DevOps-jenkins-SonarQube-2

SonarQube 项目管理

规则使用

创建配置

激活规则

修改质量配置

质量阈设置

设定所有代码异味大于1的质量阈,再次提交代码后出发jenkins构建,查看sonarqube,提示错误

质量阈错误-通知管理员并终止流水线

参考文档: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-jenkins/
这边使用使用的是获取sonar api 状态


Jenkins创建一个sonar登入账户密码的凭证

创建获取sonar状态的 jenkins共享库 Jenkinslib/jenkinslib/src/org/devops/sonarapi.groovy

package org.devops

//封装HTTP
def HttpReq(reqType,reqUrl,reqBody){
    def sonarServer = "http://****:9000/api"
    // httpRequest authentication: 'sonar-admin-user'  ---- jenkins 流水先生成 httpRequest: Perform an HTTP Request and return a response object
    result = httpRequest authentication: 'sonar-admin-user',
            httpMode: reqType, 
            contentType: "APPLICATION_JSON",
            consoleLogResponseBody: true,
            ignoreSslErrors: true, 
            requestBody: reqBody,
            url: "${sonarServer}/${reqUrl}"
            //quiet: true
    
    return result
}

//获取Sonar质量阈状态
def GetProjectStatus(projectName){
    apiUrl = "project_branches/list?project=${projectName}"
    response = HttpReq("GET",apiUrl,'')
    
    //对返回的值做json解析
        // {
	// "branches": [{
	// 	"name": "master",
	// 	"isMain": true,
	// 	"type": "BRANCH",
	// 	"status": {
	// 		"qualityGateStatus": "ERROR"
	// 	},
	// 	"analysisDate": "2022-07-27T16:12:17+0800",
	// 	"excludedFromPurge": true
	// }]
    // }
    response = readJSON text: """${response.content}"""
    result = response["branches"][0]["status"]["qualityGateStatus"]
    
    return result
}

修改Jenkinsfile 在 sonar扫描后进行流水线暂停并发送警告邮件

def sonarapi = new org.devops.sonarapi()
...
        stage("QA"){
            steps{
                script{
                    tools.PrintMes("代码扫描","green")
                    sonar.SonarScan("test","${JOB_NAME}","${JOB_NAME}","src")
                    tools.PrintMes("获取扫描结果","green")
                    result = sonarapi.GetProjectStatus("${JOB_NAME}")

                    println(result)
					//判断状态
                    if (result.toString() == "ERROR"){
                        toemail.Email("代码质量阈错误,请及时修改!!!",userEmail)
                        error " 代码质量阈错误,请及时修改!!!"
                    } else {
                        println(result)
                    }
                }
            }
        }

实践

遇到的问题

在复制流水先线运行时报错

因为runOpts没有默认值,所以在运行的Jenkinsfille 中添加参数就行

//新增
// runOpts没有默认值,复制流水线运行报错
def runOpts
...

    post {
        always{
            script{
                println("always")
            }
        }
        
        success{
            script{
                println("success")
                if ("${runOpts}" == "GitlabPush"){
                    gitlab.ChangeCommitStatus(projectId,commitSha,"success")
                }
                toemail.Email("流水线成功",userEmail)
            
            }
        
        }
        failure{
            script{
                println("failure")
                if ("${runOpts}" == "GitlabPush"){
                    gitlab.ChangeCommitStatus(projectId,commitSha,"failed")
                }
                toemail.Email("流水线失败了！",userEmail)
            }
        }
        
        aborted{
            script{
                println("aborted")
                if ("${runOpts}" == "GitlabPush"){
                    gitlab.ChangeCommitStatus(projectId,commitSha,"canceled")
                }
               toemail.Email("流水线被取消了！",userEmail)
            }
        }
    }

api接口文档

复制的流水线运行时存在的问题

1. 没有指定sonar 规则及质量阈
2. 配置质量阈之前需要先选定项目,所以需要提前创建项目

//需要用刀的sonar   api
//查找项目
api/projects/search?projects=${projectName}"
//创建项目
apl/projects/create?nene=${projectNane}&project=${projectName}"
//更新语言规则集
api/qualityprofiles/add_project?language-=${language}&qualityProfile=${qualityProfile&project=${projectName}"
//项目授权
api/permissions/apply_template?projectKey=${projectKey}&templateName=${templateName}"
//更新质量阈
api/qualitygates/select?projectKeys=${projectKey}&gateId=${gateId}"

查看 sonarqube 的api接口文档

实践1- Jenkins构建时在sonarqube中创建相应项目方便指定质量规则及质量阈

Jenkinslib/jenkinslib/src/org/devops/sonarapi.groovy

//创建sonar项目
def CreateProject(projectName){
    apiUrl = "projects/create?name=${projectName}&project=${projectName}"
    response = HttpReq("POST",apiUrl,'')
    println(response) 
}

Jenkinsfile

//先进行项目搜索,如果搜索失败(项目不存在)就创建项目
        stage("QA"){
            steps{
                script{
                    tools.PrintMes("搜索项目","green")
                    result = sonarapi.SearchProject("${JOB_NAME}")
                    println(result)
                    if (result == "flase"){
                        println("${JOB_NAME} --- 项目不存在,准备创建项目!")
                        sonarapi.CreateProject("${JOB_NAME}")
                    } else {
                        println("${JOB_NAME} --- 项目已存在")
                    }
...

实践2- 在代码扫描前配置质量规则(对应质量规则必须存在)

Jenkinslib/jenkinslib/src/org/devops/sonarapi.groovy

//配置项目质量规则
def ConfigQualityProfiles(projectName,lang,qpname){
    apiUrl = "qualityprofiles/add_project?language=${lang}&project=${projectName}&qualityProfile=${qpname}"
    response = HttpReq("POST",apiUrl,'')
    println(response)
}

Jenkinsfile

                    tools.PrintMes("配置项目质量规则","green")
                    qpName = "${JOB_NAME}".split("-")[0]
                    sonarapi.ConfigQualityProfiles("${JOB_NAME}","java",qpName)

实践3- 配置项目质量阈

Jenkinslib/jenkinslib/src/org/devops/sonarapi.groovy

//获取质量阈ID
def GetQualtyGateId(gateName){
    apiUrl= "qualitygates/show?name=${gateName}"
    response = HttpReq("GET",apiUrl,'')
    response = readJSON text: """${response.content}"""
    result = response["id"]
    return result
}

//配置项目质量阈
def ConfigQualityGates(projectName,gateName){
    gateId = GetQualtyGateId(gateName)
    apiUrl = "qualitygates/select?gateId=${gateId}&projectKey=${projectName}"
    response = HttpReq("POST",apiUrl,'')
    println(response)println(response)
}

Jenkinsfile

                    tools.PrintMes("配置质量阈","green")
                    sonarapi.ConfigQualityGates("${JOB_NAME}",qpName)

效果

扩展–SonarQube分支插件

插件地址:https://github.com/mc1arke/sonarqube-community-branch-plugin