从Jenkins中的pom文件自动派生强制性SonarQube属性 [英] Automatically derive mandatory SonarQube properties from pom file in Jenkins
问题描述
情况:
我想用由詹金斯(1.642.4)触发的SonarQube(5.4)分析我的项目.这是一个使用maven构建的Java项目.
I want to analyze my project with SonarQube (5.4) triggered by Jenkins (1.642.4). It is a java project build with maven.
我看到两种触发分析的方法:
I see two ways to trigger the analysis:
- 发布构建操作使用maven进行SonarQube分析",但已已弃用,因此我不想使用它
- 建议在构建后执行步骤执行SonarQube扫描仪".
- Post Build Action "SonarQube analysis with maven" but it's deprecated, so I don't want to use it
- Post Build Step "Execute SonarQube Scanner", is the recommended way.
问题:
如果我使用了不赞成使用的Post Build Action,那么声纳项目配置的属性会自动从项目pom派生.
If I use the deprecated Post Build Action, the properties for sonar project configuration are derived automatically from the project pom.
我使用推荐的后期构建步骤,但收到异常
It I use the recommended Post Build Step, I receive the Exception
您必须为未知"定义以下必填属性:sonar.projectKey,sonar.projectName,sonar.projectVersion,sonar.sources
You must define the following mandatory properties for 'Unknown': sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources
不需要的解决方案:
解决方案是通过java项目中的sonar-project.properties文件或Jenkins步骤中的参数提供所需的属性.
The solution is to provide the required properties, via sonar-project.properties file in the java project or via parameters in Jenkins step.
恕我直言:这是重复的.所有相关信息都在Maven pom中定义:projectKey可以从artifactId派生,projectName和projectVerstion是maven中的相同属性.特别是projectVersion至关重要.我不想在每个发行版之后更新项目版本(或在发行插件中编写一些代码以自动更新它).
IMHO: this is duplication. All relevant information is defined in the Maven pom: projectKey can be derived from artifactId, projectName and projectVerstion are same properties in maven. Especially the projectVersion is critical. I don't want to update the project version after each release (or write some code in release plugin to update it automatically).
我想要的
我想在Jenkins中使用推荐的Post Build Step,而无需为我的所有项目重新定义所有项目属性,以使声纳开心.相反,声纳/詹金斯/插件/无论应该从我的Maven Pom文件中获取属性.我可以使用其他插件吗?我可以重新配置我的Jenkins-Sonar-Plugin吗?
I want to use the recommended Post Build Step in Jenkins, without redefine all project properties for all my project to make sonar happy. Instead sonar/jenkins/plugin/whatever should derive the properties from my maven pom file. Is there an additional plugin I can use? Can I reconfigure my Jenkins-Sonar-Plugin?
我不想在pom/项目中提供任何声纳特定的信息,因为该项目不应该关心声纳.它应该只包含构建项目所需的信息.
I don't want to provide any sonar specific information in my pom/project, because the project shouldn't care about sonar. It should contain only information required to build the project.
推荐答案
The documentation (although slightly confusing, see edit below) explains how to use a generic post-build step (leveraging environment variables), instead of the deprecated post-build action. in short:
- 在Jenkins中安装最新的SonarQube插件(截至目前为v2.4)
- 在SonarQube服务器下的系统配置"中:检查
Enable injection of SonarQube server configuration as build environment variables
- 在您的Maven项目的配置中:
- 检查
Prepare SonarQube Scanner environment
- 添加构建后步骤
Invoke top-level Maven targets
,并利用Goals
字段中注入的环境变量,例如:
- install latest SonarQube Plugin (v2.4 as of now) in Jenkins
- in System Config under SonarQube servers: check
Enable injection of SonarQube server configuration as build environment variables
- in the configuration of your Maven project:
- check
Prepare SonarQube Scanner environment
- add a post-build step
Invoke top-level Maven targets
and leverage the injected environment variables in theGoals
field e.g.:
$ SONAR_MAVEN_GOAL -Dsonar.host.url = $ SONAR_HOST_URL -Dsonar.login = $ SONAR_AUTH_TOKEN
$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_AUTH_TOKEN
- check
编辑:文档说
The Post-build Action for Maven analysis is deprecated.
,它指的是旧的构建后的操作,该文档已不再记录.该警告之后的段落(在该答案中进行了总结)确实是推荐的步骤.如果仍然不清楚,请在此处图示.Edit: when the documentation says
The Post-build Action for Maven analysis is deprecated.
, it refers to the old post-build action which is not documented anymore. The paragraph after that warning (summarized in this answer) really is the recommended procedure. Illustration here if it's still not clear.这篇关于从Jenkins中的pom文件自动派生强制性SonarQube属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- 检查