通过 ci-pipeline 发布声纳报告后对 sonarQube 进行零覆盖

Getting zero coverage on sonarQube after publishing sonar report via ci-pipeline

我正在做一个 Maven 项目,想在 ci-pipeline 中设置声纳。 下面是我在 gitlab-ci.yml.

中的声纳设置脚本
before_script:
  - |
    run_mvn() {
      mvn -B \
       -s $CI_PROJECT_DIR/.m2/settings.xml \
       -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository \
       -DfailIfNoTests=false \
       "$@"
    }

    run_sonar() {
      run_mvn \
        -Dsonar.projectKey=UI-Service \
        -Dsonar.host.url=xxx \
        -Dsonar.login=${SONAR_TOKEN} \
        -Dsonar.sources=src/main \
        -Dsonar.tests=src/test \
        -Dsonar.java.binaries=$CI_PROJECT_DIR/target/*.classes \
        sonar:sonar
    }

声纳平台如下所示:

sonar:
  stage: analyse
  image: registry.git.xyyyy.com/containers/builder-images/maven/jdk-11:3.6.0
  when: manual
  script:
    - ls $CI_PROJECT_DIR
    - run_sonar

现在声纳阶段在管道中运行后,我得到这些日志:

[INFO] 
70[INFO] --- sonar-maven-plugin:3.9.0.2155:sonar (default-cli) @ ui-service ---
71[INFO] User cache: /root/.sonar/cache
72[INFO] SonarQube version: 8.9.0
73[INFO] Default locale: "en_US", source code encoding: "UTF-8"
74[INFO] Load global settings
75[INFO] Load global settings (done) | time=879ms
76[INFO] Server id: xxx
77[INFO] User cache: /root/.sonar/cache
78[INFO] Load/download plugins
79[INFO] Load plugins index
80[INFO] Load plugins index (done) | time=199ms
81[INFO] Load/download plugins (done) | time=28761ms
82[INFO] Loaded core extensions: developer-scanner
83[INFO] JavaScript/TypeScript frontend is enabled
84[INFO] Process project properties
85[INFO] Process project properties (done) | time=12ms
86[INFO] Execute project builders
87[INFO] Execute project builders (done) | time=2ms
88[INFO] Project key: UI-Service
89[INFO] Base dir: /builds/FJ8nuibS/0/xxx/ui-service
90[INFO] Working dir: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar
91[INFO] Load project settings for component key: 'UI-Service'
92[INFO] Load project settings for component key: 'UI-Service' (done) | time=160ms
93[INFO] Load project branches
94[INFO] Load project branches (done) | time=153ms
95[INFO] Load project pull requests
96[INFO] Load project pull requests (done) | time=147ms
97[INFO] Load branch configuration
98[INFO] Detected branch/PR in 'GitLab'
99[INFO] Auto-configuring branch 'feature/1242'
100[INFO] Load branch configuration (done) | time=3ms
101[INFO] Auto-configuring with CI 'Gitlab CI'
102[INFO] Load quality profiles
103[INFO] Load quality profiles (done) | time=220ms
104[INFO] Auto-configuring with CI 'Gitlab CI'
105[INFO] Load active rules
106[INFO] Load active rules (done) | time=5545ms
107[INFO] Branch name: feature/1242
108[INFO] Indexing files...
109[INFO] Project configuration:
110[INFO] 54 files indexed
111[INFO] 0 files ignored because of scm ignore settings
112[INFO] Quality profile for java: Sonar way
113[INFO] ------------- Run sensors on module ui-service
114[INFO] JavaScript/TypeScript frontend is enabled
115[INFO] Load metrics repository
116[INFO] Load metrics repository (done) | time=156ms
117[INFO] Sensor JavaSquidSensor [java]
118[INFO] Configured Java source version (sonar.java.source): 11
119[INFO] JavaClasspath initialization
120[INFO] JavaClasspath initialization (done) | time=7ms
121[INFO] JavaTestClasspath initialization
122[INFO] JavaTestClasspath initialization (done) | time=2ms
123[INFO] Java Main Files AST scan
124[INFO] 47 source files to be analyzed
125[INFO] Load project repositories
126[INFO] Load project repositories (done) | time=164ms
127[INFO] 47/47 source files have been analyzed
128[WARNING] Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
129[INFO] Java Main Files AST scan (done) | time=7835ms
130[INFO] Java Test Files AST scan
131[INFO] 6 source files to be analyzed
132[INFO] 6/6 source files have been analyzed
133[INFO] Java Test Files AST scan (done) | time=587ms
134[INFO] Java Generated Files AST scan
135[INFO] 0 source files to be analyzed
136[INFO] 0/0 source files have been analyzed
137[INFO] Java Generated Files AST scan (done) | time=1ms
138[INFO] Sensor JavaSquidSensor [java] (done) | time=8839ms
139[INFO] Sensor CSS Rules [cssfamily]
140[INFO] No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
141[INFO] Sensor CSS Rules [cssfamily] (done) | time=1ms
142[INFO] Sensor PmdSensor [pmd]
143[INFO] Sensor PmdSensor [pmd] (done) | time=0ms
144[INFO] Sensor C# Project Type Information [csharp]
145[INFO] Sensor C# Project Type Information [csharp] (done) | time=1ms
146[INFO] Sensor C# Properties [csharp]
147[INFO] Sensor C# Properties [csharp] (done) | time=1ms
148[INFO] Sensor SurefireSensor [java]
149[INFO] parsing [/builds/FJ8nuibS/0/xxx/ui-service/target/surefire-reports]
150[INFO] Sensor SurefireSensor [java] (done) | time=127ms
151[INFO] Sensor Removed properties sensor [java]
152[WARNING] Property 'sonar.jacoco.reportPath' is no longer supported. Use JaCoCo's xml report and sonar-jacoco plugin.
153[INFO] Sensor Removed properties sensor [java] (done) | time=1ms
154[INFO] Sensor JavaXmlSensor [java]
155[INFO] Sensor JavaXmlSensor [java] (done) | time=2ms
156[INFO] Sensor HTML [web]
157[INFO] Sensor HTML [web] (done) | time=3ms
158[INFO] Sensor CheckstyleSensor [checkstyle]
159[INFO] Checkstyle output report: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/checkstyle-result.xml
160[INFO] Checkstyle configuration: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/checkstyle.xml
161[INFO] Checkstyle charset: UTF-8
162[INFO] Sensor CheckstyleSensor [checkstyle] (done) | time=888ms
163[INFO] Sensor VB.NET Project Type Information [vbnet]
164[INFO] Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
165[INFO] Sensor VB.NET Properties [vbnet]
166[INFO] Sensor VB.NET Properties [vbnet] (done) | time=1ms
167[INFO] Sensor JaCoCo XML Report Importer [jacoco]
168[INFO] 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
