0
点赞
收藏
分享

微信扫一扫

5、Pipeline Job进阶之构建通知和代码质量评估

Pipeline Job进阶之构建通知和代码质量评估

在Pipeline Job中发送邮件通知

声明式pipeline的post{}里可以使用mail step来发送通知
◼ 该步骤支持有参数有如下几个
◆ subject:邮件主题;
◆ to:收件人地址;
◆ body:邮件正文;
◆ from:发件地址;

如果想让通知功能能够工作起来,得在jenkins上配置好通知服务
一:发送邮件通知 系统配置--jenkins location 输入发件人邮箱

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins Ding talk通知

5、Pipeline Job进阶之构建通知和代码质量评估_Pipeline上构建通知体系_02

回复邮件给谁并发邮件测试

5、Pipeline Job进阶之构建通知和代码质量评估_在Pipeline上代质量评估_03

5、Pipeline Job进阶之构建通知和代码质量评估_在Pipeline上代质量评估_04

在作业的声明式语法后端加上关于通知的语法配置

pipeline {
  agent any
  parameters {
    booleanParam(name:'pushImage', defaultValue: 'true', description: 'Push Image to Harbor?')
  }
  tools {
    maven 'maven-3.8.7'
  }
  triggers {
    GenericTrigger(
      genericVariables: [
        [key: 'ref', value: '$.ref']
      ],
      token: 'fClZ0e/kTcqL2ARh7YqxW/3ndOCZA2SqfKnRTLat',
      causeString: 'Triggered on $ref',
      printContributedVariables: true,
      printPostContent: true
    )
  }   
  environment {
    codeRepo="http://gitlab.mengfanchao.com/root/spring-boot-helloWorld.git"
    harborServer='harbor.meng.org'
    projectName='spring-boot-helloworld'
    imageUrl="${harborServer}/ikubernetes/${projectName}"
    imageTag='latest'
  }
  stages {
    stage('Source') {
      steps {
        git branch: 'main', credentialsId: 'gitlab-root-credential', url: "${codeRepo}"
      }
    }
    stage('Build') {
        steps {
          sh 'mvn -B -DskipTests clean package'
      }
    }
    stage('Test') {
      steps {
        sh 'mvn test'
      }
    }
    stage('Build Docker Image') {
      steps {
        sh 'docker image build . -t "${harborServer}/ikubernetes/${projectName}:${imageTag}"'
      }           
    }
    stage('Push Docker Image') {
      steps {
        withCredentials([usernamePassword(credentialsId: 'harbor-user-credential', \
          passwordVariable: 'harborUserPassword', usernameVariable: 'harborUserName')]) {
          sh "echo ${harborUserPassword} | docker login -u ${env.harborUserName} --password-stdin ${harborServer}"
          sh "docker image push ${imageUrl}:${imageTag}"
        }
      }
    }
  }
  post {
    always {
      mail to: '1153454651@qq.com',
      subject: "Status of pipeline: ${currentBuild.fullDisplayName}",
      body: "${env.BUILD_URL} has result ${currentBuild.result}"
    }
  }      
}

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins企业微信群通知_05

立即构建查看是否收到邮件

5、Pipeline Job进阶之构建通知和代码质量评估_在Pipeline上代质量评估_06

Dingtalk 群通知
安装Dingtalk 插件
在钉钉上找到DevOps群组--群设置--智能群助手-添加机器人--把webhook和加签信息进行复制
在jenkins的系统管理最下面找到钉钉进行配置

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins企业微信群通知_07

在作业上使用钉钉机器人往钉钉上发信息

pipeline {
  agent any
  parameters {
    booleanParam(name:'pushImage', defaultValue: 'true', description: 'Push Image to Harbor?')
  }
  tools {
    maven 'maven-3.8.7'
  }
  triggers {
    GenericTrigger(
      genericVariables: [
        [key: 'ref', value: '$.ref']
      ],
      token: 'fClZ0e/kTcqL2ARh7YqxW/3ndOCZA2SqfKnRTLat',
      causeString: 'Triggered on $ref',
      printContributedVariables: true,
      printPostContent: true
    )
  }   
  environment {
    codeRepo="http://gitlab.mengfanchao.com/root/spring-boot-helloWorld.git"
    harborServer='harbor.meng.org'
    projectName='spring-boot-helloworld'
    imageUrl="${harborServer}/ikubernetes/${projectName}"
    imageTag='latest'
  }
  stages {
    stage('Source') {
      steps {
        git branch: 'main', credentialsId: 'gitlab-root-credential', url: "${codeRepo}"
      }
    }
    stage('Build') {
        steps {
          sh 'mvn -B -DskipTests clean package'
      }
    }
    stage('Test') {
      steps {
        sh 'mvn test'
      }
    }
    stage('Build Docker Image') {
      steps {
        sh 'docker image build . -t "${harborServer}/ikubernetes/${projectName}:${imageTag}"'
      }           
    }
    stage('Push Docker Image') {
      steps {
        withCredentials([usernamePassword(credentialsId: 'harbor-user-credential', \
          passwordVariable: 'harborUserPassword', usernameVariable: 'harborUserName')]) {
          sh "echo ${harborUserPassword} | docker login -u ${env.harborUserName} --password-stdin ${harborServer}"
          sh "docker image push ${imageUrl}:${imageTag}"
        }
      }
    }
  }
  post {
    always {
      dingtalk(
        robot: 'dingtalk',
        type: 'TEXT',
        text: [
          "Status of pipeline: ${currentBuild.fullDisplayName}",
          "${env.BUILD_URL} has result ${currentBuild.result}."
        ]
      )
    }
  }      
}

