1. SonarQube installation
Docker installation reference documentation: www.cnblogs.com/shenh/p/134…
Sonar to upgrade the official document: docs.sonarqube.org/latest/setu…
Sonar support gitlab request official documentation: docs.sonarqube.org/latest/anal…
SonarQube community edition does not support multiple branches, so you need to install the sonarqube-community-branch-plugin to support multiple branches. After installing the plugin directly with the official image, SonarQube detected that the third-party plugin would exit the startup (for unknown reasons, which were not solved), so it used the SonarQube image provided by the plugin author directly.
- SonarQube image: SonarQube :8.2-community (this image failed to start when installing the sonarqube-community-branch-plugin, so it was not used at last)
- SonarQube + sonarqube-community-branch-plugin plugin: Mc1arke /sonarqube-with-community-branch-plugin:8.5-community
- PostgreSQL mirror: postgres:12
Sonarqube – community – branch – the plugin information:
- Sonarqube-community-branch-plugin github
Github.com/mc1arke/son…
- Sonarqube – community – branch – the plugin docker mirror address: hub.docker.com/r/mc1arke/s…
- Sonarqube-community-branch-plugin plugin for sonarqube-community-branch-plugin plugin
Github.com/mc1arke/son…
SonarQube versions 7.9 and higher no longer support mysql, so postgresQL is used
Lead to
To access PostgresSQL directly from sonarqube Containers using service names (Postgres), containers in the bridge network cannot resolve the host of each other’s containers by default. This problem can be easily solved by creating a new Docker network.
Create a network
docker network create sonarqube-tier
Copy the codeInstall postgresql
# mkdir -p /data/docker-volume/postgres/postgresql
# mkdir -p /data/docker-volume/postgres/data
# docker run --name postgres -d -p 5432:5432 --net sonarqube-tier \
-v /data/docker-volume/postgres/postgresql:/var/lib/postgresql \
-v /data/docker-volume/postgres/data:/var/lib/postgresql/data \
-v /etc/localtime:/etc/localtime:ro \
-e POSTGRES_USER=sonar \
-e POSTGRES_PASSWORD=sonar \
-e POSTGRES_DB=sonar \
-e TZ=Asia/Shanghai \
--restart always \
--privileged=true \
--network-alias postgres \
postgres:12
Copy the code- **-p 5432:5432: ** Maps container 5432 to host port 5432
- – v/data/docker – volume/postgres/postgresql: / var/lib/postgresql: The container under/var/lib/postgresql mounted to the host machine/data/docker – volume/postgres/postgresql
- – v/etc/localtime: / etc/localtime: ro: set the containers at the same time with the host machine
- –e POSTGRES_USER=sonar: Set database user name
- -e POSTGRES_PASSWORD= SONAR: Sets the database password
- -e POSTGRES_DB= SONAR: Creating a DB file
- -e TZ=Asia/Shanghai: Sets the time zone
- –restart always: the container always restarts when exiting
- — Privileged =true: Mounting host directory Docker access Permission denied
- — Net Sonarqube-tier: a container connects to a customized network
- –network-alias postgres: Give the container a network alias
Check whether the startup is successful and whether the database is created successfully.
