Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Run sonarqube scanner with gitlab ci

I am trying to put together a CI environment for a .NET application using the following stack (just the relevant ones):

  • Debian + mono
  • Docker
  • Gitlab CI
  • Gitlab-multi-runner (as a docker container)
  • Sonarqube + Postgre

I've used docker-compose to create the container for sonarqube and postgre, both are running and working. I am sadly stuck with executing sonarqube analysis for my build executed by the gitlab runner and all examples I found were using Maven. I've tried to use sonar-scanner as well, no luck so far.

Here are the contents of my gitlab-ci.yml:

image: mono:latest

cache:
  paths:
  - ./src/T_GitLabCi/packages/

stages:
  - build

.shared: &restriction
  only:
    - master
  tags:
    - docker

build:
  <<: *restriction
  stage: build
  script:
    - nuget restore ./src/T_GitLabCi
    - MONO_IOMAP=case xbuild /t:Build /p:Configuration="Release" /p:Platform="Any CPU" ./src/T_GitLabCi/T_GitLabCi.sln
    - mono ./tools/NUnitConsoleRunner/nunit3-console.exe ./src/T_GitLabCi/T_GitLabCi.sln --work=./src/T_GitLabCi/test --config=Release
    - << EXECUTE SONAR ANALYSIS >>

I am definitely missing something here. Could somebody point me the right direction?

like image 498
kataik Avatar asked Oct 05 '16 13:10

kataik


1 Answers

I have projects written in PHP but that shouldn't matter. Here's what I did.

  1. I enabled a private registry hosted on my GitLab installation
  2. In this registry I have a "sonar-scanner" image built from this Dockerfile (it's based on one of the images available on Docker hub):

    FROM java:alpine  
    ENV SONAR_SCANNER_VERSION 2.8
    
    RUN apk add --no-cache wget && \  
        wget https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-${SONAR_SCANNER_VERSION}.zip && \  
        unzip sonar-scanner-${SONAR_SCANNER_VERSION} && \  
        cd /usr/bin && ln -s /sonar-scanner-${SONAR_SCANNER_VERSION}/bin/sonar-scanner sonar-scanner && \  
        apk del wget
    
    COPY files/sonar-scanner-run.sh /usr/bin
    

and here's the files/sonar-scanner-run.sh file:

#!/bin/sh

URL="<YOUR SONARQUBE URL>"
USER="<SONARQUBE USER THAT CAN ACCESS THE PROJECTS>"
PASSWORD="<USER PASSWORD>"

if [ -z "$SONAR_PROJECT_KEY" ]; then
  echo "Undefined \"projectKey\"" && exit 1
else
  COMMAND="sonar-scanner -Dsonar.host.url=\"$URL\" -Dsonar.login=\"$USER\" -Dsonar.password=\"$PASSWORD\" -Dsonar.projectKey=\"$SONAR_PROJECT_KEY\""

  if [ ! -z "$SONAR_PROJECT_VERSION" ]; then
    COMMAND="$COMMAND -Dsonar.projectVersion=\"$SONAR_PROJECT_VERSION\""
  fi

  if [ ! -z "$SONAR_PROJECT_NAME" ]; then
    COMMAND="$COMMAND -Dsonar.projectName=\"$SONAR_PROJECT_NAME\""
  fi
  if [ ! -z $CI_BUILD_REF ]; then
    COMMAND="$COMMAND -Dsonar.gitlab.commit_sha=\"$CI_BUILD_REF\""
  fi
  if [ ! -z $CI_BUILD_REF_NAME ]; then
    COMMAND="$COMMAND -Dsonar.gitlab.ref_name=\"$CI_BUILD_REF_NAME\""
  fi
  if [ ! -z $SONAR_BRANCH ]; then
    COMMAND="$COMMAND -Dsonar.branch=\"$SONAR_BRANCH\""
  fi
  if [ ! -z $SONAR_ANALYSIS_MODE ]; then
    COMMAND="$COMMAND -Dsonar.analysis.mode=\"$SONAR_ANALYSIS_MODE\""
    if [ $SONAR_ANALYSIS_MODE="preview" ]; then
      COMMAND="$COMMAND -Dsonar.issuesReport.console.enable=true"
    fi
  fi

  eval $COMMAND
fi
  1. Now in my project in .gitlab-ci.yml I have something like this:

    SonarQube:  
      image: <PATH TO YOUR IMAGE ON YOUR REGISTRY>  
      variables:  
        SONAR_PROJECT_KEY: "<YOUR PROJECT KEY>"  
        SONAR_PROJECT_NAME: "$CI_PROJECT_NAME"  
        SONAR_PROJECT_VERSION: "$CI_BUILD_ID"  
      script:  
      - /usr/bin/sonar-scanner-run.sh  
    

That't pretty much all. The above example of .gitlab-ci.yml is simplified since I'm using diffrent builds for master and other branches (like when: manual) and I use this plugin to get feedback in GitLab: https://gitlab.talanlabs.com/gabriel-allaigre/sonar-gitlab-plugin

Feel free to ask if you have any questions. It took me some time to put this all together the way I want it :) Actually I'm still finetuning it.

like image 137
Izydorr Avatar answered Sep 29 '22 05:09

Izydorr