我将Jenkins配置为使用sonarqube扫描仪。扫描工作正常。 jenkins管道工作正常,我在jenkins日志中没有任何问题。
SonarQube Scanner 3.0.3.778 詹金斯:2.70 适用于Jenkins插件的SonarQube扫描仪:2.6.1
我使用此代码:
stage('SonarQube analysis') {
sh 'sed -ie "s|_PROJECT_|${PROJECT_CODE}|g" $WORKSPACE/_pipeline/sonar-project.properties'
// requires SonarQube Scanner 3.0+
def scannerHome = '/opt/sonar/bin/sonar-scanner';
withSonarQubeEnv('mscodeanalysis') {
sh "${scannerHome}/bin/sonar-scanner -Dproject.settings=$WORKSPACE/_pipeline/sonar-project.properties"
}
}
}
}
}
}
// No need to occupy a node
stage("Quality Gate"){
timeout(time: 15, unit: 'MINUTES') { // Just in case something goes wrong, pipeline will be killed after a timeout
def qg = waitForQualityGate() // Reuse taskId previously collected by withSonarQubeEnv
if (qg.status != 'OK') {
error "Pipeline aborted due to quality gate failure: ${qg.status}"
}
}
}
我的问题来自Quality Gate。它永远不会将json有效负载发布到jenkins。我没有在jenkins日志中看到json条目。但我知道jenkins和sonarqube服务器之间的连接正常,因为我能够使用来自sonarqube VM的curl发送POST。
这里是jenkins的工作输出:
Timeout set to expire in 15 min
[Pipeline] {
[Pipeline] waitForQualityGate
Checking status of SonarQube task 'AV3irVJXpvBxXXNJYZkd' on server 'mscodeanalysis'
SonarQube task 'AV3irVJXpvBxXXNJYZkd' status is 'PENDING'
Cancelling nested steps due to timeout
这是我从未到达jenkins管道的有效负载: 网址:http://sonar-server:9000/api/ce/task?id=AV3irVJXpvBxXXNJYZkd
{"task":{"organization":"default-organization","id":"AV3irVJXpvBxXXNJYZkd","type":"REPORT","componentId":"AV3hrJeCfL_nrF2072FH","componentKey":"POOL-003","componentName":"POOL-003","componentQualifier":"TRK","analysisId":"AV3irVkZszLEB6PsCK9X","status":"SUCCESS","submittedAt":"2017-08-14T21:36:35+0000","submitterLogin":"jenkins","startedAt":"2017-08-14T21:36:37+0000","executedAt":"2017-08-14T21:36:38+0000","executionTimeMs":650,"logs":false,"hasScannerContext":true}}
我无法插入图片,但质量门已通过,分析任务成功。
如果我需要提供更多信息,请与我们联系。 谢谢
答案 0 :(得分:2)
问题可能是Jenkins使用https和自签名证书。然后解决方案是:
为SonarQube生成信任库:
keytool -import -trustcacerts -alias jenkins-host-name -file cert.crt -keystore sonarqube.jks
keystore passw:password
其中cert.crt - 是用于jenkins的ssl的证书,jenkins-host-name - 是docker网络中jenkins的主机名(在webhook中使用)
将信任库添加到SonarQube Dockerfile:
FROM sonarqube
COPY sonarqube.jks /var/sonar_cert/
COPY sonar.properties /opt/sonarqube/conf/sonar.properties
更新sonar.properties
sonar.ce.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/var/sonar_cert/sonarqube.jks -Djavax.net.ssl.trustStorePassword=password
然后,如果您在webhook网址中提供了Jenkins的正确用户名和密码,那么一切都应该有效。
尝试:Jenkins 2.107.2,SonarQube 7.1
答案 1 :(得分:1)
惊讶地发现@Katone Vi的回答如此有效。根据他们的回答,我们添加了一个成功退出的快速通道,并使用DSL进行了原始请求:
stage('SonarQube') {
steps {
withSonarQubeEnv('SonarQube') {
sh """
${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=XXX_${env.STAGE}_lambda
