Pipeline Job进阶之构建通知和代码质量评估
在Pipeline Job中发送邮件通知
声明式pipeline的post{}里可以使用mail step来发送通知
◼ 该步骤支持有参数有如下几个
◆ subject:邮件主题;
◆ to:收件人地址;
◆ body:邮件正文;
◆ from:发件地址;
如果想让通知功能能够工作起来,得在jenkins上配置好通知服务
一:发送邮件通知 系统配置--jenkins location 输入发件人邮箱
回复邮件给谁并发邮件测试
在作业的声明式语法后端加上关于通知的语法配置
pipeline {
agent any
parameters {
booleanParam(name:'pushImage', defaultValue: 'true', description: 'Push Image to Harbor?')
}
tools {
maven 'maven-3.8.7'
}
triggers {
GenericTrigger(
genericVariables: [
[key: 'ref', value: '$.ref']
],
token: 'fClZ0e/kTcqL2ARh7YqxW/3ndOCZA2SqfKnRTLat',
causeString: 'Triggered on $ref',
printContributedVariables: true,
printPostContent: true
)
}
environment {
codeRepo="http://gitlab.mengfanchao.com/root/spring-boot-helloWorld.git"
harborServer='harbor.meng.org'
projectName='spring-boot-helloworld'
imageUrl="${harborServer}/ikubernetes/${projectName}"
imageTag='latest'
}
stages {
stage('Source') {
steps {
git branch: 'main', credentialsId: 'gitlab-root-credential', url: "${codeRepo}"
}
}
stage('Build') {
steps {
sh 'mvn -B -DskipTests clean package'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
}
stage('Build Docker Image') {
steps {
sh 'docker image build . -t "${harborServer}/ikubernetes/${projectName}:${imageTag}"'
}
}
stage('Push Docker Image') {
steps {
withCredentials([usernamePassword(credentialsId: 'harbor-user-credential', \
passwordVariable: 'harborUserPassword', usernameVariable: 'harborUserName')]) {
sh "echo ${harborUserPassword} | docker login -u ${env.harborUserName} --password-stdin ${harborServer}"
sh "docker image push ${imageUrl}:${imageTag}"
}
}
}
}
post {
always {
mail to: '1153454651@qq.com',
subject: "Status of pipeline: ${currentBuild.fullDisplayName}",
body: "${env.BUILD_URL} has result ${currentBuild.result}"
}
}
}
立即构建查看是否收到邮件
Dingtalk 群通知
安装Dingtalk 插件
在钉钉上找到DevOps群组--群设置--智能群助手-添加机器人--把webhook和加签信息进行复制
在jenkins的系统管理最下面找到钉钉进行配置
在作业上使用钉钉机器人往钉钉上发信息
pipeline {
agent any
parameters {
booleanParam(name:'pushImage', defaultValue: 'true', description: 'Push Image to Harbor?')
}
tools {
maven 'maven-3.8.7'
}
triggers {
GenericTrigger(
genericVariables: [
[key: 'ref', value: '$.ref']
],
token: 'fClZ0e/kTcqL2ARh7YqxW/3ndOCZA2SqfKnRTLat',
causeString: 'Triggered on $ref',
printContributedVariables: true,
printPostContent: true
)
}
environment {
codeRepo="http://gitlab.mengfanchao.com/root/spring-boot-helloWorld.git"
harborServer='harbor.meng.org'
projectName='spring-boot-helloworld'
imageUrl="${harborServer}/ikubernetes/${projectName}"
imageTag='latest'
}
stages {
stage('Source') {
steps {
git branch: 'main', credentialsId: 'gitlab-root-credential', url: "${codeRepo}"
}
}
stage('Build') {
steps {
sh 'mvn -B -DskipTests clean package'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
}
stage('Build Docker Image') {
steps {
sh 'docker image build . -t "${harborServer}/ikubernetes/${projectName}:${imageTag}"'
}
}
stage('Push Docker Image') {
steps {
withCredentials([usernamePassword(credentialsId: 'harbor-user-credential', \
passwordVariable: 'harborUserPassword', usernameVariable: 'harborUserName')]) {
sh "echo ${harborUserPassword} | docker login -u ${env.harborUserName} --password-stdin ${harborServer}"
sh "docker image push ${imageUrl}:${imageTag}"
}
}
}
}
post {
always {
dingtalk(
robot: 'dingtalk',
type: 'TEXT',
text: [
"Status of pipeline: ${currentBuild.fullDisplayName}",
"${env.BUILD_URL} has result ${currentBuild.result}."