> docker exec -it postgres psql -U sonar # Enter Postgres with user sonar
> \l List all databases
> \q # exit
Copy the codeInstall SonarQube
- Pull the mirror
Docker pull Mc1arke/sonarqube - with - community - branch - the plugin: 8.5 - communityCopy the code- Creating a working directory
mkdir -p /data/sonarqube
Copy the code- Modifying System Parameters
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -p
Copy the code- Run a test container
Docker run -d --name sonartest Mc1arke /sonarqube-with-community-branch-plugin:8.5-community docker run -d --name sonartest Mc1arke /sonarqube-with-community-branch-plugin:8.5-communityCopy the codeCopy important files from the container to the host
docker cp sonartest:/opt/sonarqube/conf /data/sonarqube
docker cp sonartest:/opt/sonarqube/data /data/sonarqube
docker cp sonartest:/opt/sonarqube/logs /data/sonarqube
docker cp sonartest:/opt/sonarqube/extensions /data/sonarqube
Copy the codeThen delete the container
docker stop sonartest
docker rm sonartest
Copy the codeModifying folder permissions
chmod -R 777 /data/sonarqube/
Copy the code5. Create a container and run it
docker run -d --name sonar -p 9000:9000 \ -e ALLOW_EMPTY_PASSWORD=yes \ -e SONARQUBE_DATABASE_USER=sonar \ -e SONARQUBE_DATABASE_NAME=sonar \ -e SONARQUBE_DATABASE_PASSWORD=sonar \ -e SONARQUBE_JDBC_URL="jdbc:postgresql://postgres:5432/sonar" \ --net sonarqube-tier \ --privileged=true \ --restart always \ -v /data/sonarqube/logs:/opt/sonarqube/logs \ -v /data/sonarqube/conf:/opt/sonarqube/conf \ -v /data/sonarqube/data:/opt/sonarqube/data \ -v /data/sonarqube/extensions:/opt/sonarqube/extensions\ Mc1arke/sonarqube - with - community - branch - the plugin: 8.5 - communityCopy the codeIf this method can not connect to the database postgres problem, can refer to the following method
Find the file sonarqube/conf/, modify it as follows and save
Find the following configuration and uncomment it. Username, password sonar =sonar. Jdbc.password =sonar # Configure url #----- PostgreSQL 9.3 or greater # By default the schema named "public" is used. It can be overridden with the parameter "currentSchema". sonar.jdbc.url=jdbc:postgresql://postgres:5432/sonarCopy the codeUse the docker command to create the container
docker run -d --name sonar -p 9000:9000 \ --net sonarqube-tier \ --privileged=true \ --restart always \ -v /data/sonarqube/logs:/opt/sonarqube/logs \ -v /data/sonarqube/conf:/opt/sonarqube/conf \ -v /data/sonarqube/data:/opt/sonarqube/data \ -v /data/sonarqube/extensions:/opt/sonarqube/extensions\ Mc1arke/sonarqube - with - community - branch - the plugin: 8.5 - communityCopy the codevalidation
The browser type http://ip:9000 to initialize the database, which takes a long time, about a few minutes. After the initialization, the login page is displayed. The account is admin and the password is admin
2. Configuration SonarQube
2.1 Installing SonarQube Chinese plug-in
If the download fails, you can manually download the Chinese language package from github.com/SonarQubeCo… . Find your own version of the corresponding Chinese package. Put the jar package in/data/sonarqube/extensions/plugins, restart sonarqube.
docker restart sonar
2.2 Configuring SonarQube to Log in using the Gitlab account (Gitlab OAuth)
SonarQube official documentation: docs.sonarqube.org/latest/anal…
- Create the Application in GitLab
Admin Area -> Applications -> New Application Name: Redirect URI: callback address HTTP://SONAR_ADDRES + / oauth2 / callback/gitlab; If the version is different, there may be differences, please refer to the official documents. Scopes: Enable only delegate authentication check read_user, and check API if group synchronization is required.Copy the code
-
Redirect URI: callback address. HTTP://SONAR_ADDRES + / oauth2 / callback/gitlab; If the version is different, there may be differences, please refer to the official documents.
-
Scopes: Enable only delegate authentication check read_user, and check API if group synchronization is required.
Save the Application ID and Secret after committing
- Configuration Sonarqube
Sonar service address:
Configuration -> Common Configuration -> Common Server Base URL: The public access address of Sonarqube.Copy the code
Sonar Gitlab Oauth is re-configured
Configuration -> General Configuration -> ALM Integrations -> Gitlab Enabled: Enabled. GitLab URL: GitLab URL. Application ID: The Application ID created in Gitlab Applications. Secret: Application Secret created in Gitlab Applications. Other options are selected as required.Copy the code
After confirming, log out of the account and click login, you will see login using GitLab.
3. GitLab is associated with SonarQube to realize code scanning
3.1 Installing sonar Scanner
Sonar scanner download address: docs.sonarqube.org/latest/anal…
- If the Gitlab Runner executor is a shell, install it on the runner’s server
- If gitLab Runner behaves like a Docker, install it based on maven images
- Installation (Linux) :
>Wget HTTP: / / https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.2.0.1873-linux.zipSonar Scanner
>Unzip sonar - scanner - cli - 4.2.0.1873 - Linux. Zip
>Mv sonar - scanner - cli - 4.2.0.1873 - Linux/user /local
Copy the code- Modified /etc/profile to add the following configuration
Export SONAR_HOME = / usr/local/sonar - scanner - 4.6.2.2472 - Linux export PATH = $PATH: $SONAR_HOME/binCopy the codeThen let the configuration take effect
source /etc/profile
Copy the code- Generate sonar tonken
Top right account -> My Account -> Security -> Generate tokenCopy the code
To avoid permission issues, use the administrator account to produce tokens remember that tokens are displayed only once.
