Sonarqube與Maven

剛好工作有個原始碼品質掃描工作，就記錄以下也分享出來，勉強跟網路有關XD：範例目標：啟動sonarqube並用maven進行scan 1. 啟動sonarqube 這部份先注意一下，要先做功課，因為最新版的sonarqube不再支援java 8，所以我們要上sonarqube檢視支援。剛這個部份我就卡關很久... https://docs.sonarsource.com/sonarqube/8.9/requirements/prerequisites-and-overview/ ![](https://hackmd.io/_uploads/SkjiK59lT.png) 可以看到有支援8，所以我們就鎖定這個版本。另外為了讓maven可以連線得到sonarqube，我們先建立一個customed network:ap_net > docker network create ap_net > docker run -d -p 9000:9000 --network=ap_net sonarqube:8.9.10-community 預設帳號密碼為admin，登入後跟著畫面取得token與連線資訊 ![](https://hackmd.io/_uploads/r1k85cclT.png) > docker inspect container_id 檢視sonarqube的ip。 2. 可以將部份檔案做volume Use volumes We recommend creating volumes for the following directories: /opt/sonarqube/data: data files, such as the embedded H2 database and Elasticsearch indexes /opt/sonarqube/logs: contains SonarQube logs about access, web process, CE process, Elasticsearch logs /opt/sonarqube/extensions: for 3rd party plugins Warning: You cannot use the same volumes on multiple instances of SonarQube. 3. 將sonarqube相關資訊放入docker compose ``` version: "3" name: project services: maven: image: maven:3.9.4-eclipse-temurin-8-alpine volumes: - "/xx:/usr/src/mymaven" - "/m2:/root/.m2" working_dir: /usr/src/mymaven command: mvn sonar:sonar -Dsonar.projectKey=xxxx -Dsonar.host.url=http://172.18.0.2:9000 -Dsonar.login=80961bb0a701ecb4d5926238101e01bfe9bb6a32 clean package networks: - ap_net networks: ap_net: external: true ``` > docker-compose -f docker-compose.yaml up 4. 接下來就是進入sonarqube檢視成果 ![](https://hackmd.io/_uploads/Hy6-sq9g6.png) 5. 當然如果sonarqube曾經建立過，並且把相關資料有放到volumes，可以採用一鍵佈署 ``` version: "3" name: project services: sonarqube: image: sonarqube:8.9.10-community ports: - 9000:9000 networks: - ap_net maven: image: maven:3.9.4-eclipse-temurin-8-alpine volumes: - "/source:/usr/src/mymaven" - "/m2:/root/.m2" working_dir: /usr/src/mymaven command: mvn sonar:sonar -Dsonar.projectKey=xxxx -Dsonar.host.url=http://sonarqube:9000 -Dsonar.login=80961bb0a701ecb4d5926238101e01bfe9bb6a32 clean package networks: - ap_net networks: ap_net: external: true ``` 後續可以改善方向： 1. 將sonarqube放到/opt/sonarqube/data中 2. depends_on增加health check機制(需要改寫sonarqube image) https://docs.docker.com/compose/compose-file/05-services/#depends_on https://github.com/SonarSource/docker-sonarqube Health check寫法： https://github.com/docker-library/healthcheck/tree/master/sonarqube p.s.healthcheck需要再戰這邊memo 其他網路的寫法： ``` networks: ap_net2: ipam: driver: default config: - subnet: "172.16.0.0/24" ``` https://docs.docker.com/compose/compose-file/06-networks/#external ![圖片](https://hackmd.io/_uploads/H1YWTyrc6.png) https://stackoverflow.com/questions/38488996/sonarqube-analysis-requires-authentication-when-permission-is-anyone > docker run --rm -v "d:\project\m2:/root/.m2" -v ".:/usr/src/mymaven" -w "/usr/src/mymaven" --network=host maven:3.9.6-eclipse-temurin-8-alpine mvn sonar:sonar -Dsonar.login=e6d6cfab991a7bc4499a15ea40dcc480aa1df1c7 mvn sonar:sonar -Dsonar.login=e74067f6b824340619999da762b3bb26210f957e