1、GitLab-Runner安装
(1)在Admin面板 -- >Runners,查看GitLab-Runner安装方式
(2)下载安装
# Download the binary for your system
sudo curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
# Give it permissions to execute
sudo chmod +x /usr/local/bin/gitlab-runner
# Create a GitLab CI user
sudo useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash
# Install and run as service
sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
sudo gitlab-runner start
(3)命令注册
sudo gitlab-runner register --url http://192.168.44.136/ --registration-token hiSDonwf--4gtjqvcbMb
(4)返回gitlab页面,可以看到刚注册的runner。
2、在项目根目录创建.gitlab-ci.yml文件
配置 .gitlab-ci.yml 文件内容:
stages: - sonarqube_scan - sendmail sonarqube_scan_job: stage: sonarqube_scan script: - mvn clean package - sonar-scanner -Dsonar.projectName=$CI_PROJECT_NAME -Dsonar.projectKey=$CI_PROJECT_NAME -Dsonar.language=java -Dsonar.host.url=http://192.168.44.137:9000 -Dsonar.login=admin -Dsonar.password=abc123! -Dsonar.sources=src -Dsonar.java.binaries=target/classes -Dsonar.java.test.binaries=target/test-classes -Dsonar.ws.timeout=30 -Dsonar.sources=src -Dsonar.sourceEncoding=UTF-8 -Dsonar.java.binaries=target/classes -Dsonar.java.test.binaries=target/test-classes -Dsonar.java.surefire.report=target/surefire-reports tags: - demo when: always sendmail_job: stage: sendmail script: - echo $GITLAB_USER_EMAIL - echo $CI_PROJECT_NAME - echo $CI_COMMIT_REF_NAME - python3 /opt/sonarqube_api.py $CI_PROJECT_NAME $CI_COMMIT_REF_NAME $GITLAB_USER_EMAIL tags: - demo
sonarqube_api.py代码如下:
#!/usr/bin/python # -*- coding: UTF-8 -*- import requests,json,sys,time import smtplib from email.mime.text import MIMEText from email.header import Header from_addr='543395404@qq.com' #邮件发送账号 qqCode='lejuimybvccobehh' #授权码 smtp_server='smtp.qq.com' smtp_port=465 def getSonarinfo(component): sonar_url="http://192.168.44.137:9000/api/measures/component?component={0}&metricKeys=bugs,vulnerabilities,code_smells,ncloc".format(component,) print(sonar_url) sonar_token ="d5519a4e9018084b98ba39d8f9cd82bee0142505" session = requests.Session() session.auth = sonar_token,'' call = getattr(session, 'get') res = call(sonar_url) binary = res.content result = json.loads(binary) result_dict = {} for info_dict in result["component"]["measures"]: result_dict[info_dict["metric"]] = info_dict["value"] #print(result_dict) return result_dict def sendmail(to_addrs,mail_msg): stmp=smtplib.SMTP_SSL(smtp_server,smtp_port) stmp.login(from_addr,qqCode) message = MIMEText(mail_msg, 'html', 'utf-8') message['From'] = Header("管理员", 'utf-8') message['To'] = Header("Me", 'utf-8') subject = 'Gitlab代码安全检测结果' message['Subject'] = Header(subject, 'utf-8') try: stmp.sendmail(from_addr, to_addrs, message.as_string()) except Exception as e: print ('邮件发送失败--' + str(e)) print ('邮件发送成功') if __name__ == '__main__': project = sys.argv[1] branch = sys.argv[2] user_email = sys.argv[3] time.sleep(10) sonarqube_data = getSonarinfo(component=project,) project_url = "http://192.168.44.137:9000/dashboard?id={0}".format(project,) print(sonarqube_data) html_text = """ <!DOCTYPE html> <html lang="en"> <head> <title></title> <meta charset="utf-8"> </head> <body> <div class="page" style="margin-left: 30px"> <h3>{user_email}, 你好!</h3> <h3> 本次提交代码检查结果如下:</h3> <h3> 项目名称:{project} </h3> <h3> 分支:{branch} </h3> <h3>一、总体情况</h3> <ul> <li style="font-weight:bold;"> 本次扫描代码行数: <span style="color:blue">{lines} </span>, bugs: <span style="color:red">{bugs}</span>, Vulnerabilities: <span style="color:red">{vulnerabilities}</span>, Code Smells: <span style="color:red">{code_smells}</span> </li> <li style="font-weight:bold;margin-top: 10px;"> URL地址: <a style="font-weight:bold;" href={project_url}>{project_url} </a> </li> </ul> </div> </body> </html> """.format(user_email=user_email,project=project,branch=branch,lines=sonarqube_data["ncloc"],bugs=sonarqube_data["bugs"],vulnerabilities=sonarqube_data["vulnerabilities"],code_smells=sonarqube_data["code_smells"],project_url=project_url) #print(html_text) sendmail(to_addrs=user_email,mail_msg=html_text)
3、实现效果
(1)模拟用户提交代码,新建测试文件填写测试字符,然后commit提交。
(2)在GitLab,CI/CD-->Pipelines,可以查看运行状态,点击进入可查看详情。
(3)完成后,用户邮箱收到代码检测报告。
(4)在sonar可以查看到对应的项目检测情况。
参考链接:
Gitlab集成Sonarqube自动检测代码并发送报告给提交者
https://www.cnblogs.com/Sunzz/p/13731675.html
https://blog.csdn.net/a49963775222/article/details/110120319