Linux安装jenkins支持sonar+gitlab进行代码扫描
目录
一、安装、配置Jenkins
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
yum install java-11-openjdk-devel #如果有装jdk8以上可跳过
yum install jenkins
# 修改配置
vim /etc/sysconfig/jenkins
# 修改内容如下:
JENKINS_USER="root"
JENKINS_PORT="10240"
# 保存并退出
vim /usr/lib/firewalld/services/jenkins.xml
# 将文件中的端口由8080改为10240,保存并退出
vim /usr/lib/systemd/system/jenkins.service
修改端口为10240: Environment="JENKINS_PORT=10240",保存并退出
# 添加JDK
which java # 复制java目录,如/usr/local/java/jdk-11.0.2/bin/java
vim /etc/rc.d/init.d/jenkins
# 将JDK地址添加到“ candidates”参数的第一行,保存并退出,执行命令重新加载配置:
systemctl daemon-reload
# 给java目录设置软连接到/usr/bin/java
ln -s /usr/local/java/jdk-11.0.2/bin/java /usr/bin/java
# 启动服务(确保Jenkins是以root用户运行,不然后面可能存在文件权限问题)
service jenkins start
输入ip加上端口10240,访问Jenkins页面:
cat /var/lib/jenkins/secrets/initialAdminPassword
如果出现“This Jenkins instance appears to be offline.”,参考:https://juejin.cn/post/6844904120005066759,或者跳过自动安装插件的步骤
点击安装一些推荐的插件:
创建一个管理员账户、密码
二、下载安装sonarqube 和 sonar scanner
https://www.cnblogs.com/yanlin-10/p/16359279.html
三、在Jenkins下载sonar scanner插件
重启Jenkins服务:
service jenkins restart
四、配置sonar与Jenkins连接
1、登录sonarqube,生成token:
2、登录Jenkins配置sonarqube的token
3、在Jenkins中配置sonar scanner
五、在jenkins中新建pipeline项目配置gitlab
六、登录gitlab配置项目
如果直接在Jenkinsfile文件中定义拉取源代码步骤,则需要先通过credentialsId参数配置 Jenkins 中配置好的秘钥 ID
七、在项目代码根目录添加名为Jenkinsfile和sonar-project.properties的文件
Jenkinsfile文件内容:
import hudson.model.*;
println env.JOB_NAME
println env.BUILD_NUMBER
println env.JENKINS_HOME
pipeline {
agent any
stages {
stage("Clone sources") {
steps {
git([url: "http://192.168.1.1/gitlab-instance-f310cc0d/deploy_platform_test.git", branch: "master", credentialsId: "gitlab-82.71"])
}
}
stage("SonarQube analysis") {
// 配置代码扫描
steps {
script{
def sonarScanner = tool name: "sonar-scanner-4.7.0.2747-linux"
withSonarQubeEnv("sonarqube") {
sh "${sonarScanner}/bin/sonar-scanner"
}
}
}
}
stage("Quality gate") {
steps {
waitForQualityGate abortPipeline: true
}
}
stage("testing"){
steps {
sh """
pip3 install -r ./requirements.txt
pytest
"""
}
// post{
// success{
// mail to: 'abc@qq.com',
// subject: "testing Success",
// body:"Congratulations! build success! --${env.JOB_NAME}--${env.BUILD_NUMBER}"
// }
// failure{
// mail to: 'abc@qq.com',
// subject: "testing failed",
// body:"Alarm! failed to build --${env.JOB_NAME}--${env.BUILD_NUMBER}"
// }
// }
}
}
}
sonar-project.properties文件内容:
sonar.projectKey=test
sonar.projectName=test
sonar.sourceEncoding=UTF-8
八、遇到的坑
1、在Jenkins中执行scanner报错:ERROR: Not authorized. Please check the properties sonar.login and sonar.password.
解决方法:将sonar-scanner.properties文件中的用户名密码认证方式改为token认证:
vim /usr/local/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
2、Caused by: org.springframework.beans.factory.BeanCreationException
看起来像是没有创建文件的权限
解决:将Jenkins设置成以root账户运行
# 将 jenkins 账号加入到 root 组中:
gpasswd -a jenkins root
# 修改Jenkins相关文件夹用户权限为root:
chown -R root:root /var/lib/jenkins
chown -R root:root /var/cache/jenkins
chown -R root:root /var/log/jenkins
vim /usr/lib/systemd/system/jenkins.service
# 重启服务
service jenkins restart
# 查看jerkins是否root用户运行:
ps -ef | grep jenkins
ERROR: You're not authorized to run analysis. Please contact the project administrator.
出现这个问题的原因是在项目目录下的sonar-project.properties文件中配置了projectKey和projectName,但是在sonarqube服务器上没有同步新增项目
