Linux安装jenkins支持sonar+gitlab进行代码扫描

一、安装、配置Jenkins

sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
yum install java-11-openjdk-devel  #如果有装jdk8以上可跳过
yum install jenkins

# 修改配置
vim /etc/sysconfig/jenkins
# 修改内容如下:
JENKINS_USER="root"
JENKINS_PORT="10240"
# 保存并退出

vim /usr/lib/firewalld/services/jenkins.xml
# 将文件中的端口由8080改为10240,保存并退出

vim /usr/lib/systemd/system/jenkins.service
修改端口为10240: Environment="JENKINS_PORT=10240",保存并退出

# 添加JDK
which java  # 复制java目录,如/usr/local/java/jdk-11.0.2/bin/java
vim /etc/rc.d/init.d/jenkins
# 将JDK地址添加到“ candidates”参数的第一行,保存并退出,执行命令重新加载配置:
systemctl daemon-reload
# 给java目录设置软连接到/usr/bin/java
ln -s /usr/local/java/jdk-11.0.2/bin/java /usr/bin/java

# 启动服务(确保Jenkins是以root用户运行,不然后面可能存在文件权限问题)
service jenkins start



输入ip加上端口10240,访问Jenkins页面:

cat /var/lib/jenkins/secrets/initialAdminPassword
如果出现“This Jenkins instance appears to be offline.”,参考:https://juejin.cn/post/6844904120005066759,或者跳过自动安装插件的步骤

点击安装一些推荐的插件:

创建一个管理员账户、密码

二、下载安装sonarqube 和 sonar scanner

https://www.cnblogs.com/yanlin-10/p/16359279.html

三、在Jenkins下载sonar scanner插件




重启Jenkins服务:

service jenkins restart

四、配置sonar与Jenkins连接

1、登录sonarqube,生成token:


2、登录Jenkins配置sonarqube的token




3、在Jenkins中配置sonar scanner


五、在jenkins中新建pipeline项目配置gitlab








六、登录gitlab配置项目



如果直接在Jenkinsfile文件中定义拉取源代码步骤,则需要先通过credentialsId参数配置 Jenkins 中配置好的秘钥 ID



七、在项目代码根目录添加名为Jenkinsfile和sonar-project.properties的文件

Jenkinsfile文件内容:

import hudson.model.*;

println env.JOB_NAME
println env.BUILD_NUMBER
println env.JENKINS_HOME
pipeline {
    agent any
    stages {
        stage("Clone sources") {
            steps {
                git([url: "http://192.168.1.1/gitlab-instance-f310cc0d/deploy_platform_test.git", branch: "master", credentialsId: "gitlab-82.71"])
            }
        }
        stage("SonarQube analysis") {
            // 配置代码扫描
            steps {
                script{
                    def sonarScanner = tool name: "sonar-scanner-4.7.0.2747-linux"
                    withSonarQubeEnv("sonarqube") {
                        sh "${sonarScanner}/bin/sonar-scanner"
                    }
                }
            }
        }
        stage("Quality gate") {
            steps {
                waitForQualityGate abortPipeline: true
            }
        }
        stage("testing"){
            steps {
                sh """
                pip3 install -r  ./requirements.txt
                pytest
                """
            }
//             post{
//                 success{
//                     mail to: 'abc@qq.com',
//                     subject: "testing Success",
//                     body:"Congratulations! build success! --${env.JOB_NAME}--${env.BUILD_NUMBER}"
//                 }
//                 failure{
//                     mail to: 'abc@qq.com',
//                     subject: "testing failed",
//                     body:"Alarm! failed to build  --${env.JOB_NAME}--${env.BUILD_NUMBER}"
//                 }
//             }
        }
    }
}

sonar-project.properties文件内容:

sonar.projectKey=test
sonar.projectName=test
sonar.sourceEncoding=UTF-8

八、遇到的坑

1、在Jenkins中执行scanner报错:ERROR: Not authorized. Please check the properties sonar.login and sonar.password.

解决方法:将sonar-scanner.properties文件中的用户名密码认证方式改为token认证:

vim /usr/local/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties

2、Caused by: org.springframework.beans.factory.BeanCreationException


看起来像是没有创建文件的权限

解决:将Jenkins设置成以root账户运行

# 将 jenkins 账号加入到 root 组中:
gpasswd -a jenkins root
# 修改Jenkins相关文件夹用户权限为root:
chown -R root:root /var/lib/jenkins
chown -R root:root /var/cache/jenkins
chown -R root:root /var/log/jenkins

vim /usr/lib/systemd/system/jenkins.service

# 重启服务
service jenkins restart

# 查看jerkins是否root用户运行:
ps -ef | grep jenkins

ERROR: You're not authorized to run analysis. Please contact the project administrator.

出现这个问题的原因是在项目目录下的sonar-project.properties文件中配置了projectKey和projectName,但是在sonarqube服务器上没有同步新增项目


posted @ 2022-07-18 18:39  随风飘-挨刀刀  阅读(962)  评论(0编辑  收藏  举报
Top