根据SonarQube官方描述,SonarQube由三个组件组成:
SonarQube Server,运行如下进程:
Database Server,主要存储如下内容:
Scanner:
SonarQube Web API没有提供分析代码的接口,因为分析代码是scanner的职责,因此,我们要在出包前自动执行sonarqube,思路就是先要执行sonarqube scanner,然后再通过接口获取执行报告。
def executed = false
project.publish.doFirst {if (!executed && "csf-parent" == project.name) {// 标记为已执行,避免重复执行executed = true// 执行sonarqubeexec {workingDir "${rootDir}"commandLine "gradle.bat", "sonarqube"}// 获取gradle.properties配置参数def properties = project.getProperties()def projectKey = properties.get("systemProp.sonar.projectKey")def hostUrl = properties.get("systemProp.sonar.host.url")def login = properties.get("systemProp.sonar.login") + ":"def token = login.getBytes(StandardCharsets.UTF_8).encodeBase64Url(true).toString()// 获取sonarqube执行结果def connection = new URL(hostUrl + "/api/qualitygates/project_status?projectKey=" + projectKey).openConnection()connection.setRequestMethod("GET")connection.setDoOutput(true)connection.setRequestProperty("Content-Type", "application/json")connection.setRequestProperty("Authorization", "Basic " + token)def code = connection.getResponseCode()if (code != 200) {throw new GradleException("获取sonarqube结果失败!")}def text = connection.getInputStream().getText()def slurper = new groovy.json.JsonSlurper()def json = slurper.parseText(text)def status = json.projectStatus.statusif ("ERROR".equalsIgnoreCase(status)) {throw new GradleException("sonarqube检测不通过!")}}}