SonarQube is an open source code quality management platform for static code analysis, code quality measurement and vulnerability detection. It provides many functions, including static code analysis, code coverage, complexity analysis, vulnerability detection, etc. SonarQube can be integrated into many popular programming languages and integrated development environments to help developers create high-quality software projects. The installation of SonarQube and dependent environment software has been written in the first article of this series. Here we only introduce how to configure and use Jenkins+SonarQube for code quality inspection.
1. Log in to http://ip:19000. The default username and password are: admin/admin. You will be prompted to change the password when logging in for the first time. Just set a custom password.
2. Configuration > Application Market, install the Chinese plug-in, select Chinese Pack LOCALIZATION (Simplified Chinese) here, the one below is Traditional Chinese.
- If an error occurs during installation, it is usually because the installed plug-in is incompatible with the current SonarQube version. At this time, you need to download the corresponding version of SonarQube plug-in from the plug-in official website and put it in our directory /data/docker/ci/sonarqube/extensions/downloads. Then go to Configuration > System > Restart the server to make the plug-in take effect.
3. Install the Java quality check plug-in, search for java in the application market, and then install Checkstyle, Findbugs, and PMD in the list.
4. Configuration > SCM, turn off Disable the SCM Sensor
5. Configuration > Permissions > Users, create a new user, click Token on the user list page, and execute the generated token, which is used to configure the interaction between Jenkins and SonarQube. Set the expiration time according to your own needs, or not expire.
6. Switch to the Jenkins configuration interface, configure the generated token to Jenkins, System Management > Credentials > Global > Add Credentials, select Secret text, fill in the token generated above in Secret, and then click Create. After saving the token, you can use SonarQube Servers add this token for use.
7. Return to the SonarQube interface, configure > Project > Management > Create Project, fill in the information and create it.
8. After the project is successfully created, click the project name in the project list to enter the project configuration interface. Select Use Jenkins > Select DevOps Platform (select GitLab, select according to the actual situation of the project).
9. Follow the prompts to view the configuration steps in Jenkins.
- Click to configure analysis
- Create a pipeline job
- Create a GitLab webhook
- Create a Jenkinsfile, select Maven, and the Maven configuration for this project will appear below. Copy this configuration information and configure it into the Jenkins task later.
10. Switch to the Jenkins configuration interface and create a new pipeline task.
11. SonarQube only provides the pipeline script for SonarQube inspection. We directly put the downloading of GitLab code and so on into the pipeline task, which is relatively simple.
- As in the previous task, select "Discard old builds" and set the maximum number of builds to keep to 5
- Go directly to "Pipeline" and select Pipeline script.
The pipeline script is as follows:
node {
def mvnHome
stage('Preparation') { // for display purposes
// Get some code from a GitHub repository
echo "checkout from GitLab"
checkout scmGit(branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[credentialsId: 'git_username', url: 'http://127.0.0.1:9091/test/test.git']])
// Get the Maven tool.
// ** NOTE: This 'M3' Maven tool must be configured
// ** in the global configuration.
mvnHome = tool 'maven_j'
}
stage('SonarQube Analysis') {
echo "sonar test code"
withEnv(["MVN_HOME=$mvnHome"]) {
withSonarQubeEnv() {
sh "'$MVN_HOME/bin/mvn' clean verify sonar:sonar -Dsonar.projectKey=sonarTest -Dsonar.projectName='Sonar质量检查'"
}
}
}
stage('Build') {
echo "build test code"
// Run the maven build
withEnv(["MVN_HOME=$mvnHome"]) {
if (isUnix()) {
sh '"$MVN_HOME/bin/mvn" -Dmaven.test.failure.ignore clean package'
} else {
bat(/"%MVN_HOME%\bin\mvn" -Dmaven.test.failure.ignore clean package/)
}
}
}
stage('Results') {
echo "end sonar testcode"
//junit '**/target/surefire-reports/TEST-*.xml'
// archiveArtifacts 'target/*.jar'
}
}
12. Click Build Now on the left side of the task
- Build now
- Pipeline tasks can display stage views on the right
- View the build log: After clicking Build Now, a progress bar will appear below. Click the progress bar to enter the build log interface.
13. After the build is successful, a successful build prompt will be given below. At this time, the SonarQube server can see the inspection results of our project.
14. View code quality inspection results on the SonarQube page
