Jenkins is an open source continuous integration tool, its characteristics: easy to install, easy to configure, extensible (their own plug-in development), and it has hundreds of mature plug-ins, this plug-in features can do anything possible.
Introduction to the
Jenkins
Jenkins is an open source continuous integration tool that is easy to install, easy to configure, extensible (develop your own plug-ins), and has hundreds of mature plug-ins that make it possible to do just about anything.
Sonarqube
SonarQube is an open source platform for code quality management. Through plug-in form, can support including Java, Objective-C, Swift, C#, C/C++, PL/SQL,JavaScript and more than 20 programming languages code quality management and detection.
SonarQueb measures code quality from the following seven dimensions:
1. Poor complexity distribution
Files, classes, methods, etc., will be difficult to change if they are too complex, making them difficult for developers to understand, and without automated unit testing, changes to any component in the program will likely result in the need for full regression testing
2. Repeat
Clearly the program contains a lot of copy-and-paste code is poor quality sonar can show where the source code is heavily duplicated
3. Lack of unit testing
Sonar can easily tally and display unit test coverage and test result statistics
4. No code standards
Sonar can pass oclint, PMD, CheckStyle, Findbugs detection tools and so on code rules standardize the code
5. Not enough or too many comments
Without comments, code becomes less readable, especially when staff changes inevitably occur, and too many comments cause developers to spend too much time reading comments, which defeats the purpose
Potential bugs
Sonar can pass oclint, PMD, CheckStyle, Findbugs and so on code rule detection tools to detect potential bugs
7. Spaghetti Design
Sonar can find loops, show packages and packages, classes and classes of interdependence between the detection of custom architecture rules through Sonar can manage third-party JAR packages can use LCOM4 to detect the application of single task rules detection coupling
The installation
jenkins
1.brew install jenkins
2. Install Java 1.8 as prompted
3. Brew Services Jenkins start or Jenkins — httpPort=9002
4. Install related plug-ins
Folders Plugin Build timeout plugin Workspace Cleanup Plugin Ant Plugin Gradle Plugin Pipeline Github Organization Folders Plugin Pipeline Stage View Plugin Git Plugin Subversion Plug-in SSH Slaves plugin LDAP Plugin Email Extension Plugin Gitlab Plugin
Matters needing attention
Gitlab Plugin 1.5.3 has problems and needs to be downgraded to 1.5.1
Remove makeup 1.5.3 and install by uploading gitlab-plugin.hpi file of 1.5.1
Jenkins uses port 8080 by default, it will fail to configure Web hook with Gitlab CI on the default port, it is suggested to try another port:
Jenkins – httpPort = 9002
Sonarqube
download
From under the downloads.sonarsource.com/sonarqube/…
Configuring environment Variables
Configure the SONAR_HOME environment variable as /opt/sonarqube in the previous step
The mysql database
Sonarqube needs to save the scan results to a database, so you need to create database tables. Sonarqube support
SQL Server, Mysql, Oracle, and PostgreSQL. Mysql is used as an example.
If mysql has not been installed, use Homebrew to install it. After the installation is complete, create the corresponding account and number
According to the library:
CREATE USER ‘sonar’@’%’ IDENTIFIED BY ‘sonar’; GRANT all privileges ON sonar.* TO ‘sonar’@’%’ IDENTIFIED BY ‘sonar’; flush privileges; create database sonar;
With the above instructions we created a sonar user and a database named SONAR at the same time.
Modify/opt/sonarqube/conf/sonar. The properties file, set the related attributes as follows:
Sonar. Web. Host = 0.0.0.0 sonar. Web. Port = 9000 sonar. JDBC. Username = sonar sonar. The JDBC. Password = sonar sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar? useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false #sonar. Web. context=/your_prefix // Not required, configured if uniform prefix is needed when accessing sonarqube service
start sonarqube
/opt/sonarqube/bin/macosx-universal-64/sonar.sh start
download sonar scanner
Docs.sonarqube.org/display/SCA…
objective-c plugin
Making: github.com/Backelite/s…
Clone the vm to the main directory and run the./build-and-deploy.sh script
To compile the generated backelite sonar – objective – c – the plugin – 0.6.2. Copy the jar file to the/opt/sonarqube/extensions/plugins directory.
Finally, restart Sonarqube
Prerequisites
1.Installation of xcpretty with JUnit reports fix
Xcpretty needs fixed version installed to work with Sonarqube.
