因項目需要,需要使用sonarQube對代碼進行掃描并檢視,因對sonarQube不熟悉,是以先在本機搭建測試環境。
參考了張老師的部落格:http://www.cnblogs.com/danzhang/p/5205610.html
參考百度文庫文章:http://wenku.baidu.com/view/088e5b1b6edb6f1aff001fc0.html?from=search
運作sonarQube之前,需要本機已經安裝JDK及mysql
JDK:因為sonarQube是使用Java開發的,那麼相應的肯定需要有JDK運作環境。安裝步驟請參考《JDK Windows安裝》
mysql:作為一個可運作的系統,需要将資料儲存在資料庫,以便下次檢視。系統不隻支援mysql,還支援SQL Server/Oracle等
關于JDK和mysql的安裝,可以參考其中的文章。
首先在mysql中執行一段腳本,這段腳本的意思是
1.建立sonar命名的DB,并指定密碼同為sonar
2.建立soanr使用者
3/4将sonar這個DB的所有對象授權給sonar這個使用者,且都指定密碼為sonar,并同時指定隻能從localhost和%登陸
CREATE DATABASE sonar CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'sonar' IDENTIFIED BY 'sonar';
GRANT ALL ON sonar.* TO 'sonar'@'%' IDENTIFIED BY 'sonar';
GRANT ALL ON sonar.* TO 'sonar'@'localhost' IDENTIFIED BY 'sonar';
FLUSH PRIVILEGES; - 下載下傳sonarQube和sonarQube Scanner
參考位址:http://docs.sonarqube.org/display/SONAR/Get+Started+in+Two+Minutes
我現在能夠下載下傳的sonarQube最新版本是6.1,sonarQube Scanner最新版本是2.8
下載下傳至本地後就隻是兩個壓縮包
- 解壓sonarQube和sonarQube Scanner檔案
将下載下傳的zip檔案解壓至本地,這裡我解壓至C槽,
C:\sonarqube (解壓的是sonarQube)
C:\sonar-scanner (解壓的是sonarQube Scanner)
- 配置sonarQube
首先配置sonarQube,解壓好的sonarQube目錄有幾個檔案夾:
- bin:sonarQube運作指令檔案夾
- conf:sonarQube配置檔案夾
- data:(暫時不清楚功能)
- extensions:sonarQube的插件等存放檔案夾
- lib:sonarQube存放的運作庫檔案(jar)
- logs:sonarQube日志檔案夾
- temp:sonarQube臨時檔案夾
- web:sonarQube系統UI界面檔案夾
首先進入至conf檔案夾,原本在裡面就存一個配置檔案sonar.properties,但其中的節點都是使用#注釋的,我們隻需要将節點前面的#删除,該節點即可起效
節點
sonar.jdbc.usename:連接配接至mysql的使用者名(上一節DB新增并授權使用者名sonar)
sonar.jdbc.password:連接配接至mysql的密碼(上一節DB新增并授權使用者密碼sonar)
sonar.jdbc.url:連接配接至mysql的位址(一般來說,mysql與sonarQube都是安裝在同一台機器,是以這裡一般都是使用localhost,預設使用的是3306端口,如不在同一台機器,應該使用對應的IP位址,當然,上一節新增的使用者也需要對相應的通路位址進行授權)
sonar.web.port:系統運作的端口,現在是安裝在本機,當系統配置完成後,将使用http://localhost:9000/進入系統
sonar.updatecenter.activate:sonarQube原本就運作了很多的插件,有的插件會有更新,系統允許我們将插件進行更新(在系統中下載下傳,并未真正更新原有的插件),
如将此節點打開,下次啟動是,系統會自動更新為最新的插件(系統允許自動重新啟動,但未試到,現在在系統中更新插件後可以重新啟動)
sonar.log.roolingpolicy:關于sonarQube的日志關于日期的格式
# Property values can:
# - reference an environment variable, for example sonar.jdbc.url= ${env:SONAR_JDBC_URL}
# - be encrypted. See http://redirect.sonarsource.com/doc/settings-encryption.html
#--------------------------------------------------------------------------------------------------
