6

我将 Jenkins 配置为使用 sonarqube 扫描仪。扫描工作正常。詹金斯管道正在工作,詹金斯日志中没有任何问题。

SonarQube Scanner 3.0.3.778 Jenkins:2.70 SonarQube Scanner for Jenkins 插件:2.6.1

我使用这段代码:

    stage('SonarQube analysis') {
        sh 'sed -ie "s|_PROJECT_|${PROJECT_CODE}|g" $WORKSPACE/_pipeline/sonar-project.properties'
        // requires SonarQube Scanner 3.0+
        def scannerHome = '/opt/sonar/bin/sonar-scanner';
        withSonarQubeEnv('mscodeanalysis') {
            sh "${scannerHome}/bin/sonar-scanner -Dproject.settings=$WORKSPACE/_pipeline/sonar-project.properties"
        }
    }
    }
    }
}
    }
    // No need to occupy a node
    stage("Quality Gate"){
        timeout(time: 15, unit: 'MINUTES') { // Just in case something goes wrong, pipeline will be killed after a timeout
        def qg = waitForQualityGate() // Reuse taskId previously collected by withSonarQubeEnv
            if (qg.status != 'OK') {
                error "Pipeline aborted due to quality gate failure: ${qg.status}"
            }
        }
    }

我的问题来自质量门。它从不将 json 有效负载发布到詹金斯。我在 jenkins 日志中没有看到 json 条目。但我知道 jenkins 和 sonarqube 服务器之间的连接正在工作,因为我能够使用来自 sonarqube VM 的 curl 发送一个 POST。

这里是詹金斯的工作输出:

Timeout set to expire in 15 min
[Pipeline] {
[Pipeline] waitForQualityGate
Checking status of SonarQube task 'AV3irVJXpvBxXXNJYZkd' on server 'mscodeanalysis'
SonarQube task 'AV3irVJXpvBxXXNJYZkd' status is 'PENDING'
Cancelling nested steps due to timeout

这是我从未到达 jenkins 管道的有效负载: url: http://sonar-server:9000/api/ce/task?id=AV3irVJXpvBxXXNJYZkd

{"task":{"organization":"default-organization","id":"AV3irVJXpvBxXXNJYZkd","type":"REPORT","componentId":"AV3hrJeCfL_nrF2072FH","componentKey":"POOL-003","componentName":"POOL-003","componentQualifier":"TRK","analysisId":"AV3irVkZszLEB6PsCK9X","status":"SUCCESS","submittedAt":"2017-08-14T21:36:35+0000","submitterLogin":"jenkins","startedAt":"2017-08-14T21:36:37+0000","executedAt":"2017-08-14T21:36:38+0000","executionTimeMs":650,"logs":false,"hasScannerContext":true}}

我无法插入图像,但质量门是通过并且分析任务是成功的。

让我知道是否需要包含更多信息。谢谢

4

8 回答 8

4

问题可能是 Jenkins 使用带有自签名证书的 https。那么解决方案是:

  1. 为 SonarQube 生成信任库:

    keytool -import -trustcacerts -alias jenkins-host-name -file cert.crt -keystore sonarqube.jks

    密钥库密码:密码

    其中 cert.crt - 用于 jenkins 的 ssl 证书,jenkins-host-name - 是 docker 网络中 jenkins 的主机名(用于 webhook)

  2. 将信任库添加到 SonarQube Dockerfile:

    FROM sonarqube
COPY sonarqube.jks /var/sonar_cert/
COPY sonar.properties /opt/sonarqube/conf/sonar.properties

  3. 更新 sonar.properties

    sonar.ce.javaAdditionalOpts=-Djavax.net.ssl.trustStore=/var/sonar_cert/sonarqube.jks -Djavax.net.ssl.trustStorePassword=password

然后,如果您在 webhook URL 中提供了正确的 Jenkins 用户名和密码,那么一切都应该正常工作。

试过:詹金斯 2.107.2,SonarQube 7.1

于 2018-05-07T10:54:26.253 回答
2

Here is a quick example of what we did to resolve this issue:

SonarQube randomly hangs at "pending" state. Telling it to retry refreshes it. We set it to 10 seconds in this example

maxRetry = 200
forloop (i=0; i<maxRetry; i++){
    try {
        timeout(time: 10, unit: 'SECONDS') {
            waitForQualityGate()
        }
    } catch(Exception e) {
        if (i == maxRetry-1) {
            throw e
        }
    }
}
于 2019-03-12T21:38:39.613 回答
2

