Preface casually write, everyone also casually look, 2020, try to take a table tennis district champion.

1 overview

SonarQube is an open source platform for managing source code quality. SonarQube is not only a quality data reporting tool, but also a code quality management platform. Support Java, C#, C/C++, PL/SQL, Cobol, javascript, Groovy and more than 20 programming languages code quality management and detection. SonarQube can detect code quality from the following seven dimensions, and as a developer you need to address at least the first five.

SonarQube can be written by PMD,CheckStyle,Findbugs and other code rule detection tools. SonarQube can use PMD,CheckStyle,Findbugs and other code rule detection tools to detect potential defects. (3) Poor complexity distribution files, classes, methods, etc., which can be difficult to change if the complexity is too high, making it difficult for developers to understand them, and without automated unit testing, changes to any component in the program may result in the need for comprehensive regression testing. (4) Duplication Obviously a program that contains a lot of copy-and-paste code is of poor quality, SonarQube can show the source code where duplication is serious. (5) Insufficient or too many comments without comments will make the code less readable, especially when the inevitable personnel changes occur, the readability of the program will be greatly reduced, and too many comments will make the developer spend too much energy on reading the comments, also against the purpose. (6) Lack of unit tests SonarQube makes it easy to count and show unit test coverage. (7) Bad design SonarQube can find out the loop, show the interdependency between package and package, class and class, and detect custom architecture rules. SonarQube can manage third-party JAR packages. LCOM4 can be used to detect the application of single task rules and detect coupling.Copy the code

2 Prepare the basic environment

This article mainly describes how to build sonarQube and Jenkins automatic build in Windows system. All the environment should be built according to the requirements of the author, so that you can build successfully.

(1)Java environment 1.8 (2)Maven environment (3) mysql5.6-8.0, Mysql exception (4) Node.js (5)SonarQube7.6 (6)Sonar-Scanner/Runner (7)SVN code management repository I've already downloaded it, mainly in case many people fail to download the plugin. All the installation files are on a web disk and can be accessed by yourselfCopy the code

2.1 Java Environment Installation

After installing JDK, you need to configure the environment variablesCopy the code

2.2 the Maven installation

Again, unzip the Maven installation package to any disk, and again configure the Maven environment variablesCopy the code

2.3 the Mysql installation

Before installing mysql, many people will ask me why I want to talk about basic things, you know, there are a lot of cool kids because of some basic environment or version problemsCopy the code

== skull all want to scratch bald cough! = =

1. Decompress the file to the user-defined directory. 2. Configure my.ini and create file my.ini in the root directory. [mysqld] basedir ="C:\mysql-6.3-winx64" -- datadir ="C:\mysql-6.3-winx64\data" Port =3306 server_id =10 character-set-server=utf8 [client] port=3306 default-character-set=utf8 [mysqld_safe] timezone="CST" [mysql] default-character-set=utf8 3. 4. Find cmd.exe and run it as an administrator (make sure you are an administrator) 5. Mysqld --install -- mysqld -- mysqld -- mysqld -- mysqld -- mysqld -- mysqld -- mysqld -- mysqld Run CMD as administrator, - enter the sc query mysql command to query the mysql service - enter the sc delete mysql command to delete the mysql - run mysqld --install To initialize the database, enter: -mysqld --initialize --console -mysqld --initialize --user=root --console. Enter: net start mysql. Later you can also use net stop mysql to shut down mysql services. MySQL > alter user user() identified by "123456"; MySQL > alter user user() identified by "123456"; 10. Show databases; Display database list; 12. Show tables; Display the name of the tableCopy the code

Two problems may occur here: 1. Mysql installation fails due to C++ environment problems. You can use the following toolsC++ environment completion toolInstall C++ environment; SonarQube: sonar: sonar: sonar: sonar: sonar: sonar: sonar: sonar: sonar: sonar: sonar: sonar: sonar If you don’t meet then all the children are bang bang.

2.4 the node. Js installed

Node.js is also a must, as you cannot scan Css files in your code without the Node.js environment.Copy the code

Installation mode because of too many screenshots, refer to hereNode.js installation tutorial

2.5 SonarQube7.6 installation

[root@sonarson. properties] [root@sonarson. properties] [root@sonarson. properties] [root@sonarson. properties] [root@sonarson. properties] [root@sonarson. properties] Sonar.jdbc. url database connection address sonar.jdbc.username database login username sonar.jdbc.password database login password --SonarQube starts with default admin account and password -- Shut down SonarQube service -- Figure 3 (you need to close all Java projects in task Manager) -- Restart SonarQube service -- Figure 4 -- Go to http://localhost:9000 again, It's a little slow because you're initializing the database information (which you can see in user)Copy the code

2.6 Sonar-Scanner Installation

Sonar-Scanner is a command line tool that analyzes code with a SonarQube server, which can be simply interpreted as a SonarQube client. Sonar-Scanner will post the data to the SonarQube database when the analysis is complete and show it in SonarQube for easy analysis.