]
)
}
}
}
应用保存并立即构建
企业微信群通知
安装,创建企业微信群,添加群机器人,复制webhook,粘贴到声明式语法中
pipeline {
agent any
parameters {
booleanParam(name:'pushImage', defaultValue: 'true', description: 'Push Image to Harbor?')
}
tools {
maven 'maven-3.8.7'
}
triggers {
GenericTrigger(
genericVariables: [
[key: 'ref', value: '$.ref']
],
token: 'fClZ0e/kTcqL2ARh7YqxW/3ndOCZA2SqfKnRTLat',
causeString: 'Triggered on $ref',
printContributedVariables: true,
printPostContent: true
)
}
environment {
codeRepo="http://gitlab.mengfanchao.com/root/spring-boot-helloWorld.git"
harborServer='harbor.meng.org'
projectName='spring-boot-helloworld'
imageUrl="${harborServer}/ikubernetes/${projectName}"
imageTag='latest'
}
stages {
stage('Source') {
steps {
git branch: 'main', credentialsId: 'gitlab-root-credential', url: "${codeRepo}"
}
}
stage('Build') {
steps {
sh 'mvn -B -DskipTests clean package'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
}
stage('Build Docker Image') {
steps {
sh 'docker image build . -t "${harborServer}/ikubernetes/${projectName}:${imageTag}"'
}
}
stage('Push Docker Image') {
steps {
withCredentials([usernamePassword(credentialsId: 'harbor-user-credential', \
passwordVariable: 'harborUserPassword', usernameVariable: 'harborUserName')]) {
sh "echo ${harborUserPassword} | docker login -u ${env.harborUserName} --password-stdin ${harborServer}"
sh "docker image push ${imageUrl}:${imageTag}"
}
}
}
}
post {
always {
qyWechatNotification failNotify: true, webhookUrl: 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=c79e3215-d39f-44a7-a760-fa0ab63ca46b'
}
}
}
在Pipeline上调用SonarQube进行代码质量评估(容器化部署)
配置Jenkins使用sonar-scanner进行代码质量扫描,并
将结果报告给SonarQube Server的主要步骤如下
◼ 首先,在Jenkins上安装SonarQube Scanner插件
◼ 其次,配置Jenkins对接到SonarQube Server
◼ 第三,配置Jenkins的全局工具sonar-scanner
◼ 第四,在SonarQube上添加回调Jenkins的Webhook
◼ 第五,在Pipeline Job上调用sonar-scanner进行代码质量
扫描
◼ 最后,通过SonarQube确认扫描结果的评估
部署SonarQube的docker-compose文件
version: "3.6"
volumes:
sonarqube: {}
postgresql: {}
networks:
jenkins_net:
driver: bridge
ipam:
config:
- subnet: 172.31.5.0/24
services:
sonarqube:
image: sonarqube:community
hostname: sonar.magedu.com
container_name: sonarqube
depends_on:
- db
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
volumes:
- sonarqube:/opt/sonarqube
ports:
- "9000:9000"
networks:
jenkins_net:
ipv4_address: 172.31.5.2
aliases:
- sonar
- sonarqube
- sonarqube.magedu.com
restart: always
db:
image: postgres:12
hostname: postgresql
container_name: postgresql
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
POSTGRES_DB: sonar
volumes:
- postgresql:/var/lib/postgresql
networks:
jenkins_net:
ipv4_address: 172.31.5.3
restart: always
部署执行,修改linux系统参数