# DATABASE
#
# IMPORTANT: the embedded H2 database is used by default. It is recommended for tests but not for
# production use. Supported databases are MySQL, Oracle, PostgreSQL and Microsoft SQLServer.
# User credentials.
# Permissions to create tables, indices and triggers must be granted to JDBC user.
# The schema must be created first.
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar
#----- Embedded Database (default)
# H2 embedded database server listening port, defaults to 9092
#sonar.embeddedDatabase.port=9092
#----- MySQL 5.6 or greater
# Only InnoDB storage engine is supported (not myISAM).
# Only the bundled driver is supported. It can not be changed.
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
#----- Oracle 11g/12c
# - Only thin client is supported
# - Only versions 11.2.x and 12.x of Oracle JDBC driver are supported
# - The JDBC driver must be copied into the directory extensions/jdbc-driver/oracle/
# - If you need to set the schema, please refer to http://jira.sonarsource.com/browse/SONAR-5000
#sonar.jdbc.url=jdbc:oracle:thin:@localhost:1521/XE
#----- PostgreSQL 8.x/9.x
# If you don't use the schema named "public", please refer to http://jira.sonarsource.com/browse/SONAR-5000
#sonar.jdbc.url=jdbc:postgresql://localhost/sonar
#----- Microsoft SQLServer 2012/2014 and SQL Azure
# A database named sonar must exist and its collation must be case-sensitive (CS) and accent-sensitive (AS)
# Use the following connection string if you want to use integrated security with Microsoft Sql Server
# Do not set sonar.jdbc.username or sonar.jdbc.password property if you are using Integrated Security
# For Integrated Security to work, you have to download the Microsoft SQL JDBC driver package from
# http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=11774
# and copy sqljdbc_auth.dll to your path. You have to copy the 32 bit or 64 bit version of the dll
# depending upon the architecture of your server machine.
# This version of SonarQube has been tested with Microsoft SQL JDBC version 4.1
#sonar.jdbc.url=jdbc:sqlserver://localhost;databaseName=sonar;integratedSecurity=true
# Use the following connection string if you want to use SQL Auth while connecting to MS Sql Server.
# Set the sonar.jdbc.username and sonar.jdbc.password appropriately.
#sonar.jdbc.url=jdbc:sqlserver://localhost;databaseName=sonar
#----- Connection pool settings
# The maximum number of active connections that can be allocated
# at the same time, or negative for no limit.
# The recommended value is 1.2 * max sizes of HTTP pools. For example if HTTP ports are
# enabled with default sizes (50, see property sonar.web.http.maxThreads)
# then sonar.jdbc.maxActive should be 1.2 * (50) = 120.
#sonar.jdbc.maxActive=60
# The maximum number of connections that can remain idle in the
# pool, without extra ones being released, or negative for no limit.
#sonar.jdbc.maxIdle=5
# The minimum number of connections that can remain idle in the pool,
# without extra ones being created, or zero to create none.
#sonar.jdbc.minIdle=2
# The maximum number of milliseconds that the pool will wait (when there
# are no available connections) for a connection to be returned before
# throwing an exception, or <= 0 to wait indefinitely.
#sonar.jdbc.maxWait=5000
#sonar.jdbc.minEvictableIdleTimeMillis=600000
#sonar.jdbc.timeBetweenEvictionRunsMillis=30000
#--------------------------------------------------------------------------------------------------
# WEB SERVER
# Web server is executed in a dedicated Java process. By default heap size is 512Mb.
# Use the following property to customize JVM options.
# Recommendations:
#
# The HotSpot Server VM is recommended. The property -server should be added if server mode
# is not enabled by default on your environment:
# http://docs.oracle.com/javase/8/docs/technotes/guides/vm/server-class.html
#
# Startup can be long if entropy source is short of entropy. Adding
# -Djava.security.egd=file:/dev/./urandom is an option to resolve the problem.
# See https://wiki.apache.org/tomcat/HowTo/FasterStartUp#Entropy_Source
#
#sonar.web.javaOpts=-Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError
# Same as previous property, but allows to not repeat all other settings like -Xmx
#sonar.web.javaAdditionalOpts=
# Binding IP address. For servers with more than one IP address, this property specifies which
# address will be used for listening on the specified ports.
# By default, ports will be used on all IP addresses associated with the server.
#sonar.web.host=0.0.0.0
# Web context. When set, it must start with forward slash (for example /sonarqube).
# The default value is root context (empty value).
#sonar.web.context=
# TCP port for incoming HTTP connections. Default value is 9000.
sonar.web.port=9000
# The maximum number of connections that the server will accept and process at any given time.
# When this number has been reached, the server will not accept any more connections until
# the number of connections falls below this value. The operating system may still accept connections
# based on the sonar.web.connections.acceptCount property. The default value is 50.
#sonar.web.http.maxThreads=50
# The minimum number of threads always kept running. The default value is 5.
#sonar.web.http.minThreads=5
# The maximum queue length for incoming connection requests when all possible request processing
# threads are in use. Any requests received when the queue is full will be refused.
# The default value is 25.
#sonar.web.http.acceptCount=25
# By default users are logged out and sessions closed when server is restarted.
# If you prefer keeping user sessions open, a secret should be defined. Value is
# HS256 key encoded with base64. It must be unique for each installation of SonarQube.
# Example of command-line:
# echo -n "type_what_you_want" | openssl dgst -sha256 -hmac "key" -binary | base64
#sonar.auth.jwtBase64Hs256Secret=
#--------------------------------------------------------------------------------------------------
# COMPUTE ENGINE
# The Compute Engine is responsible for processing background tasks.
# Compute Engine is executed in a dedicated Java process. Default heap size is 512Mb.
# Use the following property to customize JVM options.
# Recommendations:
#
# The HotSpot Server VM is recommended. The property -server should be added if server mode
# is not enabled by default on your environment:
# http://docs.oracle.com/javase/8/docs/technotes/guides/vm/server-class.html
#
#sonar.ce.javaOpts=-Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError
# Same as previous property, but allows to not repeat all other settings like -Xmx
#sonar.ce.javaAdditionalOpts=
# The number of workers in the Compute Engine. Value must be greater than zero.
# By default the Compute Engine uses a single worker and therefore processes tasks one at a time.
# Recommendations:
#
# Using N workers will require N times as much Heap memory (see property
# sonar.ce.javaOpts to tune heap) and produce N times as much IOs on disk, database and
# Elasticsearch. The number of workers must suit your environment.
#sonar.ce.workerCount=1
#--------------------------------------------------------------------------------------------------
# ELASTICSEARCH
# Elasticsearch is used to facilitate fast and accurate information retrieval.
# It is executed in a dedicated Java process. Default heap size is 1Gb.
# JVM options of Elasticsearch process
# Recommendations:
#
# Use HotSpot Server VM. The property -server should be added if server mode
# is not enabled by default on your environment:
# http://docs.oracle.com/javase/8/docs/technotes/guides/vm/server-class.html
#
#sonar.search.javaOpts=-Xmx1G -Xms256m -Xss256k -Djna.nosys=true \
# -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 \
# -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError
# Same as previous property, but allows to not repeat all other settings like -Xmx
#sonar.search.javaAdditionalOpts=
# Elasticsearch port. Default is 9001. Use 0 to get a free port.
# As a security precaution, should be blocked by a firewall and not exposed to the Internet.
#sonar.search.port=9001
# Elasticsearch host. The search server will bind this address and the search client will connect to it.
# Default is 127.0.0.1.
# As a security precaution, should NOT be set to a publicly available address.
#sonar.search.host=127.0.0.1
#--------------------------------------------------------------------------------------------------
# UPDATE CENTER
# Update Center requires an internet connection to request https://update.sonarsource.org
# It is enabled by default.
sonar.updatecenter.activate=true
# HTTP proxy (default none)
#http.proxyHost=
#http.proxyPort=
# HTTPS proxy (defaults are values of http.proxyHost and http.proxyPort)
#https.proxyHost=
#https.proxyPort=
# NT domain name if NTLM proxy is used
#http.auth.ntlm.domain=
# SOCKS proxy (default none)
#socksProxyHost=
#socksProxyPort=
# Proxy authentication (used for HTTP, HTTPS and SOCKS proxies)
#http.proxyUser=
#http.proxyPassword=
#--------------------------------------------------------------------------------------------------
# LOGGING
# Level of logs. Supported values are INFO(default), DEBUG and TRACE (DEBUG + SQL + ES requests)
#sonar.log.level=INFO
# Path to log files. Can be absolute or relative to installation directory.
# Default is <installation home>/logs
#sonar.path.logs=logs
# Rolling policy of log files
# - based on time if value starts with "time:", for example by day ("time:yyyy-MM-dd")
# or by month ("time:yyyy-MM")
# - based on size if value starts with "size:", for example "size:10MB"
# - disabled if value is "none". That needs logs to be managed by an external system like logrotate.
sonar.log.rollingPolicy=time:yyyy-MM-dd
# Maximum number of files to keep if a rolling policy is enabled.
# - maximum value is 20 on size rolling policy
# - unlimited on time rolling policy. Set to zero to disable old file purging.
#sonar.log.maxFiles=7
# Access log is the list of all the HTTP requests received by server. If enabled, it is stored
# in the file {sonar.path.logs}/access.log. This file follows the same rolling policy as for
# sonar.log (see sonar.log.rollingPolicy and sonar.log.maxFiles).
#sonar.web.accessLogs.enable=true
# Format of access log. It is ignored if sonar.web.accessLogs.enable=false. Possible values are:
# - "common" is the Common Log Format, shortcut to: %h %l %u %user %date "%r" %s %b
# - "combined" is another format widely recognized, shortcut to: %h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}"
# - else a custom pattern. See http://logback.qos.ch/manual/layouts.html#AccessPatternLayout.
# The login of authenticated user is not implemented with "%u" but with "%reqAttribute{LOGIN}" (since version 6.1).
# The value displayed for anonymous users is "-".
# If SonarQube is behind a reverse proxy, then the following value allows to display the correct remote IP address:
#sonar.web.accessLogs.pattern=%i{X-Forwarded-For} %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}"
# Default value is:
#sonar.web.accessLogs.pattern=combined
#--------------------------------------------------------------------------------------------------
# OTHERS
# Delay in seconds between processing of notification queue. Default is 60 seconds.
#sonar.notifications.delay=60
# Paths to persistent data files (embedded database and search index) and temporary files.
# Can be absolute or relative to installation directory.
# Defaults are respectively <installation home>/data and <installation home>/temp
#sonar.path.data=data
#sonar.path.temp=temp
#--------------------------------------------------------------------------------------------------
