SonarQube autorun with gitlab

后端 未结 1 1705
面向向阳花
面向向阳花 2021-02-06 12:22

I created my own server with SonarQube, and i want to connect it with my gitlab. Every time i will puch my commits sonarqube scanner will run and create results + comments in co

相关标签:
1条回答
  • 2021-02-06 12:50

    First, the required setup consists of multiple components of which you have some already.

    1. SonarQube server + Gitlab plugin(s) at https://sonarqube.example.com
    2. Gitlab project (foo/bar)
    3. A SONAR_TOKEN variable with a SonarQube user token set in your Project Settings CI/CD secret variables (to be injected in every CI job)
    4. Gitlab CI configuration (.gitlab-ci.yml)
    5. Sonar project configuration file in your projects root (sonar-project.properties)
    6. The sonar-scanner installed on your CI runner (or see notes)

    sonar-project.properties

    Modify to your needs or provide all settings as -D options (see jobs)

    # Required metadata
    sonar.projectKey=nl.example.foo.bar
    sonar.projectName=FoorBar app
    
    # Comma-separated paths to directories with sources (required)
    sonar.sources=src/app
    
    # Language
    sonar.language=js
    
    # Encoding of sources files
    sonar.sourceEncoding=UTF-8
    
    # Exclude
    sonar.exclusions=src/app/core/**/*
    

    .gitlab-ci.yml jobs

    The CI setup consists of 2 jobs that run in parallel (in my case), one job does the previewing and is responsible for commenting in your commits but doesn't actually sends data to SonarQube server. The 2nd job does the same scanning but posts to SonarQube server and checks all quality gates (pass/fail).

    #######################################
    # Check the project code quality with Sonar, make sure your Gitlab project has a secret variable (project -> settings -> CI/CD) defined called SONAR_TOKEN
    #######################################
    codequality_preview:
      stage: qa
      script:
        - sonar-scanner -Dsonar.host.url=https://sonarqube.example.com -Dsonar.analysis.mode=preview -Dsonar.login=$SONARQUBE_TOKEN -Dsonar.gitlab.commit_sha=$CI_BUILD_REF -Dsonar.gitlab.ref_name=$CI_BUILD_REF_NAME -Dsonar.projectVersion=$CI_BUILD_ID -Dsonar.branch=$CI_BUILD_REF_NAME -Dsonar.gitlab.project_id=$CI_PROJECT_URL
    
    #######################################
    # Check the project code quality with Sonar, make sure your Gitlab project has a secret variable (project -> settings -> CI/CD) defined called SONAR_TOKEN
    #######################################
    codequality:
      stage: qa
      script:
        - sonar-scanner -Dsonar.host.url=https://sonarqube.example.com -Dsonar.login=$SONARQUBE_TOKEN -Dsonar.projectVersion=$CI_BUILD_ID -Dsonar.branch=$CI_BUILD_REF_NAME
    

    Notes

    • Instead of installing a sonar-scanner in your runner you can also use e.g. a Docker container that provides a sonar-scanner.
    • If you don't want a sonar-project.properties file you can provide the settings through the commandline like the other -D variables.
    0 讨论(0)
提交回复
热议问题