[root@ubuntu2004 05-sonarqube]#sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144
部署SonarQube Server
[root@ubuntu2004 05-sonarqube]#docker-compose up -d
查看是否部署完成
[root@ubuntu2004 05-sonarqube]#docker-compose ps
在gitlab、jenkins以及sonarqube主机对sonarqube服务的域名进行解析,然后进行访问
根据此前的设定,SonarQube的Web Server监听于本机所有地址的9000端口上,通过浏览器直接访问该服务即可,默认的用户名和密码是“admin/admin”;
修改密码
可安装中文语言插件,以支持中文显示,部署完成后,要重启SonarQube生效;搜索chinaese pack
需要访问到github,才可以安装成功
sonarqube server创建普通用户
修改用户全局权限
在SonarQube-server上以用户身份生成令牌,用于Jenkins通过相应的URL打开SonarQube
令牌:squ_c79f217d9ca72650fe9c5ca9ef85ccf23065f255
在Jenkins上安装SonarQube Scanner插件
添加认证凭据,把sonarqube-server的用户生成的token贴进去
系统管理--系统配置--添加sonarqube servers
为Jenkins添加sonar-scanner工具以便在构建任务中调用(Manage Jenkins → 全局工具配置)
在SonarQube添加Jenkins的回调接口(配置-网络调用-创建)
生成密码([root@ubuntu2004 ~]#openssl rand -base64 32 zyEB7LAf5YTT5mwGnwHCPu1w/tBDNpUSNtHeddy+MZs=)
在pipeline作业上使用SonarQube进行代码质量检查
声明式语法
pipeline {
agent any
parameters {
booleanParam(name:'pushImage', defaultValue: 'true', description: 'Push Image to Harbor?')
}
tools {
maven 'maven-3.8.7'
}
triggers {
GenericTrigger(
genericVariables: [
[key: 'ref', value: '$.ref']
],
token: 'fClZ0e/kTcqL2ARh7YqxW/3ndOCZA2SqfKnRTLat',
causeString: 'Triggered on $ref',
printContributedVariables: true,
printPostContent: true
)
}
environment {
codeRepo="http://gitlab.mengfanchao.com/root/spring-boot-helloWorld.git"
harborServer='harbor.meng.org'
projectName='spring-boot-helloworld'
imageUrl="${harborServer}/ikubernetes/${projectName}"
imageTag='latest'
}
stages {
stage('Source') {
steps {
git branch: 'main', credentialsId: 'gitlab-root-credential', url: "${codeRepo}"
}
}
stage('Build') {
steps {
sh 'mvn -B -DskipTests clean package'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
}
stage("SonarQube Analysis") {
steps {
withSonarQubeEnv('SonarQube-Server') {
sh 'mvn sonar:sonar'
}
}
}
stage("Quality Gate") {
steps {
timeout(time: 30, unit: 'MINUTES') {
waitForQualityGate abortPipeline: true
}
}
}
stage('Build Docker Image') {
steps {
sh 'docker image build . -t "${harborServer}/ikubernetes/${projectName}:${imageTag}"'
}
}
stage('Push Docker Image') {
steps {
withCredentials([usernamePassword(credentialsId: 'harbor-user-credential', \
passwordVariable: 'harborUserPassword', usernameVariable: 'harborUserName')]) {
sh "echo ${harborUserPassword} | docker login -u ${env.harborUserName} --password-stdin ${harborServer}"
sh "docker image push ${imageUrl}:${imageTag}"
}
}
}
}
post {
always {
mail to: '1153454651@qq.com',
subject: "Status of pipeline: ${currentBuild.fullDisplayName}",
body: "${env.BUILD_URL} has result ${currentBuild.result}"
}
}
}