169[INFO] No report imported, no coverage information will be imported by JaCoCo XML Report Importer
170[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=4ms
171[INFO] Sensor ThymeLeaf template sensor [securityjavafrontend]
172[INFO] Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
173[INFO] Sensor FindBugs Sensor [findbugs]
174[INFO] Loading findbugs plugin: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/findbugs/findsecbugs-plugin.jar
175[INFO] Findbugs output report: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/findbugs-result.xml
176The following classes needed for analysis were missing:
177  makeConcatWithConstants
178  requestResponse
179  requestStream
180  apply
181  test
182  accept
183  compare
184  run
185[INFO] Sensor FindBugs Sensor [findbugs] (done) | time=8138ms
186[INFO] Sensor JavaSecuritySensor [security]
187[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/java
188[INFO] Read 172 type definitions
189[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/java
190[INFO] 09:43:23.968449 Building Runtime Type propagation graph
191[INFO] 09:43:23.994976 Running Tarjan on 1615 nodes
192[INFO] 09:43:24.000773 Tarjan found 1608 components
193[INFO] 09:43:24.007245 Variable type analysis: done
194[INFO] 09:43:24.009926 Building Runtime Type propagation graph
195[INFO] 09:43:24.021118 Running Tarjan on 1615 nodes
196[INFO] 09:43:24.022848 Tarjan found 1608 components
197[INFO] 09:43:24.026061 Variable type analysis: done
198[INFO] Analyzing 173 ucfgs to detect vulnerabilities.
199[INFO] All rules entrypoints : 0 Retained UCFGs : 0
200[INFO] rule: S5131, entrypoints: 0
201[INFO] rule: S5131 done
202[INFO] rule: S3649, entrypoints: 0
203[INFO] rule: S3649 done
204[INFO] rule: S2076, entrypoints: 0
205[INFO] rule: S2076 done
206[INFO] rule: S2091, entrypoints: 0
207[INFO] rule: S2091 done
208[INFO] rule: S2078, entrypoints: 0
209[INFO] rule: S2078 done
210[INFO] rule: S2631, entrypoints: 0
211[INFO] rule: S2631 done
212[INFO] rule: S5135, entrypoints: 0
213[INFO] rule: S5135 done
214[INFO] rule: S2083, entrypoints: 0
215[INFO] rule: S2083 done
216[INFO] rule: S5167, entrypoints: 0
217[INFO] rule: S5167 done
218[INFO] rule: S5144, entrypoints: 0
219[INFO] rule: S5144 done
220[INFO] rule: S5145, entrypoints: 0
221[INFO] rule: S5145 done
222[INFO] rule: S5146, entrypoints: 0
223[INFO] rule: S5146 done
224[INFO] rule: S5334, entrypoints: 0
225[INFO] rule: S5334 done
226[INFO] rule: S6096, entrypoints: 0
227[INFO] rule: S6096 done
228[INFO] Sensor JavaSecuritySensor [security] (done) | time=1507ms
229[INFO] Sensor CSharpSecuritySensor [security]
230[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/ucfg_cs2
231[INFO] Read 0 type definitions
232[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/ucfg_cs2
233[INFO] No UCFGs have been included for analysis.
234[INFO] Sensor CSharpSecuritySensor [security] (done) | time=1ms
235[INFO] Sensor PhpSecuritySensor [security]
236[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/php
237[INFO] Read 0 type definitions
238[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/php
239[INFO] No UCFGs have been included for analysis.
240[INFO] Sensor PhpSecuritySensor [security] (done) | time=1ms
241[INFO] Sensor PythonSecuritySensor [security]
242[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/python
243[INFO] Read 0 type definitions
244[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/python
245[INFO] No UCFGs have been included for analysis.
246[INFO] Sensor PythonSecuritySensor [security] (done) | time=1ms
247[INFO] Sensor JsSecuritySensor [security]
248[INFO] Reading type hierarchy from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/js
249[INFO] Read 0 type definitions
250[INFO] Reading UCFGs from: /builds/FJ8nuibS/0/xxx/ui-service/target/sonar/ucfg2/js
251[INFO] No UCFGs have been included for analysis.
252[INFO] Sensor JsSecuritySensor [security] (done) | time=1ms
253[INFO] ------------- Run sensors on project
254[INFO] Sensor Dependency-Check [dependencycheck]
255[INFO] Process Dependency-Check report
256[INFO] Using JSON-Reportparser
257[INFO] Dependency-Check JSON report does not exists. Please check property sonar.dependencyCheck.jsonReportPath:/builds/FJ8nuibS/0/xxx/ui-service/${WORKSPACE}/dependency-check-report.json
258[INFO] JSON-Analysis skipped/aborted due to missing report file
259[INFO] Using XML-Reportparser
260[INFO] Dependency-Check XML report does not exists. Please check property sonar.dependencyCheck.xmlReportPath:/builds/FJ8nuibS/0/xxx/ui-service/${WORKSPACE}/dependency-check-report.xml
261[INFO] XML-Analysis skipped/aborted due to missing report file
262[INFO] Dependency-Check HTML report does not exists. Please check property sonar.dependencyCheck.htmlReportPath:/builds/FJ8nuibS/0/xxx/ui-service/${WORKSPACE}/dependency-check-report.html
263[INFO] HTML-Dependency-Check report does not exist.
264[INFO] Process Dependency-Check report (done) | time=5ms
265[INFO] Sensor Dependency-Check [dependencycheck] (done) | time=5ms
266[INFO] Sensor Zero Coverage Sensor
267[INFO] Sensor Zero Coverage Sensor (done) | time=56ms
268[INFO] Sensor Java CPD Block Indexer
269[INFO] Sensor Java CPD Block Indexer (done) | time=87ms
270[INFO] SCM Publisher SCM provider for this project is: git
271[INFO] SCM Publisher 50 source files to be analyzed
272[INFO] SCM Publisher 50/50 source files have been analyzed (done) | time=490ms
273[INFO] CPD Executor 9 files had no CPD blocks
274[INFO] CPD Executor Calculating CPD for 38 files
275[INFO] CPD Executor CPD calculation finished (done) | time=14ms
276[INFO] Load New Code definition
277[INFO] Load New Code definition (done) | time=973ms
278[INFO] Analysis report generated in 1101ms, dir size=602 KB
279[INFO] Analysis report compressed in 169ms, zip size=220 KB
280[INFO] Analysis report uploaded in 1642ms

