在 gitlab-ci 中运行声纳扫描仪

Question

I'm trying to build a pipeline that runs sonarqube for a python application. This is my first time using a gitlab-ci so I was hoping to get some direction. I know to run sonarqube, you have to somehow call sonar scanner within the yml. That is where I'm stuck. How do I set up/install a sonar-scanner in my docker? I'm running a docker with a python image. Any help would be greatly appreciated. I honestly am not understanding how locally downloading the sonar scanner package makes sense. Does the git pipeline default to looking at the packages installed on my local computer?

Answer 1

There are two solutions available:

1. You can install sonar-scanner on your local machine using SonarScanner Documentaion As sonar-scanner requires Java-11 to be installed on the machine you will have to install openjdk-11-jdk-headless with

   sudo apt install openjdk-11-jdk-headless

And install the sonar scanner on your machine using the steps provided in the documentation. 2. You can use a docker image that has sonar-scanner installed in it as base image and use that image to build your own docker image with the required python versions and required softwares.

For example you can use following docker image as a reference image for your docker image

   bluelabseu/sonar-scanner:4.3.0-7879

Sample docker file with using a sonar scanner image to create a image for python project.

    FROM bluelabseu/sonar-scanner:4.3.0-7248`

    RUN apt-get update && apt-get install python2.7 -y && apt-get install python3.6 -y

Once you have a docker file use this to create a docker image and upload this to your gitlab-container registry of your project repository.

Using Sonar-scanner for python project:

1. If you want to publish your code coverage as well as code quality to sonarqube you will have to generate test coverage file which can be generated by any of the build tool.

2. Add coverage report path for python profile in sonarqube administration. It can be set as follows:

   a. Login to sonarqube server with admin user.

   b. Go to Administration-> configuration -> python -> Test and Coverage -> Path to coverage reports. Set coverage-reports/*coverage-*.xml as coverage path for sonar.python.coverage.reportPaths key.

3. Generate test coverage report for example using poetry build tool poetry run py.test tests/ --cov=<PROJECT_PACKAGE_NAME>/ --cov-report xml:coverage-reports/coverage-result.xml

4. Execute the following command on your

    sonar-scanner -Dsonar.coverage.exclusions=tests/** -Dsonar.python.coverage.reportPaths=coverage-reports/coverage-reports.xml  -Dsonar.projectKey=<PROJECT_NAME> -Dsonar.projectName=<PROJECT_NAME> -Dsonar.projectVersion=<<PROJECT_VERSION>  -Dsonar.sources=<PROJECT_PACKAGE_NAME> -Dsonar.tests=tests/  -Dsonar.sourceEncoding=UTF-8 -Dsonar.host.url=<SONAR_HOST_SERVER_URL> -Dsonar.login=<SONAR_AUTH_TOKEN>

Note: It will be better if you will not set any configurations in sonar-scanner.properties file and provide configurations in the command itself with -D parameter