func-code-scanner
library集成代码扫描
sonarqube代码扫描作为通用功能,同样可以使用library实现。
devops.groovy
/**
* sonarqube scanner
* @param projectVersion
* @param waitScan
* @return
*/
static def scan(String projectVersion="", Boolean waitScan = true) {
return new Sonar().init(projectVersion, waitScan)
}
新建Sonar.groovy
- 可以传递projectVersion作为sonarqube的扫描版本
- 参数waitScan来设置是否等待本次扫描是否通过
package com.luffy.devops
def init(String projectVersion="", Boolean waitScan = true) {
this.waitScan = waitScan
this.msg = new BuildMessage()
if (projectVersion == ""){
sh 'git config --global --add safe.directory ${WORKSPACE}'
projectVersion = sh(returnStdout: true, script: 'git log --oneline -n 1|cut -d " " -f 1')
}
sh "echo '\nsonar.projectVersion=${projectVersion}' \>\> sonar-project.properties"
sh "cat sonar-project.properties"
return this
}
def start() {
try {
this.startToSonar()
}
catch (Exception exc) {
throw exc
}
return this
}
def startToSonar() {
withSonarQubeEnv('sonarqube') {
sh "sonar-scanner -X;"
sleep 5
}
if(this.waitScan){
//wait 3min
timeout(time: 3, unit: 'MINUTES') {
def qg = waitForQualityGate()
String stage = "${env.stage_name}"
if (qg.status != 'OK') {
this.msg.updateBuildMessage(env.BUILD_TASKS, "${stage} Failed... ×")
updateGitlabCommitStatus(name: "${stage}", state: 'failed')
error "Pipeline aborted due to quality gate failure: ${qg.status}"
}else{
this.msg.updateBuildMessage(env.BUILD_RESULT, "${stage} OK... √")
updateGitlabCommitStatus(name: "${stage}", state: 'success')
}
}
}else{
echo "skip waitScan"
}
return this
}
Jenkinsfile如下:
@Library('luffy-devops') _
pipeline {
agent { label 'jnlp-slave'}
options {
timeout(time: 20, unit: 'MINUTES')
gitLabConnection('gitlab')
}
environment {
IMAGE_REPO = "172.21.65.226:5000/eladmin/eladmin-api"
IMAGE_CREDENTIAL = "credential-registry"
DINGTALK_CREDS = credentials('dingTalk')
}
stages {
stage('gitlog') {
steps {
script{
sh "git log --oneline -n 1 \> gitlog.file"
env.GIT_LOG = readFile("gitlog.file").trim()
}
sh 'printenv'
}
}
stage('checkout') {
steps {
checkout scm
updateGitlabCommitStatus(name: env.STAGE_NAME, state: 'success')
}
}
stage('mvn package') {
steps {
container('tools') {
sh 'mvn clean package'
}
updateGitlabCommitStatus(name: env.STAGE_NAME, state: 'success')
}
}
stage('CI'){
failFast true
parallel {
stage('Unit Test') {
steps {
echo "Unit Test Stage Skip..."
}
}
stage('Code Scan') {
steps {
container('tools') {
script{
devops.scan().start()
}
}
}
}
}
}
stage('build-image') {
steps {
container('tools') {
script{
devops.docker(
"${IMAGE_REPO}",
"${GIT_COMMIT}",
IMAGE_CREDENTIAL
).build().push()
}
}
}
}
}
post {
success {
container('tools') {
sh """
curl 'https://oapi.dingtalk.com/robot/send?access_token=${DINGTALK_CREDS_PSW}' \
-H 'Content-Type: application/json' \
-d '{
"msgtype": "markdown",
"markdown": {
"title":"eladmin-api",
"text": "😄👍 构建成功 👍😄 \n**项目名称**:luffy \n**Git log**: ${GIT_LOG} \n**构建分支**: ${BRANCH_NAME} \n**构建地址**:${RUN_DISPLAY_URL} \n**构建任务**:${env.BUILD_TASKS}"
}
}'
"""
}
}
failure {
echo 'Oh no!'
}
}
}