- Configure sonar scanner: /usr/local/sonar-scanner-4.6.2.2472-linux/conf/sonar-scanner
# sonar server service address sonar. Host. Url = http://172.16.10.52:9000/ # step on the sonar tonken sonar.login=10c0839a8286ab71fdda56f19c9a0bd79e336074Copy the code3.2 Configuring gitlab Pipeline
variables:
# sonner scanner Installation directory
SCANNER_HOME : "/ usr/local/sonar - scanner - 4.6.2.2472 - Linux." "
# Scan code path
SCAN_DIR : "src"
# Product catalog
ARTIFACT_PATH : 'target/*.jar'
# Maven repository address
MAVEN_REPO: /data/.m2/repository
stages:
- compile
Compile:
stage: compile
tags:
- test
# Interruptible The running job can be cancelled when a new pipe is started on the same branch.
interruptible: true
If the current phase fails, the next phase will continue
allow_failure: false
Run the script
script:
- java -version
- mvn -version
# maven build
- mvn -Dmaven.repo.local=$MAVEN_REPO clean -U package -Dfile.encoding=UTF-8 -DskipTests=true
# Code scan
- "$SCANNER_HOME/bin/sonar-scanner -Dsonar.projectKey=${CI_PROJECT_NAME} \ -Dsonar.projectName=${CI_PROJECT_NAME} \ -Dsonar.projectVersion=${CI_COMMIT_REF_NAME} \ -Dsonar.ws.timeout=30 \ -Dsonar.projectDescription=${CI_PROJECT_TITLE} \ -Dsonar.links.homepage=${CI_PROJECT_URL} \ -Dsonar.sources=${SCAN_DIR} \ -Dsonar.sourceEncoding=UTF-8 \ -Dsonar.java.binaries=target/classes \ -Dsonar.java.test.binaries=target/test-classes \ -Dsonar.java.surefire.report=target/surefire-reports \ -Dsonar.branch.name=${CI_COMMIT_REF_NAME}"
- ls -lh target/
# Maven builds, so there will be Jar package artifacts, where the expiration time of the artifacts is defined
artifacts:
name: $PROJECT
expire_in: 1 days
paths:
- target/*.jar
Copy the code3.3 Viewing scan Results
Wait for pipeline execution to complete
View code scan results
Problem solving
4.1 Java projects have multiple Module scans
Reference: www.jianshu.com/p/1a4b8bdf1…
Scanner Scan configuration modification Supports multiple Modules:
"$SCANNER_HOME/bin/sonar-scanner -Dsonar.projectKey=${CI_PROJECT_NAME} \ -Dsonar.projectName=${CI_PROJECT_NAME} \ -Dsonar.projectVersion=${CI_COMMIT_REF_NAME} \ -Dsonar.ws.timeout=30 \ -Dsonar.projectDescription=${CI_PROJECT_TITLE} \ -Dsonar.links.homepage=${CI_PROJECT_URL} \ -Dsonar.sources=src/main/java \ -Dsonar.language=java \ -Dsonar.sourceEncoding=UTF-8 \ -Dsonar.java.binaries=target/classes \ -Dsonar.java.test.binaries=target/test-classes \ -Dsonar.java.surefire.report=target/surefire-reports \ -Dsonar.branch.name=${CI_COMMIT_REF_NAME} \ -Dsonar.modules=beta_service-dao,beta_service-manager-api,beta_service-manager,beta_service-service-api,beta_service-ser vice,beta_service-share,beta_service-web,start \ -Dbeta_service-dao.sonar.projectName=beta_service-dao \ -Dbeta_service-manager-api.sonar.projectName=beta_service-manager-api \ -Dbeta_service-manager.sonar.projectName=beta_service-manager \ -Dbeta_service-service-api.sonar.projectName=beta_service-service-api \ -Dbeta_service-service.sonar.projectName=beta_service-service \ -Dbeta_service-web.sonar.projectName=beta_service-web \ -Dstart.sonar.projectName=start"Copy the codeModify points:
