SonarQube is a great tool for code quality and security checks. It is one of the tools we use to ensure quality of our products is measured and improved over time.
We also use GitLab – code management and CI/CD tool on some of our projects. SonarQube code analysis is integrated as a step in our GitLab CI pipelines.
For a long time I had a custom-built docker image for those purposes, automatically built and published to GitLab Container Registry.
Although quite automated, this custom-build docker image was adding to maintenance of the pipelines. I was happy to see that SonarSource has recently published official SonarScanner CLI docker image, and announced a support for GitLab integration in v8
SonarSource / sonar-scanner-cli-docker
Docker image for SonarScanner CLI
The docker image expects code being mounted on $PWD, which is set to /usr/src. This is different to where GitLab is mounting sources directory by default.
To make it all work the following environment variable needs to be set:
sonar:
image: sonarsource/sonar-scanner-cli
script:
- sonar-scanner -Dsonar.qualitygate.wait=true
allow_failure: true
variables:
SONAR_PROJECT_BASE_DIR: "${CI_PROJECT_DIR}"
Environment variable SONAR_PROJECT_BASE_DIR overrides default behavior. Predefined GitLab environment variable CI_PROJECT_DIR refers to the location where GitLab is mounting project source code.
Without this variable set the following misleading error will appear in GitLab log:
ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Unable to create user cache: /usr/src/.sonar/cache
at org.sonarsource.scanner.api.internal.cache.FileCache.createDir(FileCache.java:147)
at org.sonarsource.scanner.api.internal.cache.FileCache.<init>(FileCache.java:46)
at org.sonarsource.scanner.api.internal.cache.FileCache.create(FileCache.java:52)
at org.sonarsource.scanner.api.internal.cache.FileCacheBuilder.build(FileCacheBuilder.java:48)
at org.sonarsource.scanner.api.internal.JarDownloaderFactory.create(JarDownloaderFactory.java:42)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:68)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.nio.file.AccessDeniedException: /usr/src/.sonar
at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(Unknown Source)
at java.base/java.nio.file.Files.createDirectory(Unknown Source)
at java.base/java.nio.file.Files.createAndCheckIsDirectory(Unknown Source)
at java.base/java.nio.file.Files.createDirectories(Unknown Source)
at org.sonarsource.scanner.api.internal.cache.FileCache.createDir(FileCache.java:145)
... 9 more
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
Improvements
It might be a good idea to cache Sonar Scanner directories to be re-used in future pipeline runs:
sonar:
image: sonarsource/sonar-scanner-cli
script:
- sonar-scanner -Dsonar.qualitygate.wait=true
allow_failure: true
variables:
SONAR_PROJECT_BASE_DIR: "${CI_PROJECT_DIR}"
cache:
key: "sonar-${CI_PROJECT_ID}"
paths:
- ".scannerwork"
- ".sonar"
In my particular case, SonarQube analysis was not dependent on any other steps in the pipeline, so I've used needs and dependencies properties to make it run ahead of time and skip downloading artifacts of other steps.
sonar:
image: sonarsource/sonar-scanner-cli
needs: []
dependencies: []
script:
- sonar-scanner -Dsonar.qualitygate.wait=true
allow_failure: true
variables:
SONAR_PROJECT_BASE_DIR: "${CI_PROJECT_DIR}"
GIT_DEPTH: 0
cache:
key: "sonar-${CI_PROJECT_ID}"
paths:
- ".scannerwork"
- ".sonar"
Finally, I've used GIT_DEPTH environment variable to enforce Shallow Clone of our fairly large repository.
已为社区贡献22912条内容
所有评论(0)