使用gitlab ci运行声纳扫描仪 [英] Run sonarqube scanner with gitlab ci
问题描述
我正在尝试使用以下堆栈(仅是相关堆栈)为.NET应用程序构建一个CI环境:
I am trying to put together a CI environment for a .NET application using the following stack (just the relevant ones):
- Debian + mono
- Docker
- Gitlab CI
- Gitlab-multi-runner(作为docker容器)
- Sonarqube + Postgre
我已经使用docker-compose为sonarqube和postgre创建了容器,它们都在运行并且正在工作.可悲的是,我坚持对由gitlab运行程序执行的构建执行声纳分析,而我发现的所有示例都在使用Maven.我也尝试过使用声纳扫描仪,到目前为止还没有运气.
I've used docker-compose to create the container for sonarqube and postgre, both are running and working. I am sadly stuck with executing sonarqube analysis for my build executed by the gitlab runner and all examples I found were using Maven. I've tried to use sonar-scanner as well, no luck so far.
这是我的gitlab-ci.yml的内容:
Here are the contents of my gitlab-ci.yml:
image: mono:latest
cache:
paths:
- ./src/T_GitLabCi/packages/
stages:
- build
.shared: &restriction
only:
- master
tags:
- docker
build:
<<: *restriction
stage: build
script:
- nuget restore ./src/T_GitLabCi
- MONO_IOMAP=case xbuild /t:Build /p:Configuration="Release" /p:Platform="Any CPU" ./src/T_GitLabCi/T_GitLabCi.sln
- mono ./tools/NUnitConsoleRunner/nunit3-console.exe ./src/T_GitLabCi/T_GitLabCi.sln --work=./src/T_GitLabCi/test --config=Release
- << EXECUTE SONAR ANALYSIS >>
我肯定在这里错过了一些东西.有人可以给我指出正确的方向吗?
I am definitely missing something here. Could somebody point me the right direction?
推荐答案
我有用PHP编写的项目,但这没关系.这就是我所做的.
I have projects written in PHP but that shouldn't matter. Here's what I did.
- 我启用了托管在GitLab安装上的私有注册表
-
在此注册表中,我有一个根据此
Dockerfile
构建的声纳扫描器"图像(它基于Docker Hub上可用的图像之一):
- I enabled a private registry hosted on my GitLab installation
In this registry I have a "sonar-scanner" image built from this
Dockerfile
(it's based on one of the images available on Docker hub):
FROM java:alpine
ENV SONAR_SCANNER_VERSION 2.8
RUN apk add --no-cache wget && \
wget https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-${SONAR_SCANNER_VERSION}.zip && \
unzip sonar-scanner-${SONAR_SCANNER_VERSION} && \
cd /usr/bin && ln -s /sonar-scanner-${SONAR_SCANNER_VERSION}/bin/sonar-scanner sonar-scanner && \
apk del wget
COPY files/sonar-scanner-run.sh /usr/bin
这是files/sonar-scanner-run.sh
文件:
#!/bin/sh
URL="<YOUR SONARQUBE URL>"
USER="<SONARQUBE USER THAT CAN ACCESS THE PROJECTS>"
PASSWORD="<USER PASSWORD>"
if [ -z "$SONAR_PROJECT_KEY" ]; then
echo "Undefined \"projectKey\"" && exit 1
else
COMMAND="sonar-scanner -Dsonar.host.url=\"$URL\" -Dsonar.login=\"$USER\" -Dsonar.password=\"$PASSWORD\" -Dsonar.projectKey=\"$SONAR_PROJECT_KEY\""
if [ ! -z "$SONAR_PROJECT_VERSION" ]; then
COMMAND="$COMMAND -Dsonar.projectVersion=\"$SONAR_PROJECT_VERSION\""
fi
if [ ! -z "$SONAR_PROJECT_NAME" ]; then
COMMAND="$COMMAND -Dsonar.projectName=\"$SONAR_PROJECT_NAME\""
fi
if [ ! -z $CI_BUILD_REF ]; then
COMMAND="$COMMAND -Dsonar.gitlab.commit_sha=\"$CI_BUILD_REF\""
fi
if [ ! -z $CI_BUILD_REF_NAME ]; then
COMMAND="$COMMAND -Dsonar.gitlab.ref_name=\"$CI_BUILD_REF_NAME\""
fi
if [ ! -z $SONAR_BRANCH ]; then
COMMAND="$COMMAND -Dsonar.branch=\"$SONAR_BRANCH\""
fi
if [ ! -z $SONAR_ANALYSIS_MODE ]; then
COMMAND="$COMMAND -Dsonar.analysis.mode=\"$SONAR_ANALYSIS_MODE\""
if [ $SONAR_ANALYSIS_MODE="preview" ]; then
COMMAND="$COMMAND -Dsonar.issuesReport.console.enable=true"
fi
fi
eval $COMMAND
fi
-
现在在
.gitlab-ci.yml
的项目中,我有类似的内容:
Now in my project in
.gitlab-ci.yml
I have something like this:
SonarQube:
image: <PATH TO YOUR IMAGE ON YOUR REGISTRY>
variables:
SONAR_PROJECT_KEY: "<YOUR PROJECT KEY>"
SONAR_PROJECT_NAME: "$CI_PROJECT_NAME"
SONAR_PROJECT_VERSION: "$CI_BUILD_ID"
script:
- /usr/bin/sonar-scanner-run.sh
这还不是全部.上面的.gitlab-ci.yml
示例得到了简化,因为我对master和其他分支(例如when: manual
)使用了不同的构建,并且我使用此插件在GitLab中获得了反馈:
That't pretty much all. The above example of .gitlab-ci.yml
is simplified since I'm using diffrent builds for master and other branches (like when: manual
) and I use this plugin to get feedback in GitLab: https://gitlab.talanlabs.com/gabriel-allaigre/sonar-gitlab-plugin
随时询问您是否有任何疑问.我花了一些时间将所有内容整理成自己想要的方式:)实际上,我还在对其进行微调.
Feel free to ask if you have any questions. It took me some time to put this all together the way I want it :) Actually I'm still finetuning it.
这篇关于使用gitlab ci运行声纳扫描仪的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!