本文共 7228 字,大约阅读时间需要 24 分钟。
SonarQube中提供SonarTS插件对前端的typescript代码进行质量扫描。这篇文章以SonarQube LTS 6.7为例整理进行一下typescript代码检查常见的问题与对应方法。
SonarQube Server端设定
- SonarQube版本 本文使用SonarQube LTS 6.7.1版本。
安装并升级SonarTS插件和SonarJS插件,本文示例所更新的插件版本如下所示:
- SonarTS插件
- SonarJS插件
设定方法
管理员账户登陆之后,在Administration页面的marketplace选项即可进行更新等操作
客户端
Sonar-Scanner设定方法
使用的Sonar-Scanner的版本为4.2,此版本中自带JRE。但是在Alpine的镜像中可能不好用,如果需要使用JAVA_HOME中指定的JRE或者JDK,vi手动修改sonar-scanner中的
use_embedded_jre=true改为use_embedded_jre=false即可。/data/jenkins/workspace/angular-pipeline-job/demo # /usr/local/share/sonar/bin/sonar-scanner --versionINFO: Scanner configuration file: /usr/local/share/sonar/conf/sonar-scanner.propertiesINFO: Project root configuration file: NONEINFO: SonarQube Scanner 4.2.0.1873INFO: Java 1.8.0_212 IcedTea (64-bit)INFO: Linux 4.9.87-linuxkit-aufs amd64/data/jenkins/workspace/angular-pipeline-job/demo #
typescript前端示例工程
使用Angular创建一个demo应用,使用如下命令即可
执行命令:ng new demo --style less
在Jenkinsfile中创建前端应用的示例可参看:
Sonar-Scanner使用示例
使用user/password方式
示例如下所示
/usr/local/share/sonar/bin/sonar-scanner \ -Dsonar.projectKey=angular \ -Dsonar.sources=src \ -Dsonar.host.url=http://192.168.31.242:9000 \ -Dsonar.login=admin \ -Dsonar.password=admin
使用token方式
示例如下所示
/usr/local/share/sonar/bin/sonar-scanner \ -Dsonar.projectKey=angular \ -Dsonar.sources=src \ -Dsonar.host.url=http://192.168.31.242:9000 \ -Dsonar.login=8b138774fb2d29e2e7bcdca249c7e09a2013740c
常见问题
profile被删空或者缺少相应插件
profile如果连sonar way都被删除的情况下,或者缺少检查对象文件相应的插件的安装(比如检查typescript文件没有安装SonarTS插件的情况下),可能会提示如下的错误信息。
ERROR: Error during SonarQube Scanner executionERROR: No quality profiles have been found, you probably don't have any language plugin installed.ERROR:
SonarQube服务器端无法连接
基于网络或者SonarQube服务未正常启动等原因导致sonar-scanner无法连接服务器侧,此时经常会报出类似如下的错误信息
ERROR: Error during SonarQube Scanner executionorg.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85) at java.security.AccessController.doPrivileged(Native Method)...省略
客户端未安装nodejs
客户端对typescript进行扫描时,一般情况下会调用本地的nodejs进行预解析,如果本地没有安装nodejs或者未正确设定执行时的搜索路径,一般会报出诸如如下的错误信息
ERROR: Error during SonarQube Scanner executionjava.lang.IllegalStateException: Failed to get Node.js version.No TypeScript files will be analyzed. You can exclude TypeScript files from analysis with 'sonar.exclusions' property. at org.sonar.plugin.typescript.ExternalTypescriptSensor.checkCompatibleNodeVersion(ExternalTypescriptSensor.java:163) at org.sonar.plugin.typescript.ExternalTypescriptSensor.analyze(ExternalTypescriptSensor.java:117) at org.sonar.plugin.typescript.ExternalTypescriptSensor.execute(ExternalTypescriptSensor.java:111) at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53) at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88) at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)...省略
当然你也可以像提示说的那样在sonar.exclusions中设定让所有的ts文件都不作为扫描对象,显然这不是我们希望的解决方法。如果一般的环境直接安装nodejs即可,但是目前情况下,Alpine环境较为麻烦,最简单的方式是使用Alpine自带的包进行解决
/data/jenkins/workspace/angular-pipeline-job/demo # apk add nodejsfetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gzfetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz(1/4) Installing c-ares (1.15.0-r0)(2/4) Installing http-parser (2.8.1-r0)(3/4) Installing libuv (1.23.2-r0)(4/4) Installing nodejs (10.14.2-r0)Executing busybox-1.29.3-r10.triggerOK: 373 MiB in 115 packages/data/jenkins/workspace/angular-pipeline-job/demo # apk add npm(1/1) Installing npm (10.14.2-r0)Executing busybox-1.29.3-r10.triggerOK: 397 MiB in 116 packages/data/jenkins/workspace/angular-pipeline-job/demo #