应用保存并立即构建

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins Ding talk通知_08

企业微信群通知
安装,创建企业微信群,添加群机器人,复制webhook,粘贴到声明式语法中

pipeline {
  agent any
  parameters {
    booleanParam(name:'pushImage', defaultValue: 'true', description: 'Push Image to Harbor?')
  }
  tools {
    maven 'maven-3.8.7'
  }
  triggers {
    GenericTrigger(
      genericVariables: [
        [key: 'ref', value: '$.ref']
      ],
      token: 'fClZ0e/kTcqL2ARh7YqxW/3ndOCZA2SqfKnRTLat',
      causeString: 'Triggered on $ref',
      printContributedVariables: true,
      printPostContent: true
    )
  }   
  environment {
    codeRepo="http://gitlab.mengfanchao.com/root/spring-boot-helloWorld.git"
    harborServer='harbor.meng.org'
    projectName='spring-boot-helloworld'
    imageUrl="${harborServer}/ikubernetes/${projectName}"
    imageTag='latest'
  }
  stages {
    stage('Source') {
      steps {
        git branch: 'main', credentialsId: 'gitlab-root-credential', url: "${codeRepo}"
      }
    }
    stage('Build') {
        steps {
          sh 'mvn -B -DskipTests clean package'
      }
    }
    stage('Test') {
      steps {
        sh 'mvn test'
      }
    }
    stage('Build Docker Image') {
      steps {
        sh 'docker image build . -t "${harborServer}/ikubernetes/${projectName}:${imageTag}"'
      }           
    }
    stage('Push Docker Image') {
      steps {
        withCredentials([usernamePassword(credentialsId: 'harbor-user-credential', \
          passwordVariable: 'harborUserPassword', usernameVariable: 'harborUserName')]) {
          sh "echo ${harborUserPassword} | docker login -u ${env.harborUserName} --password-stdin ${harborServer}"
          sh "docker image push ${imageUrl}:${imageTag}"
        }
      }
    }
  }
  post {
    always {
      qyWechatNotification failNotify: true, webhookUrl: 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=c79e3215-d39f-44a7-a760-fa0ab63ca46b'
    }
  }      
}

在Pipeline上调用SonarQube进行代码质量评估(容器化部署)

 配置Jenkins使用sonar-scanner进行代码质量扫描,并
将结果报告给SonarQube Server的主要步骤如下
◼ 首先,在Jenkins上安装SonarQube Scanner插件
◼ 其次,配置Jenkins对接到SonarQube Server
◼ 第三,配置Jenkins的全局工具sonar-scanner
◼ 第四,在SonarQube上添加回调Jenkins的Webhook
◼ 第五,在Pipeline Job上调用sonar-scanner进行代码质量
扫描
◼ 最后,通过SonarQube确认扫描结果的评估

部署SonarQube的docker-compose文件

version: "3.6"

volumes:
  sonarqube: {}
  postgresql: {}

networks:
  jenkins_net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.31.5.0/24

services:
  sonarqube:
    image: sonarqube:community
    hostname: sonar.magedu.com
    container_name: sonarqube
    depends_on:
      - db
    environment:
      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
      SONAR_JDBC_USERNAME: sonar
      SONAR_JDBC_PASSWORD: sonar
    volumes:
      - sonarqube:/opt/sonarqube
    ports:
      - "9000:9000"
    networks:
      jenkins_net:
        ipv4_address: 172.31.5.2
        aliases:
          - sonar
          - sonarqube
          - sonarqube.magedu.com
    restart: always

  db:
    image: postgres:12
    hostname: postgresql
    container_name: postgresql
    environment:
      POSTGRES_USER: sonar
      POSTGRES_PASSWORD: sonar
      POSTGRES_DB: sonar
    volumes:
      - postgresql:/var/lib/postgresql
    networks:
      jenkins_net:
        ipv4_address: 172.31.5.3
    restart: always

部署执行,修改linux系统参数

[root@ubuntu2004 05-sonarqube]#sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144

部署SonarQube Server

[root@ubuntu2004 05-sonarqube]#docker-compose up -d
查看是否部署完成
[root@ubuntu2004 05-sonarqube]#docker-compose ps

