搭建sonarqube分析golang代码
准备postgres
为什么不使用Mysql呢,因为从7.9就不支持了
docker启动postgres
docker run -d \
--name sonar-postgres \
-e POSTGRES_PASSWORD=postgres \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-v /custom/mount:/var/lib/postgresql/data \
postgres
安装客户端psql,通过yum安装postgresql-server会附带安装psql。也可以安装pgAdmin。
yum install postgresql-server
连接到服务器
psql -h localhost -U postgres -W
创建数据库
postgres=# CREATE DATABASE sonarqube WITH OWNER=postgres ENCODING='UTF8' CONNECTION LIMIT=-1;
CREATE DATABASE
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+------------+------------+-----------------------
postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 |
sonarqube | postgres | UTF8 | en_US.utf8 | en_US.utf8 |
template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
docker启动sonarqube
先创建几个volume用于存储数据
docker volume create sonarqube_data
docker volume create sonarqube_extensions
docker volume create sonarqube_logs
sysctl -w vm.max_map_count=262144
sysctl -w fs.file-max=65536
ulimit -n 65536
ulimit -u 4096
如果不设置可能会出现错误:vm.max_map_count 65530 is too low
2020.07.09 10:33:43 INFO es[][o.e.n.Node] initialized
2020.07.09 10:33:43 INFO es[][o.e.n.Node] starting ...
2020.07.09 10:33:44 INFO es[][o.e.t.TransportService] publish_address {127.0.0.1:9001}, bound_addresses {127.0.0.1:9001}
2020.07.09 10:33:44 INFO es[][o.e.b.BootstrapChecks] explicitly enforcing bootstrap checks
ERROR: [1] bootstrap checks failed
[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
2020.07.09 10:33:44 INFO es[][o.e.n.Node] stopping ...
2020.07.09 10:33:44 INFO es[][o.e.n.Node] stopped
2020.07.09 10:33:44 INFO es[][o.e.n.Node] closing ...
2020.07.09 10:33:44 INFO es[][o.e.n.Node] closed
启动sonarqube
docker run -d --name sonarqube \
-p 9000:9000 \
--link sonar-postgres \
-e SONAR_JDBC_URL=jdbc:postgresql://sonar-postgres/sonarqube \
-e SONAR_JDBC_USERNAME=postgres \
-e SONAR_JDBC_PASSWORD=postgres \
-v sonarqube_data:/opt/sonarqube/data \
-v sonarqube_extensions:/opt/sonarqube/extensions \
-v sonarqube_logs:/opt/sonarqube/logs \
sonarqube:8.3.1-community
本来是要使用8.4的,但是是因为有个BUG就放弃了。该BUG会在8.4.1修改。
创建项目
访问服务地址http://localhost:9000/,然后登录界面,用户名admin,密码admin登录。
安装中文包
创建项目
创建令牌
使用golangci-lint分析代码
golangci-lint聚合了很多工具,下面只是作为演示,具体请查看官网。
在项目根目录下新建文件.golangci.yml
。具体示例可查看https://github.com/golangci/golangci-lint/blob/master/.golangci.example.yml
# example link : https://github.com/golangci/golangci-lint/blob/master/.golangci.example.yml
run:
timeout: 1m
skip-dirs-use-default: true
linters-settings:
dupl:
# tokens count to trigger issue, 150 by default
threshold: 100
linters:
enable:
- dupl
- golint
使用docker镜像生成xml格式的分析文件,出处请见
$ mkdir sonar
$ docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.27.0 golangci-lint run -v --out-format checkstyle > sonar/golangcilint.xml
level=info msg="[config_reader] Config search paths: [./ /app /]"
level=info msg="[config_reader] Used config file .golangci.yml"
level=info msg="[lintersdb] Active 12 linters: [deadcode dupl errcheck golint gosimple govet ineffassign staticcheck structcheck typecheck unused varcheck]"
............
level=info msg="[runner] linters took 6.693839801s with stages: goanalysis_metalinter: 6.412033368s, unused: 267.37634ms"
level=info msg="File cache stats: 9 entries of total size 25.5KiB"
level=info msg="Memory: 145 samples, avg is 153.5MB, max is 339.1MB"
level=info msg="Execution took 14.475792265s"
sonar客户端扫描
在项目根目录新建一个名为sonar-project.properties
的文件
# must be unique in a given SonarQube instance
sonar.projectKey=test
sonar.projectName=test
sonar.host.url=http://localhost:9000
sonar.sources=.
sonar.exclusions=**/*_test.go,**/vendor/**
sonar.tests=.
sonar.test.inclusions=**/*_test.go
sonar.test.exclusions=**/vendor/**
sonar.sourceEncoding=UTF-8
sonar.go.golangci-lint.reportPaths=sonar/golangcilint.xml
docker执行扫描客户端
$ docker run --rm -v $(pwd):/usr/src sonarsource/sonar-scanner-cli
......
INFO: Analysis total time: 4.980 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 8.382s
INFO: Final Memory: 13M/50M
INFO: ------------------------------------------------------------------------
查看分析结果
访问 http://localhost:9000 查看test项目,就可以看到有问题的代码了。