Through SonarQube build code quality management platform (a) introduction, if every time you need to manually execute Sonar-scanner, think is also drunk, so we need to further improve SonarQube for automated code analysis.
From the pointssection of the official documentation, Scanner supports MSBuild, Maven, Gradle, Ant, Jenkins, and more. This article will introduce the use of Jenkins for automated code analysis. The code of the test project is developed based on.NET, so MSBuild commands will be used.
Install Jenkins
Download Jenkins according to the operating system. I’m using Windows, so I can go straight to the next step.
In The Windows environment, the default login id of Jenkins after installation is “local system”, which will be inaccessible. Therefore, the login id needs to be modified. I use the account mode here
After the startup is successful, visit http://localhost:8080/
Jenkins configuration making
-
Create Personal Access Tokens on Github
-
Jenkins configures GitHub Server
After Jenkins is installed, GitHub is included by default. Find GitHub in System Settings and add global Credentials in the Credentials section. Set the type to Secret Text. Enter the access token generated in the previous step in Secret
Click Test Connection to Test after adding
If Gitlab is used, you need to install the Gitlab plug-in in Jenkins, add the Gitlab API token to the global credentials, and the token uses the Private token under the Gitlab Account. Other configurations are basically similar
Jenkins configuration SonarQube
-
Generate a Server Authentication token in SonarQube
After logging in to SonarQube, toekN is generated in My Account => Securiy
Re-enter this page before the generated token will not see, can only see once, I ha ha -
Install SonarQube Scanner in Jenkins’ Admin plugin
-
The SonarQube Server Server configuration is similar to that of GitHub Server configuration. Go to “System Management” => “System Settings” to find SonarQube Servers Name: Server URL: the SonarQube service address to start. I use the default address http://localhost:9000 for local startup. Server Authentication Token: Enter the previously generated token.
-
Configure SonarScanner for MSBuild
SonarScanner for MSBuild (SonarScanner for MSBuild) SonarScanner for MSBuild (SonarScanner for MSBuild) Then choose which to use based on the actual project. There are two ways to configure MSBUILD_SQ_SCANNER_HOME. You can choose to install MSBUILD_SQ_SCANNER_HOME automatically or manually
Jenkins Task Configuration
Here are some global configurations for Jenkins. Here are some individual tasks to configure. Create a new “Build a Free-style software project” type task “Test”
Configure the repository address for the project for which the code analysis is to be performed, and add Credentials to the Credentials section. In this case, add a credential of the username and password type (any other type can be used to access the repository). After the credential is added, it will automatically check whether it is valid or not. If it is invalid, an error message will appear directly
Add build steps to Build:
-
SonarScanner for MSBuild – Begin Analysis
SonarScanner for MSBuild: Choose based on the.NET Framework because the Test project is based on the.NET Framework; Project key: The Project key in SoanrQube; Project name: the Project name displayed in SoanrQube. If this parameter is left blank, the Project key will be displayed. Project version: indicates the version number. Additional arguments can be set to check only one language (/d:sonar. Language =cs)
-
Run the Windows batch command
Restore the dependent Nuget packages through nuget Restore (install them if you don’t have nuget installed), then rebuild the project using the MSBuild batch command. Install the MSBuild on the machine where Jenkins is installed. Then add the MSBuild to the environment variable. My machine added two paths:
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin C:\Program Files (x86)\NuGet Copy the code
-
SonarScanner for MSBuild – End Analysis
After the configuration is complete, save the configuration and click “Build now” to Test the effect. After the build is successful, we will see the analysis results of the Test project through SonarQube UI
This enables you to associate Jenkins with SonarQube, send the results to SonarQube when the code is built, and set the build execution time in the Jenkins task as needed, such as once every day at 9am
SonarQube has Webhook function. When receiving a submission, we can send the analysis result to the set Webhook address, so that we can timely notify the relevant person in charge of the analysis result with problems through messages (such as SMS, email, wechat, etc.)
Refer to the link
- SonarQube
- SonarQube-Github