前言

🔜什么是SonarQube?🔚

SonarQube是一个开源的代码质量管理平台,通过一系列的规则库对代码的扫描检查,提升代码的质量。

运行 SonarQube 服务器分析需要三个组件:SonarQube Server、存储数据库(本文中使用PostgreSQL)、 scanners扫描程序。

其中UI为SonarQube Server :负责提供Web界面、处理代码分析报告并将其保存在 存储数据库中的计算引擎(SonarQube Server 中还集成有Elasticsearch)。

存储数据库 :SonarQube Server的配置;代码扫描期间生成的代码质量和安全性指标和问题。

scanners扫描程序:用于分析项目,根据语言有所不同。

环境准备

(1)使用脚本安装docker、docker-compose

1
bash <(curl -sSL https://linuxmirrors.cn/docker.sh)

(2)配置镜像加速

1
2
3
4
5
6
7
8
9
10
11
12
13
vi /etc/docker/daemon.json

{
  "data-root": "/data/dockerData",
  "registry-mirrors": [
    "https://docker.mirrors.sjtug.sjtu.edu.cn",
    "https://docker.mirrors.ustc.edu.cn",
    "https://mirror.iscas.ac.cn",
    "https://docker.rainbond.cc",
    "https://docker.kubesre.xyz"],
    "log-driver":"json-file",
    "log-opts":{"max-size" :"50m","max-file":"3"}
}

(3)启动docker服务

1
2
3
systemctl start docker
systemctl enable docker
systemctl status docker

(4)设置进程可能具有的最大内存映射区域数 (vm.max_map_count) 大于或等于 524288,打开的文件描述符的最大数量 (fs.file-max) 大于或等于 131072。

1
2
3
echo "vm.max_map_count=524288
fs.file-max=131072" >> /etc/sysctl.conf
sysctl -p

(5)配置安全策略

1
2
3
firewall-cmd --add-port=9000/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all

部署sonarqube

(1)创建所需目录

1
2
3
mkdir -p /data/sonarqube/data /data/sonarqube/extensions /data/sonarqube/logs /data/sonarqube/temp
chmod -R 777 /data/sonarqube/
mkdir -p /data/sonarqube/sonarqube-sql /data/sonarqube/sonarqube-sql/data

(2)创建docker compose文件,编排创建sonarqube、数据库容器。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
vi sonarqube.yml
*****************************************************
services:
  sonarqube:
    image: sonarqube:community
    container_name: sonarqube
    restart: always
    volumes:
      - /data/sonarqube/data:/opt/sonarqube/data
      - /data/sonarqube/extensions:/opt/sonarqube/extensions
      - /data/sonarqube/logs:/opt/sonarqube/logs
      - /data/sonarqube/temp:/opt/sonarqube/temp
    environment:
      SONAR_JDBC_URL: jdbc:postgresql://sonarqube-sql:5432/postgres
      SONAR_JDBC_USERNAME: postgres
      SONAR_JDBC_PASSWORD: Qwer#1234
    ports:
      - "9000:9000"
    depends_on:
      sonarqube-sql:
        condition: service_healthy
    networks:
      net:
        ipv4_address: 172.20.112.11
  sonarqube-sql:
    image: postgres:15
    hostname: postgresql
    container_name: sonarqube-sql
    restart: always
    volumes:
      - /data/sonarqube/sonarqube-sql:/var/lib/postgresql
      - /data/sonarqube/sonarqube-sql/data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: postgres
      POSTGRES_DB: postgres
      POSTGRES_PASSWORD: Qwer#1234
      TZ: "Asia/Shanghai"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      net:
        ipv4_address: 172.20.112.12


networks:
 net:
  driver: bridge
  ipam:
   config:
    - subnet: 172.20.112.0/24
*****************************************************

(3)执行命令,创建容器

1
docker compose -f sonarqube.yml up -d

部署SonarScanner集成VUE

(1)在VUE项目的根目录下创建sonar-project.properties文件,并添加配置项

1
2
3
4
5
6
7
8
9
10
11
12
13
14
vi sonar-project.properties
*****************************************************
sonar.projectKey=sonarqube中创建的项目名称
sonar.projectName=VUE项目名
sonar.projectVersion=VUE项目版本
sonar.sources=.  #VUE项目源文件的目录
sonar.language=vue   #项目语言
sonar.sourceEncoding=UTF-8  #项目编码
sonar.host.url=http://192.168.32.12:9000/ #sonarqube服务器端的地址
sonar.token=sonarqube中创建项目的token
*****************************************************
#修改文件权限
chmod -R 777 sonar-project.properties

