Java教程

代码质量管理工具-SonarQube

本文主要是介绍代码质量管理工具-SonarQube,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

代码质量管理工具-SonarQube

一、前期准备

1.1 JDK 11.0安装

可参考JDK 1.8的安装教程:https://blog.csdn.net/weixin_41668084/article/details/111147667

1.2 PostgreSQL安装

参考链接:https://blog.csdn.net/weixin_41668084/article/details/113865237

注意:SonarQube 7.9起不再支持MySQL数据库。

1.3 SonarQube下载

下载链接:https://www.sonarqube.org/downloads/

image-20210219224038188

1.3.1 数库库添加

 # 创建用户
 create user sonar with password '123456';   
 # 创建数据库
 create database sonar owner sonar;
 # 授权
 grant all privileges on database sonar to sonar;            
 # 切换到sonar数据库
 \c sonar
 # 创建schema指定owner
 create schema my_schema authorization sonar;

1.4 Sonar-Scanner下载

下载链接:https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/

image-20210219224235098

1.5 文件上传

image-20210219224548457

二、SonarQube安装

2.1 用户添加

 #添加用户
 useradd sonar
 #用户密码添加
 passwd sonar

2.2 文件解压

 #创建文件
 mkdir /usr/local/sonar
 # 解压文件
 unzip sonarqube-7.9.5.zip
 # 移动文件并重命名
 mv sonarqube-7.9.5 /usr/local/sonar/sonarqube

2.3 修改sonarqube用户组

 chown -R sonar:sonar/usr/local/sonar/sonarqube

2.4 优化系统的参数

2.4.1 临时优化

 sysctl -w  vm.max_map_count=262144
 sysctl -w fs.file-max=65536
 ulimit -u 4096 sonar
 ulimit -n 65536 sonar

2.4.2 持久优化

2.4.2.1 修改最大线程数
 #修改/etc/security/limits.conf文件,增加配置,用户退出后重新登录生效
 vim /etc/security/limits.conf

image-20210220012820687

2.4.2.2 修改系统配置文件

 vim /etc/sysctl.conf

image-20210219231240853

2.5 更改配置文件

2.5.1 配置数据库登录用户和密码

 # 修改配置文件
 vim /usr/local/sonar/sonarqube/conf/sonar.properties
 sonar.jdbc.username=sonar
 sonar.jdbc.password=123456

image-20210219232632083

2.5.2 配置数据库链接池相关属性

sonar.jdbc.maxActive=60
sonar.jdbc.maxIdle=5
sonar.jdbc.minIdle=2
sonar.jdbc.maxWait=5000
sonar.jdbc.minEvictableIdleTimeMillis=600000
sonar.jdbc.timeBetweenEvictionRunsMillis=30000

image-20210219232852622

2.5.3 配置web访问相关

sonar.web.host=0.0.0.0
sonar.web.port=9000

image-20210219233131494

2.6 启动SonarQube

#切换用户(sonar),必须以sonar用户启动
su - sonar
#启动SonarQube
./usr/local/sonar/sonarqube/bin/linux-x86-64/sonar.sh console	#控制台启动
./usr/local/sonar/sonarqube/bin/linux-x86-64/sonar.sh start		#后台启动
./usr/local/sonar/sonarqube/bin/linux-x86-64/sonar.sh status	#启动状态
./usr/local/sonar/sonarqube/bin/linux-x86-64/sonar.sh restart	#重新启动
./usr/local/sonar/sonarqube/bin/linux-x86-64/sonar.sh stop		#系统停止

image-20210219233949884

2.6.1 数据表查看

image-20210219234137250

2.6.2 页面登录

默认登录账号:admin,密码:admin

image-20210219234810126

2.7 SonarQube汉化

2.7.1 插件中心下载

image-20210219235315380

2.7.2 汉化插件离线安装

插件下载地址:https://github.com/xuhuisheng/sonar-l10n-zh/releases/tag/sonar-l10n-zh-plugin-1.29

image-20210219235607105

#上传文件到指定文件
cd /usr/local/sonar/sonarqube/extensions/plugins
#改变文件用户组
chown sonar:sonar sonar-l10n-zh-plugin-1.29.jar

image-20210219235810792

2.7.3 重启系统,查看页面

image-20210220000300356

2.8 SonarQube加入开机自启动

2.8.1 创建软链接

ln -s /usr/local/sonar/sonarqube/bin/linux-x86-64/sonar.sh /usr/bin/sonar

2.8.2 创建服务

vim /etc/init.d/sonarqube
cat /etc/init.d/sonarqube
#内容如下
#!/bin/sh
#
# rc file for SonarQube
#
# chkconfig: 345 96 10
# description: SonarQube system (www.sonarsource.org)
#
### BEGIN INIT INFO
# Provides: sonar
# Required-Start: $network
# Required-Stop: $network
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: SonarQube system (www.sonarsource.org)
# Description: SonarQube system (www.sonarsource.org)
### END INIT INFO