执行示例
以下以Angular的demo应用为例,使用sonar-scanner进行扫描,执行日志如下所示
/data/jenkins/workspace/angular-pipeline-job/demo # /usr/local/share/sonar/bin/sonar-scanner \> -Dsonar.projectKey=angular \> -Dsonar.sources=src \> -Dsonar.host.url=http://192.168.31.242:9000 \> -Dsonar.login=admin \> -Dsonar.password=adminINFO: Scanner configuration file: /usr/local/share/sonar/conf/sonar-scanner.propertiesINFO: Project root configuration file: NONEINFO: SonarQube Scanner 4.2.0.1873INFO: Java 1.8.0_212 IcedTea (64-bit)INFO: Linux 4.9.87-linuxkit-aufs amd64INFO: User cache: /root/.sonar/cacheINFO: SonarQube server 6.7.1INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)INFO: Publish modeINFO: Load global settingsINFO: Load global settings (done) | time=239msINFO: Server id: AW3nsip1zhnfoGaybxGbINFO: User cache: /root/.sonar/cacheINFO: Load plugins indexINFO: Load plugins index (done) | time=140msINFO: Process project propertiesINFO: Load project repositoriesINFO: Load project repositories (done) | time=43msINFO: Load quality profilesINFO: Load quality profiles (done) | time=227msINFO: Load active rulesINFO: Load active rules (done) | time=837msINFO: Load metrics repositoryINFO: Load metrics repository (done) | time=73msWARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.INFO: Project key: angularINFO: ------------- Scan angularINFO: Load server rulesINFO: Load server rules (done) | time=96msINFO: Base dir: /data/jenkins/workspace/angular-pipeline-job/demoINFO: Working dir: /data/jenkins/workspace/angular-pipeline-job/demo/.scannerworkINFO: Source paths: srcINFO: Source encoding: UTF-8, default locale: en_USINFO: Index filesINFO: 13 files indexedINFO: Quality profile for ts: Sonar wayINFO: Sensor SonarTS [typescript]INFO: Analyzing 8 typescript file(s) with the following configuration file /data/jenkins/workspace/angular-pipeline-job/demo/tsconfig.jsonINFO: 8 files analyzed out of 8INFO: Sensor SonarTS [typescript] (done) | time=16336msINFO: Sensor Zero Coverage SensorINFO: Sensor Zero Coverage Sensor (done) | time=45msINFO: Sensor CPD Block IndexerINFO: Sensor CPD Block Indexer (done) | time=2msINFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.INFO: 5 files had no CPD blocksINFO: Calculating CPD for 3 filesINFO: CPD calculation finishedINFO: Analysis report generated in 387ms, dir size=15 KBINFO: Analysis reports compressed in 1878ms, zip size=14 KBINFO: Analysis report uploaded in 772msINFO: ANALYSIS SUCCESSFUL, you can browse http://192.168.31.242:9000/dashboard/index/angularINFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis reportINFO: More about the report processing at http://192.168.31.242:9000/api/ce/task?id=AW3uIXRZ5xxGRMjITaYsINFO: Task total time: 26.987 sINFO: ------------------------------------------------------------------------INFO: EXECUTION SUCCESSINFO: ------------------------------------------------------------------------INFO: Total time: 30.227sINFO: Final Memory: 8M/70MINFO: ------------------------------------------------------------------------/data/jenkins/workspace/angular-pipeline-job/demo #
执行结果如下所示
追记
后续发现,使用Sonar-Scanner 4.2 + SonarQuebe 6.7.1非常容易造成SonarQube服务的异常终止。所以SonarQube 6.7.1 仍建议使用Sonar-Scanner 3.2与之配合使用。详细可参看:
- https://liumiaocn.blog.csdn.net/article/details/102772836
转载地址:https://liumiaocn.blog.csdn.net/article/details/102670480 如侵犯您的版权,请留言回复原文章的地址,我们会给您删除此文章,给您带来不便请您谅解!