Linux安裝jenkins支持sonar+gitlab進行代碼掃描
目錄
一、安裝、配置Jenkins
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
yum install java-11-openjdk-devel #如果有裝jdk8以上可跳過
yum install jenkins
# 修改配置
vim /etc/sysconfig/jenkins
# 修改內(nèi)容如下:
JENKINS_USER="root"
JENKINS_PORT="10240"
# 保存并退出
vim /usr/lib/firewalld/services/jenkins.xml
# 將文件中的端口由8080改為10240,保存并退出
vim /usr/lib/systemd/system/jenkins.service
修改端口為10240: Environment="JENKINS_PORT=10240",保存并退出
# 添加JDK
which java # 復制java目錄,如/usr/local/java/jdk-11.0.2/bin/java
vim /etc/rc.d/init.d/jenkins
# 將JDK地址添加到“ candidates”參數(shù)的第一行,保存并退出,執(zhí)行命令重新加載配置:
systemctl daemon-reload
# 給java目錄設(shè)置軟連接到/usr/bin/java
ln -s /usr/local/java/jdk-11.0.2/bin/java /usr/bin/java
# 啟動服務(確保Jenkins是以root用戶運行,不然后面可能存在文件權(quán)限問題)
service jenkins start
輸入ip加上端口10240,訪問Jenkins頁面:
cat /var/lib/jenkins/secrets/initialAdminPassword
如果出現(xiàn)“This Jenkins instance appears to be offline.”,參考:https://juejin.cn/post/6844904120005066759,或者跳過自動安裝插件的步驟
點擊安裝一些推薦的插件:
創(chuàng)建一個管理員賬戶、密碼
二、下載安裝sonarqube 和 sonar scanner
http://www.rzrgm.cn/yanlin-10/p/16359279.html
三、在Jenkins下載sonar scanner插件
重啟Jenkins服務:
service jenkins restart
四、配置sonar與Jenkins連接
1、登錄sonarqube,生成token:
2、登錄Jenkins配置sonarqube的token
3、在Jenkins中配置sonar scanner
五、在jenkins中新建pipeline項目配置gitlab
六、登錄gitlab配置項目
如果直接在Jenkinsfile文件中定義拉取源代碼步驟,則需要先通過credentialsId參數(shù)配置 Jenkins 中配置好的秘鑰 ID
七、在項目代碼根目錄添加名為Jenkinsfile和sonar-project.properties的文件
Jenkinsfile文件內(nèi)容:
import hudson.model.*;
println env.JOB_NAME
println env.BUILD_NUMBER
println env.JENKINS_HOME
pipeline {
agent any
stages {
stage("Clone sources") {
steps {
git([url: "http://192.168.1.1/gitlab-instance-f310cc0d/deploy_platform_test.git", branch: "master", credentialsId: "gitlab-82.71"])
}
}
stage("SonarQube analysis") {
// 配置代碼掃描
steps {
script{
def sonarScanner = tool name: "sonar-scanner-4.7.0.2747-linux"
withSonarQubeEnv("sonarqube") {
sh "${sonarScanner}/bin/sonar-scanner"
}
}
}
}
stage("Quality gate") {
steps {
waitForQualityGate abortPipeline: true
}
}
stage("testing"){
steps {
sh """
pip3 install -r ./requirements.txt
pytest
"""
}
// post{
// success{
// mail to: 'abc@qq.com',
// subject: "testing Success",
// body:"Congratulations! build success! --${env.JOB_NAME}--${env.BUILD_NUMBER}"
// }
// failure{
// mail to: 'abc@qq.com',
// subject: "testing failed",
// body:"Alarm! failed to build --${env.JOB_NAME}--${env.BUILD_NUMBER}"
// }
// }
}
}
}
sonar-project.properties文件內(nèi)容:
sonar.projectKey=test
sonar.projectName=test
sonar.sourceEncoding=UTF-8
八、遇到的坑
1、在Jenkins中執(zhí)行scanner報錯:ERROR: Not authorized. Please check the properties sonar.login and sonar.password.
解決方法:將sonar-scanner.properties文件中的用戶名密碼認證方式改為token認證:
vim /usr/local/sonar-scanner-4.7.0.2747-linux/conf/sonar-scanner.properties
2、Caused by: org.springframework.beans.factory.BeanCreationException
看起來像是沒有創(chuàng)建文件的權(quán)限
解決:將Jenkins設(shè)置成以root賬戶運行
# 將 jenkins 賬號加入到 root 組中:
gpasswd -a jenkins root
# 修改Jenkins相關(guān)文件夾用戶權(quán)限為root:
chown -R root:root /var/lib/jenkins
chown -R root:root /var/cache/jenkins
chown -R root:root /var/log/jenkins
vim /usr/lib/systemd/system/jenkins.service
# 重啟服務
service jenkins restart
# 查看jerkins是否root用戶運行:
ps -ef | grep jenkins
ERROR: You're not authorized to run analysis. Please contact the project administrator.
出現(xiàn)這個問題的原因是在項目目錄下的sonar-project.properties文件中配置了projectKey和projectName,但是在sonarqube服務器上沒有同步新增項目
浙公網(wǎng)安備 33010602011771號