# pipeline工具研究 ## SonarQube #### 版本比較 * SonarCloud只針對開發人員報告,跟sonarqube Community一樣(企業版有更多分析的報表) * SonarCloud跟雲端集成,不需要管理版本,SonarQube需要自己管理版本 * SonarCloud要收費,SonarQube Community免費 * SonarQube Community : Azure pipelines will work on master branch only * SonarQube Developer : Azure pipelines will work on master branches, other branches and for PR decoration * SonarCloud : Work like the SQ Developer edition. *** #### 安裝流程 總覽: [SonarQube跟Azure DevOps整合](https://github.com/KerryHuang/Book/blob/main/DevOps/%22https:/docs.sonarqube.org/9.6/devops-platform-integration/azure-devops-integration/README.md#analyzing-projects-with-azure-pipelines") 1. 自建SonarQube Server [各種安裝方式指示](https://github.com/KerryHuang/Book/blob/main/DevOps/%22https:/docs.sonarqube.org/9.8/setup-and-upgrade/install-the-server/README.md#installing-sonarqube-from-the-docker-image") 1. [下載](https://github.com/KerryHuang/Book/blob/main/DevOps/%22https:/www.sonarsource.com/products/sonarqube/downloads/%22/README.md) * 如果用docker建環境的話,因為SonarQube有使用到ElasticSearch,要先將資源設定成符合ElasticSearch啟用的最低需求 [參考](https://github.com/KerryHuang/Book/blob/main/DevOps/%22https:/www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_windows_with_docker_desktop_wsl_2_backend") ```powershell wsl -d docker-desktop sysctl -w vm.max_map_count=262144 ``` 2. 安裝完成後預設部署在 [http://localhost:9000,預設系統管理員帳密](https://kerryhuangs-organization.gitbook.io/kerry-de-bi-ji-ben/devops/http:/localhost:9000,預設系統管理員帳密): admin/admin 2. 整合SonarQube Server可連結到Azure DevOps 1. 在Azure DevOps的 UserSetting -> Personal Access Tokens 建立一個 Code > Read & Write 的權杖 2. 在SonarQube Server的 Administration -> DevOps Platform Integrations -> Azure DevOps-> Create a configuration 輸入相關資料跟權杖 3. 在SonarQube Server建立Project 1. Project -> create project -> From Azure DevOps 選專案 2. 透過Azure Pipelines進行分析 3. 複製第三步的 Project Key,之後Pipeline要用 4. 在SonarQube Server建立Token * MyAccount -> Security -> Generate Tokens * Token Name,之後Service Connection要用 * Type: Global/Project Analysis Token 5. 建立 的外網連結 6. 安裝Azure DevOps套件 [SonarQube](https://github.com/KerryHuang/Book/blob/main/DevOps/%22https:/marketplace.visualstudio.com/items?itemName=SonarSource.sonarqube%22) 7. 在Azure DevOps建立Service Connection * Project -> Project Setting -> Service connections 選擇SonarQube * Server Url = 的外網連結 * Token = 第4點的Token * Service connection name,之後Pipeline要用 8. 建立Pipeline ```yaml trigger: - master # or the name of your main branch steps: # Prepare Analysis Configuration task - task: SonarQubePrepare@5 inputs: SonarQube: '{Service connection name}' scannerMode: 'MSBuild' projectKey: '{Project Key}' # Dotnet build task - task: DotNetCoreCLI@2 displayName: 'dotnet build' inputs: command: 'build' # Run Code Analysis task - task: SonarQubeAnalyze@5 # Publish Quality Gate Result task - task: SonarQubePublish@5 inputs: pollingTimeoutSec: '300' ``` 9. 以上部署完成。執行完分析後,報告會在SonarQube Server頁面上出現 ## Mend Bolt * * * --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kerryhuangs-organization.gitbook.io/kerry-de-bi-ji-ben/devops/pipeline-gong-ju-yan-jiu.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.