Git clone github.com/Backelite/x…
cd xcpretty
git checkout fix/duration_of_failed_tests_workaround
gem build xcpretty.gemspec
Sudo gem install –both xcpretty 0.2.2.gem
2.install xctool
brew install xctool
3.install oclint
brew tap oclint/formulae
brew install oclint
4.install gcovr
brew install gcovr
5.install slather
gem install slather
No implicit conversion of nil into string
sudo gem update –system
If prompted: No write permissions
sudo gem install /usr/local/bin slather
6.install lizard
sudo pip install lizard
If there is no installation PIP, download < https://bootstrap.pypa.io/get-pip.py >
chmod +x get-pip.py
sudo python get-pip.py
Demonstrate an example of sample code engineering
Configuration of code engineering
sonar-project.properties
Download the sonar- Objective-C Github project sample file above, copy it to the sample code project directory, modify it according to the corresponding Settings
run-sonar.sh
Copy this file to the code project directory
Jenkins configuration
Configure the GitLab connection under Manage Jenkins -> System Settings -> GitLab
Set the Gitlab URL at the Gitlab Host URL, then click Add at Creadential.
Create a Gitlab API token and fill the API token with the Gitlab token:
Create a project
Build a free-style software project, go to source Control, select Git, and do the following configuration:
Enter the URL of the corresponding project in the Repository URL. Note that the URL must be the SSH URL because the subsequent project check is accessed through SSH:
Then fill in the Branch Specifier to focus on.
Then click Add on the Credentials to configure the SSH key:
Select SSH Username with private key, Enter gitlab Username in Username, and then Enter directly for private key. Copy the contents of ~/. SSH /id_rsa directly. Note that the public key corresponding to the private key (id_rsa.pub) must be configured on gitlab; otherwise, it will fail. Click Add after the configuration is complete.
Then select the credential you created in the Credentials file. If the configuration is successful, no error message will be displayed; otherwise, error messages will be displayed.
Other configurations can be configured based on actual conditions. After the configuration is complete, click Save to complete the creation.
Configuration SonarQube servers
Go to manage Jenkins -> Global Configuration page, find SonarQube Servers, configure SonarQube server information:
The Server Authentication token can be generated in the security department of SonarQube website under personal account management:
Add the SonarScanner build step
Click the example project name that appears in Jenkins — > Configure — > Build (Add Build step),
Add a Execute Shell build step:
The Command content is:
.user directory /.bashrc # Load the required environment variables./ run-sonar-sonar. sh -v # Generate data and pass it to SonarQube Server
Build the project and display the generated data
Report generation process analysis
Bugs, Velnerabilities, Code Smells
In Objective-C, oclint statically scans project code to generate relevant data.
Unit testing
Run the virtual machine for unit tests using the Xcodebuild command, and then generate a report from the output data.
coverage
Generate data reports using the Slather tool.
Function to discuss
Currently, for Objective-C language, only 1 Bug and 186 Code Smells are supported by the objective-C plug-in mentioned above, which is not enough to support bugs and vulnerabilities.
Since SonarQube is not completely open source, there are commercial plugins for Objective-C, so if you want to support bugs and vulnerabilities well, you have to customize the rules and provide SonarQube support.
So we looked at how to customize rules and get SonarQube support by doing the following:
1. Modify the Oclint source code and add custom rules
2. Modify the source code of the Sonar -objectivec plug-in and add custom rules
3. Build code engineering, test custom rules, and generate display data
Oclint adds custom rules
Download the oclint source code at github.com/oclint/ocli…
Go to the code home directory and generate a custom rule template file using the scaffolding script:
oclint-scripts/scaffoldRule TestRule -t ASTVisitor
Edit the generated testrule. CPP file to implement custom rule logic.
Finally compile the whole project: l test code directory/test
cd oclint-scripts ./make
Test the test code with the generated Oclint program:
/build/oclint-release/bin/ oclint-report-type PMD -o test.xm Test file
The sonar-objectivec plug-in supports custom rules
The SonarQube server program takes advantage of the plug-in recognition rules and writes them to the database, so the plug-in code also needs to be changed.
Download the plugin source at github.com/Backelite/s…
The following three files need to be modified:
1.src/main/resources/com/sonar/sqale/oclint-model.xml
2.src/main/resources/org/sonar/plugins/oclint/profile-oclint.xml
3.src/main/resources/org/sonar/plugins/oclint/rules.txt
Then compile the plug-in:
./build-and-deploy.sh
Finally, copy the generated. Jar plug-in to the Extensions /plugins directory of the SonarQube server and restart the SonarQube service.
reference
- Github.com/Backelite/s…
- Mp.weixin.qq.com/s/xi7pZmMMV…
- www.jianshu.com/p/74bee59fe…
- Blog.csdn.net/hdwhappy/ar…
- Blog.csdn.net/hdwhappy/ar…
The original link
To read more articles, please scan the following QR code: