带有gitlab的SonarQube自动运行 [英] SonarQube autorun with gitlab

问题描述

我用SonarQube创建了自己的服务器，我想将其与gitlab连接起来.每次我提交我的提交时，声纳扫描仪将运行并在代码中创建结果和注释.

I created my own server with SonarQube, and i want to connect it with my gitlab. Every time i will puch my commits sonarqube scanner will run and create results + comments in code.

我已经下载了此插件: https://gitlab.talanlabs.com/gabriel-allaigre/sonar-gitlab-插件

I've downloaded this plugin: https://gitlab.talanlabs.com/gabriel-allaigre/sonar-gitlab-plugin

根据 Gitlab与SonarQube的集成 这些只是2个插件

According to Gitlab integration with SonarQube these are only 2 plugins

我在SonarQube服务器上安装了此插件.在插件选项中，像在文档中一样，将gitlab API密钥和url精确地添加到了我的存储库中.

I instlled this plugin on my SonarQube Server. In plugin options added gitlab API key and url to my respository exacly as it is in documentation.

好了，就完成了...但是现在呢?我在gitlab中必须更改的内容是，当我推送提交时，gitlab会知道好，我必须使用此声纳服务器来分析此代码"

Ok so it's done... but what now? What I must change in gitlab that when I push commits gitlab will know that "ok, I have to analyse this code with this sonarqube server"

我对此完全陌生(sonarqube和gitlab)，三天前，我对SonarQube一无所知，也不知道我可以在gitlab中开始跑步.

I'm totally new to this (sonarqube and gitlab), 3 days ago i didn't know nothing about SonarQube, and i didn't know that i can start a runner in gitlab.

插件文档中有一些示例，但我不理解它们，我的意思是我不知道将gitlab上示例"部分中的代码放在何处才能使此代码正常工作.

There are some examples in plugin documentation but i don't understand them i mean I dont know where to put this code from section "Examples" on gitlab to make this work correctly.

卡在适当的位置.我不是在谈论这个.gitlab-ci.yml，因为我已经发现它适用于Java项目，还可以，但是我想分析python等...但是如何;/?

Stucked in place. I'm not talking about this .gitlab-ci.yml becouse i've fount that it is for java projects, and it's ok but i want to analyse python and others... but how ;/?

请帮助

推荐答案

首先，所需的设置包含多个组件，而这些组件已经具有一些组件.

First, the required setup consists of multiple components of which you have some already.

1. 位于https://sonarqube.example.com
的SonarQube服务器+ Gitlab插件
2. Gitlab项目(foo/bar)
3. 在项目设置CI/CD秘密变量中设置了SonarQube用户令牌的SONAR_TOKEN变量(将注入到每个CI作业中)
4. Gitlab CI配置(.gitlab-ci.yml)
5. 项目根目录(sonar-project.properties)中的声纳项目配置文件
6. 在CI运行器上安装了的sonar-scanner 或查看注释)

1. SonarQube server + Gitlab plugin(s) at https://sonarqube.example.com
2. Gitlab project (foo/bar)
3. A SONAR_TOKEN variable with a SonarQube user token set in your Project Settings CI/CD secret variables (to be injected in every CI job)
4. Gitlab CI configuration (.gitlab-ci.yml)
5. Sonar project configuration file in your projects root (sonar-project.properties)
6. The sonar-scanner installed on your CI runner (or see notes)

sonar-project.properties

根据需要进行修改或将所有设置提供为-D选项(请参阅作业)

sonar-project.properties

Modify to your needs or provide all settings as -D options (see jobs)

# Required metadata
sonar.projectKey=nl.example.foo.bar
sonar.projectName=FoorBar app

# Comma-separated paths to directories with sources (required)
sonar.sources=src/app

# Language
sonar.language=js

# Encoding of sources files
sonar.sourceEncoding=UTF-8

# Exclude
sonar.exclusions=src/app/core/**/*

.gitlab-ci.yml职位

CI设置包括2个并行运行的作业(在我的情况下)，一个作业进行预览，并负责在您的提交中进行注释，但实际上并未将数据发送到SonarQube服务器.第二个作业执行相同的扫描，但发布到SonarQube服务器并检查所有质量门(通过/失败).

.gitlab-ci.yml jobs

The CI setup consists of 2 jobs that run in parallel (in my case), one job does the previewing and is responsible for commenting in your commits but doesn't actually sends data to SonarQube server. The 2nd job does the same scanning but posts to SonarQube server and checks all quality gates (pass/fail).

#######################################
# Check the project code quality with Sonar, make sure your Gitlab project has a secret variable (project -> settings -> CI/CD) defined called SONAR_TOKEN
#######################################
codequality_preview:
  stage: qa
  script:
    - sonar-scanner -Dsonar.host.url=https://sonarqube.example.com -Dsonar.analysis.mode=preview -Dsonar.login=$SONARQUBE_TOKEN -Dsonar.gitlab.commit_sha=$CI_BUILD_REF -Dsonar.gitlab.ref_name=$CI_BUILD_REF_NAME -Dsonar.projectVersion=$CI_BUILD_ID -Dsonar.branch=$CI_BUILD_REF_NAME -Dsonar.gitlab.project_id=$CI_PROJECT_URL

#######################################
# Check the project code quality with Sonar, make sure your Gitlab project has a secret variable (project -> settings -> CI/CD) defined called SONAR_TOKEN
#######################################
codequality:
  stage: qa
  script:
    - sonar-scanner -Dsonar.host.url=https://sonarqube.example.com -Dsonar.login=$SONARQUBE_TOKEN -Dsonar.projectVersion=$CI_BUILD_ID -Dsonar.branch=$CI_BUILD_REF_NAME

注释

• 除了在跑步机中安装声纳扫描仪外，您还可以使用例如一个 Docker容器提供声纳扫描仪.
• 如果您不想使用sonar-project.properties文件，则可以像其他-D变量一样通过命令行提供设置.

Notes

• Instead of installing a sonar-scanner in your runner you can also use e.g. a Docker container that provides a sonar-scanner.
• If you don't want a sonar-project.properties file you can provide the settings through the commandline like the other -D variables.

这篇关于带有gitlab的SonarQube自动运行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！