SonarQube（sonar-scanner）+GitLab（gitlab-runner）实现提交代码自动扫描项目代码

news2025/1/10 23:55:41

安装gitlab-runner

插件挂载目录

mkdir -p /data/gitlab-runner/config

docker run -d --name gitlab-runner \
-v /data/gitlab-runner/config:/etc/gitlab-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
--restart always \
--privileged=true \
gitlab/gitlab-runner

注册gitlab-runner

来到要扫描的项目下，设置- CI/CD
在这里插入图片描述
展开Runner，可以看见你的链接和token，点击复制

在这里插入图片描述
从Runner复制后，进入gitlab-runner容器

依次输入：地址（http://git.hkeasyspeed.com/）、token（DGmZzRF7dk1p1JPwcu8A ）、描述（report）、标签（report）、执行方式（docker）、镜像（sonarsource/sonar-scanner-cli:latest）

[root@localhost ~]# docker exec -it gitlab-runner bash
root@c73a1e8ec484:/# gitlab-runner register
Runtime platform                                    arch=amd64 os=linux pid=294 revision=5316d4ac version=14.6.0
Running in system-mode.                            
                                                   
Enter the GitLab instance URL (for example, https://gitlab.com/):
http://git.hkeasyspeed.com/  
Enter the registration token:
DGmZzRF7dk1p1JPwcu8A  
Enter a description for the runner:
[c73a1e8ec484]: report
Enter tags for the runner (comma-separated):
report
Registering runner... succeeded                     runner=DGmZzRF7
Enter an executor: docker-ssh, shell, docker+machine, docker-ssh+machine, virtualbox, kubernetes, custom, docker, parallels, ssh:
docker
Enter the default Docker image (for example, ruby:2.6):
sonarsource/sonar-scanner-cli:latest
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded! 
root@c73a1e8ec484:/# exit
exit
[root@localhost ~]#

退出，刷新Runner页面可以看见有个可用的Runner，标签叫report

在这里插入图片描述

添加环境变量

1.新增项目的时候，我们可以直接忽略第一步直接点击继续，我们跑的是docker不是maven扫描不用修改pom.xml文件

在这里插入图片描述
2.将token和url添加到gitlab项目变量里

设置- CI/CD - 变量 - 展开 - 添加变量

在这里插入图片描述
新增SONAR_TOKEN=SnarQube生成的令牌值，SONAR_HOST_URL=SonarQube地址
其实变量也可以不用新增，直接编写.gitlab-ci.yml的时候直接明文指定也行。

在这里插入图片描述

编辑.gitlab-ci.yml

点击左侧的CI/CD - 编辑器，默认是没有gitlab-ci的yml文件，我们点击新建
在这里插入图片描述
将默认生成修改以下
项目标识：-Dsonar.projectKey=easyspeed-module-report

# This file is a template, and might need editing before it works on your project.
# To contribute improvements to CI/CD templates, please follow the Development guide at:
# https://docs.gitlab.com/ee/development/cicd/templates.html
# This specific template is located at:
# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Getting-Started.gitlab-ci.yml

# This is a sample GitLab CI/CD configuration file that should run without any modifications.
# It demonstrates a basic 3 stage CI/CD pipeline. Instead of real tests or scripts,
# it uses echo commands to simulate the pipeline execution.
#
# A pipeline is composed of independent jobs that run scripts, grouped into stages.
# Stages run in sequential order, but jobs within stages run in parallel.
#
# For more information, see: https://docs.gitlab.com/ee/ci/yaml/README.html#stages

image:
  name: sonarsource/sonar-scanner-cli:latest
variables:
  SONAR_TOKEN: "${SONAR_TOKEN}"  
  SONAR_HOST_URL: "${SONAR_HOST_URL}"
  GIT_DEPTH: 0
sonarqube-check:
  stage: build
  script:
    - sonar-scanner -X -Dsonar.qualitygate.wait=true -Dsonar.java.binaries=. -Dsonar.projectKey=easyspeed-module-report 
  allow_failure: true
  only: 
    - merge_requests
    - master
    - test
    - pre
  tags:
    - report	#要和注册的gitlab-runner 标签一致