在gitlab、jenkins以及sonarqube主机对sonarqube服务的域名进行解析,然后进行访问

根据此前的设定,SonarQube的Web Server监听于本机所有地址的9000端口上,通过浏览器直接访问该服务即可,默认的用户名和密码是“admin/admin”;

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins Ding talk通知_09

修改密码

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins企业微信群通知_10

可安装中文语言插件,以支持中文显示,部署完成后,要重启SonarQube生效;搜索chinaese pack
需要访问到github,才可以安装成功

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins发送邮件通知_11

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins企业微信群通知_12

sonarqube server创建普通用户

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins发送邮件通知_13

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins发送邮件通知_14

修改用户全局权限

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins发送邮件通知_15

在SonarQube-server上以用户身份生成令牌,用于Jenkins通过相应的URL打开SonarQube

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins发送邮件通知_16

令牌:squ_c79f217d9ca72650fe9c5ca9ef85ccf23065f255

在Jenkins上安装SonarQube Scanner插件

5、Pipeline Job进阶之构建通知和代码质量评估_在Pipeline上代质量评估_17

添加认证凭据,把sonarqube-server的用户生成的token贴进去

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins Ding talk通知_18

5、Pipeline Job进阶之构建通知和代码质量评估_在Pipeline上代质量评估_19

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins发送邮件通知_20

系统管理--系统配置--添加sonarqube servers

5、Pipeline Job进阶之构建通知和代码质量评估_在Pipeline上代质量评估_21

为Jenkins添加sonar-scanner工具以便在构建任务中调用(Manage Jenkins → 全局工具配置)

5、Pipeline Job进阶之构建通知和代码质量评估_Pipeline上构建通知体系_22

在SonarQube添加Jenkins的回调接口(配置-网络调用-创建)

生成密码([root@ubuntu2004 ~]#openssl rand -base64 32 zyEB7LAf5YTT5mwGnwHCPu1w/tBDNpUSNtHeddy+MZs=)

5、Pipeline Job进阶之构建通知和代码质量评估_Pipeline上构建通知体系_23

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins企业微信群通知_24

在pipeline作业上使用SonarQube进行代码质量检查
声明式语法

pipeline {
  agent any
  parameters {
    booleanParam(name:'pushImage', defaultValue: 'true', description: 'Push Image to Harbor?')
  }
  tools {
    maven 'maven-3.8.7'
  }
  triggers {
    GenericTrigger(
      genericVariables: [
        [key: 'ref', value: '$.ref']
      ],
      token: 'fClZ0e/kTcqL2ARh7YqxW/3ndOCZA2SqfKnRTLat',
      causeString: 'Triggered on $ref',
      printContributedVariables: true,
      printPostContent: true
    )
  }   
  environment {
    codeRepo="http://gitlab.mengfanchao.com/root/spring-boot-helloWorld.git"
    harborServer='harbor.meng.org'
    projectName='spring-boot-helloworld'
    imageUrl="${harborServer}/ikubernetes/${projectName}"
    imageTag='latest'
  }
  stages {
    stage('Source') {
      steps {
        git branch: 'main', credentialsId: 'gitlab-root-credential', url: "${codeRepo}"
      }
    }
    stage('Build') {
        steps {
          sh 'mvn -B -DskipTests clean package'
      }
    }
    stage('Test') {
      steps {
        sh 'mvn test'
      }
    }
    stage("SonarQube Analysis") {
      steps {
        withSonarQubeEnv('SonarQube-Server') {
          sh 'mvn sonar:sonar'
        }
      }
    }
    stage("Quality Gate") {
      steps {
        timeout(time: 30, unit: 'MINUTES') {
          waitForQualityGate abortPipeline: true
        }
      }
    }        
    stage('Build Docker Image') {
      steps {
        sh 'docker image build . -t "${harborServer}/ikubernetes/${projectName}:${imageTag}"'
      }           
    }
    stage('Push Docker Image') {
      steps {
        withCredentials([usernamePassword(credentialsId: 'harbor-user-credential', \
          passwordVariable: 'harborUserPassword', usernameVariable: 'harborUserName')]) {
          sh "echo ${harborUserPassword} | docker login -u ${env.harborUserName} --password-stdin ${harborServer}"
          sh "docker image push ${imageUrl}:${imageTag}"
        }
      }
    }
  }
  post {
    always {
      mail to: '1153454651@qq.com',
      subject: "Status of pipeline: ${currentBuild.fullDisplayName}",
      body: "${env.BUILD_URL} has result ${currentBuild.result}"
    }
  }      
}

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins Ding talk通知_25

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins Ding talk通知_26

去sonarqube server上查看作业

5、Pipeline Job进阶之构建通知和代码质量评估_Jenkins Ding talk通知_27

举报

相关推荐

0 条评论