images/code_quality/jenkins_available-plugins_sonarqube.png )]
1.2 Configure/install SonarQube Scanner
After waiting for the restart, configure/install the latest SonarQube Scanner in System Management->Global Tool Configuration:
You can choose to install it automatically, which will automatically install it from the default location to the default path when you need it, and you don’t need to download and install it manually, which is very convenient. Of course, you can also download it yourself. If you are downloading it yourself, you need to remove the automatic installation tick, and then fill in the path of the SonarQube Scanner running package you downloaded:
1.3 Configure SonarQube Service
Because the SonarQube Scanner tool needs to send the scanned code and results to the SonarQube server, the SonarQube service address needs to be configured.
Add SonarQube servers related configuration in System Management -> System Settings :
At this point, the basic configuration work is over, and you can start to configure the scan task.
2. Configure the items to be scanned
First create a Jenkins Pipeline project:
Then modify the Pipeline script, such as:
node {
stage('SCM') {
git([url: 'https://github.com/howardliu-cn/cynomys.git'])
}
stage('SonarQube analysis') {
def sonarqubeScannerHome = tool name: 'SonarQube Scanner'
withSonarQubeEnv('SonarQube') {
sh "${sonarqubeScannerHome}/bin/sonar-scanner"
}
}
}
If you need to specify to copy code from a branch, you can add branchparameters; if you use ssh to copy the code, you need credentialsIdto configure the key ID configured in Jenkins through parameters. such as:
node {
stage('SCM') {
git([url: '[email protected]:RD/messenger.git', branch: 'develop', credentialsId: 'fae8b1b9-8818-48e9-a28a-24b928015a6c'])
}
stage('SonarQube analysis') {
def sonarqubeScannerHome = tool name: 'SonarQube Scanner'
withSonarQubeEnv('SonarQube') {
sh "${sonarqubeScannerHome}/bin/sonar-scanner"
}
}
}
Both of these methods require a sonar-project.propertiesfile under the root path of the project , the content of which is as follows:
# must be unique in a given SonarQube instance
sonar.projectKey=cynomys:0.0.1
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=cynomys
sonar.projectVersion=0.0.1
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=.
sonar.exclusions=**/test/**,**/target/**
sonar.java.source=1.8
sonar.java.target=1.8
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
In addition to the way of Pipeline, you can also create common projects for scanning, you can refer to here .
After the modification is completed, save, and you can start scanning.
3. Start scanning
Just click Build Now on the project page, and the scan will start. Then log in to the SonarQube service, and you will be able to see the results of the code quality check.
[External link image transfer failed. The source site may have an anti-hotlinking mechanism. It is recommended to save the image and upload it directly (img-sIKLC4IU-1572081094428)(http://www.howardliu.cn/images/code_quality/sonarqube_dashboard_project.png)]
4. Personal advice
- Code quality inspection is very necessary. Many bugs can be found before the code runs.
- Although smell code does not affect the operation, it may cause unnecessary effects on the reconstruction, reuse, and modification of the code in some cases
- Tools are just tools that can reduce inefficient labor, but they are definitely not a panacea
I hope I won’t be complained about later because I’m writing a bug. . .
Personal Homepage: http://www.howardliu.cn
Personal blog post: Code Quality Management: SonarQube + Jenkins Pipeline Configuration
CSDN homepage: http://blog.csdn.net/liuxinghao
CSDN blog post: Code quality management: SonarQube + Jenkins Pipeline configuration