#export JAVA_HOME=/usr/local/java/

su sonar /usr/bin/sonar $*

2.8.3 增加执行权限

chmod +x /etc/init.d/sonarqube

2.8.4 添加服务

chkconfig --add sonarqube

2.8.5 配置服务启动时依赖的jdk

vim /usr/local/sonar/sonarqube/conf/wrapper.conf

image-20210220005118100

2.8.6 加入开机启动

service sonarqube on

2.8.6 启动服务

service sonarqube start		#启动
service sonarqube restart	#重启
service sonarqube console	#控制台启动
service sonarqube stop		#终止
service sonarqube status	#状态

三、Sonar-Scanner安装

3.1 文件解压

#解压文件
unzip sonar-scanner-cli-4.6.0.2311-linux.zip
#移动文件并重命名
mv sonar-scanner-4.6.0.2311-linux/ /usr/local/sonar/sonarscanner

3.2 添加环境变量

#配置环境变量
vim /etc/profile
#文件末尾添加
export SONAR_SCANNER_HOME=/usr/local/sonar/sonarscanner
export PATH=$PATH:${SONAR_SCANNER_HOME}/bin

image-20210220135319126

保存后执行下面的命令,使配置生效!

# 使配置生效
source /etc/profile

3.3 配置sonar-scanner

#配置文件
vim /usr/local/sonar/sonarscanner/conf/sonar-scanner.properties

image-20210220135838114

3.4 验证sonar-scanner

sonar-scanner -h

image-20210220140041241

四、SonarQube项目实践

4.1 使用工具

idea,maven, sonarqube, sonarscanner

4.2 实践方式

4.2.1 修改maven添加sonar配置+pom文件导入sonar插件

4.2.1.1 maven配置文件修改
 <settings>
 <profiles>
   <profile>
        <id>sonar</id>
            <properties>
            <sonar.jdbc.url>jdbc:postgresql://192.168.61.80/sonar?currentSchema=my_schema</sonar.jdbc.url>
            <sonar.jdbc.driver>org.postgresql.Driver</sonar.jdbc.driver>
            <sonar.jdbc.username>sonar</sonar.jdbc.username>
            <sonar.jdbc.password>123456</sonar.jdbc.password>
            <sonar.host.url>http://192.168.61.81:9000/</sonar.host.url>
        </properties>
    </profile>
  </profiles>

  <!-- activeProfiles
   | List of profiles that are active for all builds.
   |
   -->
  <activeProfiles>
    <activeProfile>sonar</activeProfile>
  </activeProfiles>
</settings>
4.2.1.2 pom文件添加sonar插件
<plugin>
  <groupId>org.sonarsource.scanner.maven</groupId>
  <artifactId>sonar-maven-plugin</artifactId>
  <version>3.8.0.2131</version>
</plugin>

image-20210220141916114

4.2.1.3 执行扫描

image-20210220142740495

4.2.1.4 sonarqube扫描查看

image-20210220142848265

4.2.2 pom文件添加sonar配置和sonar插件

4.2.2.1 添加sonar配置
  <profiles>
    <profile>
      <id>sonar</id>
      <properties>
        <sonar.jdbc.url>jdbc:postgresql://192.168.61.80/sonar?currentSchema=my_schema</sonar.jdbc.url>
        <sonar.jdbc.driver>org.postgresql.Driver</sonar.jdbc.driver>
        <sonar.jdbc.username>sonar</sonar.jdbc.username>
        <sonar.jdbc.password>123456</sonar.jdbc.password>
        <sonar.host.url>http://192.168.61.81:9000/</sonar.host.url>
      </properties>
      <activation>
          <activeByDefault>true</activeByDefault>
      </activation>
    </profile>
  </profiles>
4.2.2.2 添加sonar配置
<plugin>
  <groupId>org.sonarsource.scanner.maven</groupId>
  <artifactId>sonar-maven-plugin</artifactId>
  <version>3.8.0.2131</version>
</plugin>

扫描项目与查看同上

4.2.3 使用sonar-scanner扫描

4.2.3.1 项目根目录下添加 sonar-project.properties
#项目的key
sonar.projectKey=jenkins-gitlab-key
#项目的名字
sonar.projectName=jenkins-gitlab-sonar-scanner
#项目的版本
sonar.projectVersion=1.0.0
#需要分析的源码的目录,多个目录用英文逗号隔开
sonar.sources=/app/jenkins-gitlab
#二进制文件
sonar.java.binaries=/app/jenkins-gitlab/target/classes

4.2.3.2 sonar-scanner扫描

sonar-scanner

image-20210220144653431

4.2.3.3 SonarQube页面验证

image-20210220144825246

4.2.4 Maven命令执行

4.2.4.1 SonarQube建立扫描项目

image-20210220160008849

4.2.4.2 idea新建项目,并执行扫描

扫描命令:

mvn sonar:sonar \
  -Dsonar.projectKey=Jenkins-SonarQube \
  -Dsonar.host.url=http://192.168.61.81:9000 \
  -Dsonar.login=2ddec215c10e5aa8c552bef3c37f32de9c32019a