"""
}
script {
Integer waitSeconds = 10
Integer timeOutMinutes = 10
Integer maxRetry = (timeOutMinutes * 60) / waitSeconds as Integer
for (Integer i = 0; i < maxRetry; i++) {
try {
timeout(time: waitSeconds, unit: 'SECONDS') {
def qg = waitForQualityGate()
if (qg.status != 'OK') {
error "Sonar quality gate status: ${qg.status}"
} else {
i = maxRetry
}
}
} catch (Throwable e) {
if (i == maxRetry - 1) {
throw e
}
}
}
}
}
}
答案 2 :(得分:0)
如果您使用的是Jenkins文件,则可以解决此问题:
定义creadentials:
environment {
CRED = credentials('jenkins_user_pass')
}
然后使用:
stage("Quality Gate") {
steps {
script {
while(true){
sh "sleep 2"
def url="http://jenkinsURL/job/${env.JOB_NAME.replaceAll('/','/job/')}/lastBuild/consoleText";
def sonarId = sh script: "wget -qO- --content-on-error --no-proxy --auth-no-challenge --http-user=${CRED_USR} --http-password=${CRED_PSW} '${url}' | grep 'More about the report processing' | head -n1 ",returnStdout:true
sonarId = sonarId.substring(sonarId.indexOf("=")+1)
echo "sonarId ${sonarId}"
def sonarUrl = "http://jenkinsURL/sonar/api/ce/task?id=${sonarId}"
def sonarStatus = sh script: "wget -qO- '${sonarUrl}' --no-proxy --content-on-error | jq -r '.task' | jq -r '.status' ",returnStdout:true
echo "Sonar status ... ${sonarStatus}"
if(sonarStatus.trim() == "SUCCESS"){
echo "BREAK";
break;
}
if(sonarStatus.trim() == "FAILED "){
echo "FAILED"
currentBuild.result = 'FAILED'
break;
}
}
}
}
}
答案 3 :(得分:0)
以下是我们为解决此问题所做的简要说明:
SonarQube随机挂在“挂起”状态。告诉它重试会刷新它。在此示例中,我们将其设置为10秒
maxRetry = 200
forloop (i=0; i<maxRetry; i++){
try {
timeout(time: 10, unit: 'SECONDS') {
waitForQualityGate()
}
} catch(Exception e) {
if (i == maxRetry-1) {
throw e
}
}
}
答案 4 :(得分:0)
我也遇到过类似的问题,虽然Sonar服务器中的高质量Gate后端活动需要不到20秒的时间才能完成分析,但是jenkins工作中声纳-webhook的高质量Gate失败/成功响应却花费了很多时间并且卡住了。
stage('Sonar:QG') {
steps {
**sleep(10) /* Added 10 sec sleep that was suggested in few places*/**
script{
timeout(time: 10, unit: 'MINUTES') {
def qg = waitForQualityGate abortPipeline: true
if (qg.status != 'OK') {
echo "Status: ${qg.status}"
error "Pipeline aborted due to quality gate failure: ${qg.status}"
}
}
}
}
}
基本上检查以下事情:- Webhook是否在声纳中配置:-SonarQube->管理-> Webhooks http://:/ sonarqube-webhook /
或在http://locahlhost:port/sonarqube-webhook/中使用localhost代替IP解决了我的问题。
答案 5 :(得分:0)
如果已将SonarQube配置为使用HTTP(S)代理,请确保可以通过代理访问您的詹金斯,或者将其配置为“非代理主机”。这可以通过http.nonProxyHosts属性或HTTP_NONPROXYHOSTS环境变量来完成。有关更多信息和语法,另请参见documentation。
答案 6 :(得分:-1)
在舞台('SonarQube分析')和舞台(“质量门”)之间添加一个sh'睡眠10'可以解决问题。现在jenkins工作收到了
Checking status of SonarQube task 'AV3rHxhp3io6giaQF_OA' on server 'sonarserver'
SonarQube task 'AV3rHxhp3io6giaQF_OA' status is 'SUCCESS'
SonarQube task 'AV3rHxhp3io6giaQF_OA' completed. Quality gate is 'OK'