《OpenShift 4.x HOL教程汇总》
说明:本文已经在OpenShift 4.8环境中验证
此步将向Pipeline添加新的Task,该Task可通过SonarQube实现SAST。
-
可以参照下图向“tasks-dev-pipeline”添加新的“code-analysis”任务,任务类型为“simple-maven”,其中在“GOALS”参数中指定了如何访问在OpenShift上运行的SonarQube运行环境、以及相关的Sonar项目名(注意::参数中的user1是当前登录用户)。
Display name: code-analysis
GOALS: verify sonar:sonar -Dsonar.projectName=user1-openshift-tasks -Dsonar.projectKey=user1-openshift-tasks -Dsonar.host.url=http://sonarqube.devsecops.svc.cluster.local:9000
SETTINGS_PATH:configuration/cicd-settings-nexus3.xml
maven-repo: local-maven-repo
source: pipeline-source
-
或可使用以下命令向“tasks-dev-pipeline”追加新的任务。
$ TASKS="$(oc get pipelines tasks-dev-pipeline -n ${
CICD} -o yaml | yq r - 'spec.tasks' | yq p - 'spec.tasks')"
$ oc patch pipelines tasks-dev-pipeline -n ${CICD} --type=merge -p "$(cat << EOF
$TASKS
- name: code-analysis
taskRef:
kind: Task
name: simple-maven
params:
- name: GOALS
value: 'verify sonar:sonar -Dsonar.projectName=${
USER}-openshift-tasks -Dsonar.projectKey=${
USER}-openshift-tasks -Dsonar.host.url=http://sonarqube.devsecops.svc.cluster.local:9000'
- name: SETTINGS_PATH
value: configuration/cicd-settings-nexus3.xml
resources:
inputs:
- name: source
resource: pipeline-source
workspaces:
- name: maven-repo
workspace: local-maven-repo
runAfter:
- build-app
EOF
)"
- 使用命令运行测试“tasks-dev-pipeline”任务。
$ tkn pipeline start tasks-dev-pipeline -n ${CICD} --showlog \
--resource pipeline-source=tasks-source-code \
--workspace name=local-maven-repo,claimName=maven-repo-pvc
。。。
[code-analysis : mvn-goals] [INFO] CPD Executor Calculating CPD for 10 files
[code-analysis : mvn-goals] [INFO] CPD Executor CPD calculation finished (done) | time=101ms
[code-analysis : mvn-goals] [INFO] Analysis report generated in 596ms, dir size=1 MB
[code-analysis : mvn-goals] [INFO] Analysis report compressed in 227ms, zip size=418 KB
[code-analysis : mvn-goals] [INFO] Analysis report uploaded in 118ms
[code-analysis : mvn-goals] [INFO] ANALYSIS SUCCESSFUL, you can browse http://sonarqube.devsecops.svc.cluster.local:9000/dashboard?id=-openshift-tasks
[code-analysis : mvn-goals] [INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[code-analysis : mvn-goals] [INFO] More about the report processing at http://sonarqube.devsecops.svc.cluster.local:9000/api/ce/task?id=AXtOh8Xbqim3aGzTbamA
[code-analysis : mvn-goals] [INFO] Analysis total time: 1:09.925 s
[code-analysis : mvn-goals] [INFO] ------------------------------------------------------------------------
[code-analysis : mvn-goals] [INFO] BUILD SUCCESS
[code-analysis : mvn-goals] [INFO] ------------------------------------------------------------------------
[code-analysis : mvn-goals] [INFO] Total time: 02:38 min
[code-analysis : mvn-goals] [INFO] Finished at: 2021-08-16T10:35:27Z
[code-analysis : mvn-goals] [INFO] Final Memory: 56M/1670M
[code-analysis : mvn-goals] [INFO] ------------------------------------------------------------------------
- 用浏览器访问SonarQube的控制台,用登录OpenShift控制台相同的用户登陆,然后在“user1-openshift-tasks”中即可查看扫描结果项目。