如果您已将 SonarQube 配置为使用 HTTP(S) 代理,请确保您的 jenkins 可以通过代理访问或配置为“非代理主机”。这可以通过http.nonProxyHosts属性或HTTP_NONPROXYHOSTS环境变量来完成。另请参阅文档以获取更多信息和语法。

于 2020-12-07T17:03:45.170 回答
2

惊讶地发现@Katone Vi 的回答效果很好。根据他们的回答,我们添加了一个成功的快速退出并将 DSL 用于原始请求:

    stage('SonarQube') {
      steps {
        withSonarQubeEnv('SonarQube') {
          sh """
            ${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=XXX_${env.STAGE}_lambda
          """
        }

        script {
          Integer waitSeconds = 10
          Integer timeOutMinutes = 10
          Integer maxRetry = (timeOutMinutes * 60) / waitSeconds as Integer
          for (Integer i = 0; i < maxRetry; i++) {
            try {
              timeout(time: waitSeconds, unit: 'SECONDS') {
                def qg = waitForQualityGate()
                if (qg.status != 'OK') {
                  error "Sonar quality gate status: ${qg.status}"
                } else {
                  i = maxRetry
                }
              }
            } catch (Throwable e) {
              if (i == maxRetry - 1) {
                throw e
              }
            }
          }
        }
      }
    }
于 2019-08-06T17:54:11.597 回答
1

我遇到过类似的问题,而 Sonar 服务器中的质量门后端活动需要不到 20 秒的时间来完成分析。但是 jenkins 工作中 sonar-webhook 的质量门失败/成功响应需要很多时间并且卡住了。

 stage('Sonar:QG') {
            steps {
                **sleep(10)  /* Added 10 sec sleep that was suggested in few places*/**
                script{
                    timeout(time: 10, unit: 'MINUTES') {
                        def qg = waitForQualityGate abortPipeline: true
                        if (qg.status != 'OK') {
                            echo "Status: ${qg.status}"
                            error "Pipeline aborted due to quality gate failure: ${qg.status}"
                        }
                    }
                }
            }
        }

基本上检查以下内容:- Webhook 是否在声纳中配置:- SonarQube -> 管理 -> Webhooks http://:/sonarqube-webhook/

或在http://locahlhost:port/sonarqube-webhook/中使用 localhost 代替 IP可以解决我的问题。

于 2019-04-12T11:03:03.537 回答
1

如果您使用的是 Jenkinsfile,这是解决方法:

定义凭据:

 environment { 
  CRED = credentials('jenkins_user_pass') 
 }

然后使用:

stage("Quality Gate") {
    steps {
         script {
                while(true){
                    sh "sleep 2"
                    def url="http://jenkinsURL/job/${env.JOB_NAME.replaceAll('/','/job/')}/lastBuild/consoleText";
                    def sonarId = sh script: "wget -qO- --content-on-error --no-proxy --auth-no-challenge --http-user=${CRED_USR} --http-password=${CRED_PSW} '${url}'  | grep 'More about the report processing' | head -n1 ",returnStdout:true
                    sonarId = sonarId.substring(sonarId.indexOf("=")+1)
                    echo "sonarId ${sonarId}"
                    def sonarUrl = "http://jenkinsURL/sonar/api/ce/task?id=${sonarId}"
                    def sonarStatus = sh script: "wget -qO- '${sonarUrl}' --no-proxy --content-on-error | jq -r '.task' | jq -r '.status' ",returnStdout:true
                    echo "Sonar status ... ${sonarStatus}"
                    if(sonarStatus.trim() == "SUCCESS"){
                        echo "BREAK";
                        break;
                    }
                    if(sonarStatus.trim() == "FAILED "){
                        echo "FAILED"
                        currentBuild.result = 'FAILED'
                        break;
                    }
                }
            }
        }
    }
于 2018-03-21T15:44:30.780 回答
0

我做出了更简单的决定,但它的工作原理相同

stage("Quality gate") {
      steps {
        retry(3){
            waitForQualityGate abortPipeline: true
          }

      }
    }
于 2021-11-10T11:01:32.410 回答
-1

在 stage('SonarQube analysis') AND stage("Quality Gate") 之间添加一个 sh 'sleep 10' 可以解决问题。现在詹金斯的工作收到

Checking status of SonarQube task 'AV3rHxhp3io6giaQF_OA' on server 'sonarserver'
SonarQube task 'AV3rHxhp3io6giaQF_OA' status is 'SUCCESS'
SonarQube task 'AV3rHxhp3io6giaQF_OA' completed. Quality gate is 'OK'
于 2017-08-16T13:01:45.730 回答