Sonar - sonar-Scanner properties file Url for our client to access the address, Create a variable, name=SONAR_SCANNER_HOME value=D:\sonar\sonar-scanner-2.5 SONAR_SCANNER_HOME input % % \ bin; Sonar -runner -version: If the following information is displayed, the environment variables are set successfullyCopy the code

2.7 Installing the SVN Code Management Repository

Here, I believe that there are a lot of children said the author is too wordy, why don't you start to scan the project to Lao Tzu, don't hurry, don't miss the work of cutting wood, when everything is ready, scan the BUG is not a matter of minutes. When it comes to code management tools, of course,git and Gitlab come to mind first, but for beginners, Svn is more suitable for visualization, so I choose the relatively simple Svn here. Still run to the tool library I provide for you to download down first, and then decompress, click on the following and this cute little icon, we have to launch the Svn client, and then create a warehouse, has been crazy click on the next step, is so easy.Copy the code

Create a local repositoryCopy the code

Create a user to submit our code, and then create a folder under our folder to initialize our repository Check Out. No further detailsCopy the code

You can refer to SVN Usage Tutorial

2.8 Jenkins Platform Installation

Jenkins is an open source software project. Jenkins is a continuous integration tool based on Java development. It is used to monitor continuous duplication of work and aims to provide an open and easy to use software platform that makes continuous integration of software possible. Jenkins features include: 1. Ongoing software release/test projects. 2. Monitor the work performed by external calls. For the first boot method, switch to the Jenkins. War directory and run the following command: $Java -jar Jenkins. War If you need to change the port, run the following command: $java-jar Jenkins. Jar --httpPort=8081 then in your browser (Firefox recommended) type localhost:8081. Localhost can be the local IP or computer name. I can open up Jenkins. The second method is to decompress Tomcat to a directory such as /usr/local, go to the /bin directory under tomcat, start tomcat, put Jenkins. War file under tomcat webapps directory, and start tomcat. The Jenkins directory will be automatically created in the Webapps directory. In the address bar, enter localhost:8080/ Jenkins. In this case, we use the second method to build Jenkins, because we build on Windows, so simply put Jenkins. War in Tomcat's wapapps and start Tomcat to access JenkinsCopy the code

Jenkins Introduction

Because a lot of friends inDownload the plug-in this step on the knees, so this blunt also provides everyone has downloaded a good plug-in, free sale, are at the end of the article, selfSimply unzip the plugins into your home directory. Jenkins, replace the plugins, and restart.At this point, basically the required environment has been installed, let’s start our scan journey.

3 Instructions

3.1 Analyze the local project using the Sonar-scanner command

1. Go to E:\sonarqube-7.6\bin\ Windows-x86-64 (your sonarqube installation directory), just create a new file: Sonar in the project directory and configure it as shown in figure 1 2. Click startsonar. bat to start the Sonar service 3. Go to the path where the project is located and run the sonar-scanner command to scan the code - Figure 2 4. Run the final result to show EXECUTION SUCCESS - Figure 3 5. Client view code scan results - Figure 4Copy the code

3.2 The compiled Maven project has no content in the target file, but it should be noted anyway

Contents of the file sonar-project.propertiesCopy the code

After CMD enter the project directory to run: sonar-scannerCopy the code

3.3 For the compiled Maven project, analyze the project using the Maven analyzer plug-in

In maven conf under settings. XMLCopy the code

Add the following code to the <profiles></profiles> nodeCopy the code
            <! -- SERVER ON A REMOTE HOST -->

Copy the code
MVN clean install sonar:sonarCopy the code

3.4 Code walkthrough for JS, CSS and HTML

Contents of the file sonar-project.propertiesCopy the code
Sonar. ProjectVersion = 1.0

Copy the code
After CMD enter the project directory to run: sonar-scannerCopy the code

4. Jenkins integration SVN + + sonar maven + tomcat + sonarqube – scanner

Sonarqube is not installed in the plugins recommended by Jenkins. You need to search for sonarqube in system Administration - Plugins Management - Optional plugins. Sonarqube is named Sonarqube scanner for Jenkins. Sonarqube Servers will be available under System Administration - System Settings and you can configure itCopy the code

4.1Jenkins For SonarQube configuration

4.1.1. Install plug-ins in System Management-Plug-in Management

4.1.2. Set sonarqube Servers in System Management-System Settings

4.1.3 Get the user token for sonarqube Servers

4.1.4. Set the Sonarqube scanner in System Manage-Global Tool Configuration

4.1.5. Install nodeJS plug-in. Otherwise, CSS files cannot be scanned

4.1.6. Set nodeJS in System Management-Global Tool Configuration

The installation directory here is the directory where your node.js is locatedCopy the code

4.2 Conduct a code walkthrough of a non-Maven project to build a free-style project

4.2.1 Enter the project configuration information

4.2.2 Set the number and duration of builds to be saved

4.2.3 Setting the PATH and Account of the SVN

Git is used to manage the source code, and GitLab is used as the source code branch to fill in the masterCopy the code

4.2.4 Set the item to poll every 5 minutes

4.2.5 Selecting the nodeJS Environment

4.2.6 Build trigger and Build environment (Account password of Sonar)

4.2.7 “Build now” operation is carried out for the project after saving, and the analysis situation of the project in Sonarqube can be viewed

4.3 Conduct a code walkthrough of a Maven project to build a Maven project

4.3.1 Enter the project configuration information and set the number and time for saving the build

4.3.2 Setting the PATH and Account of the SVN

4.3.3 Set the item to poll every 5 minutes

4.3.4 Selecting the nodeJS environment

4.3.5 Build trigger and Build environment (Account password of Sonar)

4.3.6 Adding the WAR package in the post-build operation

4.3.7 After saving, perform “Build now” operation on the project, and you can view the analysis situation of the project in Sonarqube

5 SonarQube related indicators

5.1SonarQube index brain map

5.2 Code quality valve

Code quality statistics can help us determine whether a project is ready for productionCopy the code

Quality valves can be configured according to actual project requirements (default configuration of Sonar)

6 the conclusion

Next article: How to use Jenkins to build piggies and email notifications

I hope that you, who are reading this article, will have a smooth New Year and be able to work towards your goals.The key came: like a friend can point to pay attention to, today this article is really the size of my more than 4 hours, old waist all acid dead.

All the tools used in this article are available on my official account, [reply] [Sonarqube] free of charge.

CSDN link…