SonarQube 使用 gitlab 自动运行 [英] SonarQube autorun with gitlab
问题描述
我用 SonarQube 创建了自己的服务器,我想将它与我的 gitlab 连接.每次我提交我的提交时,sonarqube 扫描仪都会运行并在代码中创建结果 + 注释.
I created my own server with SonarQube, and i want to connect it with my gitlab. Every time i will puch my commits sonarqube scanner will run and create results + comments in code.
我已经下载了这个插件:https://gitlab.talanlabs.com/gabriel-allaigre/sonar-gitlab-插件
I've downloaded this plugin: https://gitlab.talanlabs.com/gabriel-allaigre/sonar-gitlab-plugin
根据Gitlab 与 SonarQube 的集成这些只是 2 个插件
According to Gitlab integration with SonarQube these are only 2 plugins
我在我的 SonarQube 服务器上安装了这个插件.在插件选项中,将 gitlab API 密钥和 url 添加到我的存储库中,就像在文档中一样.
I instlled this plugin on my SonarQube Server. In plugin options added gitlab API key and url to my respository exacly as it is in documentation.
好的,它已经完成了......但是现在呢?我必须在 gitlab 中更改的是,当我推送提交时,gitlab 会知道好的,我必须用这个 sonarqube 服务器分析这段代码"
Ok so it's done... but what now? What I must change in gitlab that when I push commits gitlab will know that "ok, I have to analyse this code with this sonarqube server"
我对这个(sonarqube 和 gitlab)完全陌生,3 天前我对 SonarQube 一无所知,我不知道我可以在 gitlab 中启动一个跑步者.
I'm totally new to this (sonarqube and gitlab), 3 days ago i didn't know nothing about SonarQube, and i didn't know that i can start a runner in gitlab.
插件文档中有一些示例,但我不理解它们,我的意思是我不知道在 gitlab 上的示例"部分中将这段代码放在哪里才能使其正常工作.
There are some examples in plugin documentation but i don't understand them i mean I dont know where to put this code from section "Examples" on gitlab to make this work correctly.
卡在原地.我不是在谈论这个 .gitlab-ci.yml 因为我发现它适用于 java 项目,没关系,但我想分析 python 和其他......但是如何;/?
Stucked in place. I'm not talking about this .gitlab-ci.yml becouse i've fount that it is for java projects, and it's ok but i want to analyse python and others... but how ;/?
请帮忙
推荐答案
首先,所需的设置由您已经拥有的多个组件组成.
First, the required setup consists of multiple components of which you have some already.
- SonarQube 服务器 + Gitlab 插件位于
https://sonarqube.example.com - Gitlab 项目(foo/bar)
- 一个
SONAR_TOKEN变量,在您的项目设置 CI/CD 秘密变量中设置了 SonarQube 用户令牌(将在每个 CI 作业中注入) - Gitlab CI 配置(
.gitlab-ci.yml) - 项目根目录中的声纳项目配置文件 (
sonar-project.properties) 声纳扫描仪已安装 在您的 CI 运行器上(或查看注释)
- SonarQube server + Gitlab plugin(s) at
https://sonarqube.example.com - Gitlab project (foo/bar)
- A
SONAR_TOKENvariable with a SonarQube user token set in your Project Settings CI/CD secret variables (to be injected in every CI job) - Gitlab CI configuration (
.gitlab-ci.yml) - Sonar project configuration file in your projects root (
sonar-project.properties) - The
sonar-scannerinstalled on your CI runner (or see notes)
sonar-project.properties
根据您的需要修改或提供所有设置作为 -D 选项(参见工作)
sonar-project.properties
Modify to your needs or provide all settings as -D options (see jobs)
# Required metadata
sonar.projectKey=nl.example.foo.bar
sonar.projectName=FoorBar app
# Comma-separated paths to directories with sources (required)
sonar.sources=src/app
# Language
sonar.language=js
# Encoding of sources files
sonar.sourceEncoding=UTF-8
# Exclude
sonar.exclusions=src/app/core/**/*
.gitlab-ci.yml 工作
CI 设置包含 2 个并行运行的作业(在我的例子中),一个作业负责预览并负责在您的提交中进行评论,但实际上并不向 SonarQube 服务器发送数据.第二个作业执行相同的扫描,但发布到 SonarQube 服务器并检查所有质量门(通过/失败).
.gitlab-ci.yml jobs
The CI setup consists of 2 jobs that run in parallel (in my case), one job does the previewing and is responsible for commenting in your commits but doesn't actually sends data to SonarQube server. The 2nd job does the same scanning but posts to SonarQube server and checks all quality gates (pass/fail).
#######################################
# Check the project code quality with Sonar, make sure your Gitlab project has a secret variable (project -> settings -> CI/CD) defined called SONAR_TOKEN
#######################################
codequality_preview:
stage: qa
script:
- sonar-scanner -Dsonar.host.url=https://sonarqube.example.com -Dsonar.analysis.mode=preview -Dsonar.login=$SONARQUBE_TOKEN -Dsonar.gitlab.commit_sha=$CI_BUILD_REF -Dsonar.gitlab.ref_name=$CI_BUILD_REF_NAME -Dsonar.projectVersion=$CI_BUILD_ID -Dsonar.branch=$CI_BUILD_REF_NAME -Dsonar.gitlab.project_id=$CI_PROJECT_URL
#######################################
# Check the project code quality with Sonar, make sure your Gitlab project has a secret variable (project -> settings -> CI/CD) defined called SONAR_TOKEN
#######################################
codequality:
stage: qa
script:
- sonar-scanner -Dsonar.host.url=https://sonarqube.example.com -Dsonar.login=$SONARQUBE_TOKEN -Dsonar.projectVersion=$CI_BUILD_ID -Dsonar.branch=$CI_BUILD_REF_NAME
注意事项
- 除了在跑步者中安装声纳扫描仪之外,您还可以使用例如一个 Docker 容器提供声纳扫描仪.
- 如果您不想要
sonar-project.properties文件,您可以像其他-D变量一样通过命令行提供设置. - Instead of installing a sonar-scanner in your runner you can also use e.g. a Docker container that provides a sonar-scanner.
- If you don't want a
sonar-project.propertiesfile you can provide the settings through the commandline like the other-Dvariables.
Notes
这篇关于SonarQube 使用 gitlab 自动运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