扫描记录:

E:\PATS\Projects\JavaLearn\jenkins-sonarqube>mvn sonar:sonar -Dsonar.projectKey=Jenkins-SonarQube -Dsonar.host.url=http://192.168.61.81:9000 -Dsonar.login=2ddec215c10e5aa8c552bef3c37f32
de9c32019a
[INFO] Scanning for projects...
[INFO]
[INFO] -----------------------< com.jenkins:sonarqube >------------------------
[INFO] Building sonarqube 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- sonar-maven-plugin:3.7.0.1746:sonar (default-cli) @ sonarqube ---
[INFO] User cache: C:\Users\Administrator\.sonar\cache
[INFO] SonarQube version: 7.9.5
[INFO] Default locale: "zh_CN", source code encoding: "UTF-8"
[WARNING] SonarScanner will require Java 11 to run starting in SonarQube 8.x
[INFO] Load global settings
[INFO] Load global settings (done) | time=63ms
[INFO] Server id: 48F3CEBB-AXe5bCYaWLFD_1L1uUGJ
[INFO] User cache: C:\Users\Administrator\.sonar\cache
[INFO] Load/download plugins
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=34ms
[INFO] Plugin [l10nzh] defines 'l10nen' as base plugin. This metadata can be removed from manifest of l10n plugins since version 5.2.
[INFO] Load/download plugins (done) | time=68ms
[INFO] Process project properties
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=6ms
[INFO] Project key: Jenkins-SonarQube
[INFO] Base dir: E:\PATS\Projects\JavaLearn\jenkins-sonarqube
[INFO] Working dir: E:\PATS\Projects\JavaLearn\jenkins-sonarqube\target\sonar
[INFO] Load project settings for component key: 'Jenkins-SonarQube'
[INFO] Load project settings for component key: 'Jenkins-SonarQube' (done) | time=18ms
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=45ms
[INFO] Load active rules
[INFO] Load active rules (done) | time=421ms
[INFO] Indexing files...
[INFO] Project configuration:
[INFO] 3 files indexed
[INFO] Quality profile for java: Sonar way
[INFO] Quality profile for xml: Sonar way
[INFO] ------------- Run sensors on module sonarqube
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=14ms
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 8
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=15ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=3ms
[INFO] Java Main Files AST scan
[INFO] 1 source files to be analyzed
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=13ms
[INFO] 1/1 source files have been analyzed
[WARNING] Classes not found during the analysis : [javax.annotation.meta.When]
[INFO] Java Main Files AST scan (done) | time=420ms
[INFO] Java Test Files AST scan
[INFO] 1 source files to be analyzed
[INFO] 1/1 source files have been analyzed
[INFO] Java Test Files AST scan (done) | time=38ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=893ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=5ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [E:\PATS\Projects\JavaLearn\jenkins-sonarqube\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=7ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=3ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=101ms
[INFO] 1/1 source files have been analyzed
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=11ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source files to be analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=81ms
[INFO] 1/1 source files have been analyzed
[INFO] ------------- Run sensors on project
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=9ms
[INFO] Sensor Java CPD Block Indexer
[INFO] Sensor Java CPD Block Indexer (done) | time=10ms
[INFO] SCM Publisher is disabled
[INFO] 1 file had no CPD blocks
[INFO] Calculating CPD for 0 files
[INFO] CPD calculation finished
[INFO] Analysis report generated in 44ms, dir size=84 KB
[INFO] Analysis report compressed in 47ms, zip size=15 KB
[INFO] Analysis report uploaded in 25ms
[INFO] ANALYSIS SUCCESSFUL, you can browse http://192.168.61.81:9000/dashboard?id=Jenkins-SonarQube
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at http://192.168.61.81:9000/api/ce/task?id=AXe-hjYigf7k25Y1Cy_3
[INFO] Analysis total time: 3.117 s
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  6.423 s
[INFO] Finished at: 2021-02-20T16:20:03+08:00
[INFO] ------------------------------------------------------------------------

E:\PATS\Projects\JavaLearn\jenkins-sonarqube>
4.2.4.3 页面验证

image-20210220162955454

 

以上,请参考!

参控链接

  1. MacOS/Linux 搭建 SonarQube 8.6

  2. Linux下sonarqube8.5的安装、配置与使用(一)

  3. SonarQube安装教程

  4. 【环境搭建】SonarQube 8.0 部署到CentOS 6.8下

  5. CentOS安装SonarQube7.9.1

  6. SonarQube - 中文插件安装

  7. Sonar+IDEA + Maven的集成

  8. sonar安装及使用篇

  9. sonar-scanner扫描代码出

  10. 静态代码扫描工具使用教程 - SonarQube+SonarScanner

  11. elasticsearch启动常见错误

  12. SonarQube开机自启动

这篇关于代码质量管理工具-SonarQube的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
您可能喜欢
栏目导航