# DEVELOPMENT - only for developers
# The following properties MUST NOT be used in production environments.
# Dev mode allows to reload web sources on changes and to restart server when new versions
# of plugins are deployed.
#sonar.web.dev=false
# Path to webapp sources for hot-reloading of Ruby on Rails, JS and CSS (only core,
# plugins not supported).
#sonar.web.dev.sources=/path/to/server/sonar-web/src/main/webapp
# Elasticsearch HTTP connector, for example for KOPF:
# http://lmenezes.com/elasticsearch-kopf/?location=http://localhost:9010
#sonar.search.httpPort=-1 View Code
- 配置sonarQube Scanner
配置sonarQube Scanner也隻需要将其中配置好的節點取消注釋就可起效,與sonarQube的配置非常類似,sonarQube Scanner的檔案夾更加簡單
- bin:sonarQube Scanner運作指令檔案夾
- conf:sonarQube Scanner配置檔案夾
- lib:sonarQube Scanner存放的運作庫檔案(jar)
節點:
sonar.host.url:sonarQube URL位址(一般地,sonarQube與sonarScann應該預設都在同一台機器,如果是不在同一台機器,則需要替換成不同的IP,端口預設是9000)
sonar.sourceEncoding:sonarQube的預設源碼編碼方式
sonar.jdbc.username:sonarQube資料庫使用者名(上一節DB新增并授權使用者名sonar)
sonar.jdbc.password:sonarQube資料庫密碼(上一節DB新增并授權使用者密碼sonar)
sonar.jdbc.url:sonarQube DB連接配接方式(一般來說,mysql與sonarQube都是安裝在同一台機器,是以這裡一般都是使用localhost,預設使用的是3306端口,如不在同一台機器,應該使用對應的IP位址,當然,上一節新增的使用者也需要對相應的通路位址進行授權)
#Configure here general information about the environment, such as SonarQube DB details for example
#No information about specific project should appear here
#----- Default SonarQube server
sonar.host.url=http://localhost:9000
#----- Default source code encoding
sonar.sourceEncoding=UTF-8
#----- Global database settings (not used for SonarQube 5.2+)
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar
#----- PostgreSQL
#sonar.jdbc.url=jdbc:postgresql://localhost/sonar
#----- MySQL
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8
#----- Oracle
#sonar.jdbc.url=jdbc:oracle:thin:@localhost/XE
#----- Microsoft SQLServer
#sonar.jdbc.url=jdbc:jtds:sqlserver://localhost/sonar;SelectMethod=Cursor - 系統配置
這一步的主要目的就是,能夠使用指令行工具直接調用到sonarQube和sonarQube Scanner,我們可以将它們的目錄加入至系統的環境變量中
加入環境變量SONAR_RUNNER_HOME,配置的值是sonarQube Scanner的目錄,例如我本機的是C:\sonar-scanner\sonar-scanner-2.8\
在環境變量path的末尾加入sonarQube的bin位置,另外,在bin中,系統将支援windows系統和linux等系統,是以bin會有下級子檔案夾,我本機的是64位系統,是以在末尾加入;C:\sonarqube\sonarqube-6.1\bin\windows-x86-64(記得前面加入分号)
再在環境變量path的末尾加入sonarQube Scanner的bin位置,這裡我們已經将它的上級目錄加入了一個系統變量中,隻需要加上;%SONAR_RUNNER_HOME%/bin(記得前面加入分号)
- 運作系統
到此,我們打開sonarQube檔案夾中bin指令運作系統(應該打開一個指令行工具就可以運作指令,但我個人習慣在檔案夾中打開)
每次手動打開肯定是比較麻煩的,那就需要将sonarQube作為一個服務一直運作,即使重新開機電腦也可以正常通路,首先打開InstallNTService.bat,再運作StartNTService.bat
當提示中出現了紅框标示的語句,說明系統就已經啟動了