(2)创建SonarScanner容器扫描项目代码

1
2
3
docker run  --rm \
-v "/home/code/vue-test:/usr/src"  \
sonarsource/sonar-scanner-cli

根据项目代码的多少时间会有所不同,以下是扫描完成后的提示。

09:13:23.107 WARN This may lead to missing/broken features in SonarQube

09:13:23.324 INFO CPD Executor 61 files had no CPD blocks

09:13:23.325 INFO CPD Executor Calculating CPD for 325 files

09:13:23.634 INFO CPD Executor CPD calculation finished (done) | time=309ms

09:13:23.641 INFO SCM revision ID ‘4941a614714697243a5a8f7824fc921ff5f84345’

09:13:24.131 INFO Analysis report generated in 462ms, dir size=18.8 MB

09:13:25.560 INFO Analysis report compressed in 1429ms, zip size=8.3 MB

09:14:10.518 INFO Analysis report uploaded in 44955ms

09:14:10.519 INFO ANALYSIS SUCCESSFUL, you can find the results at: http://192.168.32.12:9000/dashboard?id=test4

09:14:10.519 INFO Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report

09:14:10.519 INFO More about the report processing at http://192.168.32.12:9000/api/ce/task?id=acfc4bc2-7b20-4166-bde6-93d970ac62b3

09:14:10.601 INFO Analysis total time: 3:49.166 s

09:14:10.602 INFO SonarScanner Engine completed successfully

09:14:10.636 INFO EXECUTION SUCCESS

09:14:10.637 INFO Total time: 17:51.245s

部署SonarScanner集成PHP

(1)在PHP项目的根目录下创建sonar-project.properties文件,并添加配置项

1
2
3
4
5
6
7
8
9
10
11
12
13
14
vi sonar-project.properties
*****************************************************
sonar.projectKey=sonarqube中创建的项目名称
sonar.projectName=PHP项目名
sonar.projectVersion=PHP项目版本
sonar.sources=.  #PHP项目源文件的目录
sonar.language=php   #项目语言
sonar.sourceEncoding=UTF-8  #项目编码
sonar.host.url=http://192.168.32.12:9000/ #sonarqube服务器端的地址
sonar.token=sonarqube中创建项目的token
*****************************************************
#修改文件权限
chmod -R 777 sonar-project.properties

(2)创建SonarScanner容器扫描项目代码

1
2
3
docker run  --rm \
-v "/home/code/php-test:/usr/src"  \
sonarsource/sonar-scanner-cli

根据项目代码的多少时间会有所不同,以下是扫描完成后的提示。

09:13:23.107 WARN This may lead to missing/broken features in SonarQube

09:13:23.324 INFO CPD Executor 61 files had no CPD blocks

09:13:23.325 INFO CPD Executor Calculating CPD for 325 files

09:13:23.634 INFO CPD Executor CPD calculation finished (done) | time=309ms

09:13:23.641 INFO SCM revision ID ‘4941a614714697243a5a8f7824fc921ff5f84345’

09:13:24.131 INFO Analysis report generated in 462ms, dir size=18.8 MB

09:13:25.560 INFO Analysis report compressed in 1429ms, zip size=8.3 MB

09:14:10.518 INFO Analysis report uploaded in 44955ms

09:14:10.519 INFO ANALYSIS SUCCESSFUL, you can find the results at: http://192.168.32.12:9000/dashboard?id=test4

09:14:10.519 INFO Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report

09:14:10.519 INFO More about the report processing at http://192.168.32.12:9000/api/ce/task?id=acfc4bc2-7b20-4166-bde6-93d970ac62b3

09:14:10.601 INFO Analysis total time: 3:49.166 s

09:14:10.602 INFO SonarScanner Engine completed successfully

09:14:10.636 INFO EXECUTION SUCCESS

09:14:10.637 INFO Total time: 17:51.245s