然后生成要报告的 link,但是当我打开 sonarQube 查看覆盖率时,它是 0%,即使在代码部分可以看到所有主要文件和测试文件。

查看日志,我无法理解为什么在 sonarQube 上没有生成覆盖率。

任何对ci管道或管道声纳设置有良好经验的人请帮助我解决这个问题。

您需要已编译的 class 才能进行声纳分析。所以在你的 run_sonar() 中添加 package 到 maven 命令。

run_sonar() {
      run_mvn \
        -Dsonar.projectKey=UI-Service \
        -Dsonar.host.url=xxx \
        -Dsonar.login=${SONAR_TOKEN} \
        -Dsonar.sources=src/main \
        -Dsonar.tests=src/test \
        package \
        sonar:sonar
}

根据我从您的评论中看出的状态,我认为您必须处理两个常见的症结所在。

首先,关于“sonar.jacoco.reportPath”,你现在应该使用“sonar.coverage.jacoco.xmlReportPaths”,它的值应该像“${basedir}/target/jacoco_report/jacoco.[=25” =]".

其次,您必须确保 Surefire 和 Jacoco maven 插件能够正常协同工作。 Jacoco 计算必须进入 Surefire 命令行的参数。这可以通过以下两个块来促进:

这是 Surefire 插件配置的一部分:

<execution>
  <id>pre-unit-test</id>
  <goals>
    <goal>prepare-agent</goal>
  </goals>
  <configuration>
    <propertyName>surefireArgLine</propertyName>
  </configuration>
</execution>

这是在 jacoco 插件配置块中:

<argLine>${surefireArgLine}</argLine>