打開浏覽器,輸入http://localhost:9000/應該就可以打開系統了,第一次打開時,肯定是沒有Project中的資料的,我這裡已經運作成功了,是以才有資料。關于系統的一些管理功能,需要進一步的研究
- 檢視sonar-scanner(掃描器)
當安裝完成了sonarQube伺服器,還需要檢視sonar-scanner是否能夠正确運作了,因為接下來需要使用sonar-scanner去靜态掃描代碼
使用指令檢視,如果能夠正常顯示出sonar-scanner的資訊則是正常的,否則請檢視是否已經在環境變量中正确配置sonar-scanner
sonar-scanner -V - 源碼配置
至此,我們已經能夠正常的通路到系統了,但這僅僅是基礎,源碼掃描最重要的就是要将源碼提供給sonarQube Scanner掃描,并在sonarQube系統中顯示結果。
還需要完成最重要的一步,配置源碼掃描,我這裡以實際的項目為例,在解決方案檔案的同級目錄加入一個配置檔案sonar-project.properties
sonar.projectKey:運作項目的唯一關鍵字,其中允許"-"、"_"、"."、":"字元
sonar.projectName:項目名稱,在系統中顯示的項目名稱
sonar.projectVersion:項目版本号
sonar.sources:源代碼的路徑,如有多個路徑,可以使用分号進行分隔,如果該參數沒有設定,則從目前目錄進行掃描
sonar.language:語言的類型,因為我這裡是C#,對應的就是cs了
以上是強制參數,是必須設定的,以下是可選參數-----------------------------------------------------------
sonar.projectDescription:定義項目的描述
sonar.sourceEncoding:編碼方式,不知道有什麼實際的用處
sonar.binaries:指定編譯後代碼的路徑,如類或二進制,逗号隔開,不相容Maven,使用Maven時會在Manven預設項目路徑下找編譯後的代碼
sonar.tests:指定單元測試代碼的路徑,使用逗号隔開
sonar.libraries:指定第三方包的路徑,如java的jar包
sonar.importSources:有時,出于安全或其他原因,項目源代碼不允許存儲和檢視。預設為true(我并未處理該節點,掃描完成後一樣可以檢視源代碼,不知道什麼原因)
sonar.projectDate:記錄曆史資料或某些事件時,極有必要自定義此參數。在版本控制中也會使用此參數,格式如:yyyy-MM-dd,預設是目前時間
sonar.exclusions:指定不納入分析的檔案,使用逗号分開
sonar.skippedModules:部分項目子產品可能不需要納入分析,以防影響整個項目的分析名額,例如內建測試或自動生成的代碼(ESB生成的接口檔案等)
sonar.includeModules:需要分析的子產品,其他子產品會被忽略,注意:根路徑必須加入
sonar.branch:管理項目分析,同一個工程的兩個項目分析在sonar中任務是兩個不同的項目
sonar.profile:通過sonar的Web接口, 可以定義很多品質規則,也可以友善的和已有的規則進行關聯
sonar.skipDesing:禁用Java位元組碼分析,從sonar 2.0,支援Java自己的位元組碼分析,預設為false
sonar.phase:分析前執行Maven指令
sonar.java.source:Java源代碼的版本,sonar不使用該屬性,插件可能會用到,如PMD
sonar.java.target:Java源代碼的版本,sonar不使用該屬性,插件可能會用到,如Clover
sonar.findbugs.excludesFilters:支援使用Findbugs的忽略過濾器
# Required metadata
sonar.projectKey=Workbench
sonar.projectName=Esquel.WebWorkbench
sonar.projectVersion=1.2.1
# Comma-separated paths to directories with sources (required)
sonar.sources=.
#sonar.binaries=bin\classes
# Language
sonar.language=cs
# Encoding of the source files
sonar.sourceEncoding=UTF-8 - 運作指令
在源碼的檔案夾按住shift鍵,滑鼠右鍵,在此處打開指令視窗,打開了指令視窗後,直接輸入sonar-runner.bat(如果該指令找不到,則需要檢視一下,是不是已經将目錄加入至環境變量中)
另外還發現另一種指令執行的方式,即使用指令并傳入必須的參數,這樣,就可以不用在待掃描的項目檔案路徑中加入sonar-project.properties配置檔案,比較簡單,但比較容易出錯,使用指令時需要先确定好參數再運作。
sonar-scanner -Dsonar.projectKey="newproject" -Dsonar.projectName="newprojectname" -Dsonar.projectVersion="1.6" -Dsonar.sources="." -Dsonar.language="cs" 然後回車,現在,sonarQube Scanner開始掃描C#代碼了,并等待完成,我在本機的處理速度還是相當快的
其中掃描代碼時,也可以在指令後面加入參數
-h :幫助
-X :産生Debug輸出
-i :産生互動
掃描完成後,會自動停止,但指令視窗不會關閉
- 檢視
再次進入http://localhost:9000/即可進入系統,并檢視到掃描的結果