sonarQube
分為服務(wù)端和客戶端抒和。服務(wù)端相當(dāng)于一個(gè)webService
茵肃,將客戶端代碼掃描結(jié)果通過(guò)web
方式進(jìn)行展示,可以安裝在代碼本地虎囚,也可以安裝在另外一臺(tái)機(jī)器淮椰♂牵客戶端也叫sonar-scanner
,用于收集掃描代碼結(jié)果并上傳到服務(wù)端实苞,需要安裝在代碼端。
sonarQube
針對(duì)OC
有一個(gè)官方的插件烈疚,但是收費(fèi)的黔牵,為了省錢(qián),下面介紹開(kāi)源的插件爷肝。
插件地址:https://github.com/Backelite/sonar-swift
服務(wù)端插件安裝
插件是運(yùn)行在sonarQube
服務(wù)端的猾浦,下載https://github.com/Backelite/sonar-swift/releases最新版本(目前為0.4.5),插件文件是個(gè)jar
包灯抛,需要拷貝到sonarQube
服務(wù)端插件安裝目錄(/sonarqube/extensions/plugins
)金赦,然后重啟sonarQube服務(wù)端,重啟后登陸对嚼,進(jìn)入sonarQube->Administration->Marketplace
夹抗,查看插件列表中是否有Swift (Backelite)
,如果有纵竖,則表示安裝成功
代碼端本地配置
本地配置工作比較多漠烧,且遇到的坑也特別多,下面一一介紹
該插件雖然支持對(duì)Objective-C
和Swift
的統(tǒng)計(jì)靡砌,由于我的項(xiàng)目中沒(méi)有Swift
代碼已脓,所以涉及Swift
的地方基本一筆帶過(guò)了
sonar-scanner
sonar-scanner
是sonarQube
的客戶端,用于將各個(gè)命令執(zhí)行生成的結(jié)果上傳到服務(wù)端
官方參考:https://docs.sonarQube.org/latest/analysis/scan/sonarscanner/
安裝完后通殃,要把bin目錄加到環(huán)境變量中
run-sonar-swift
run-sonar-swift.sh
是替代sonar-scanner
命令的一個(gè)shell
腳本度液,在執(zhí)行sonar-scanner
的時(shí)候,使用run-sonar-swift.sh
即可
腳本基本原理:
1. 讀取命令參數(shù)和`sonar-project.properties`的設(shè)置
2. 生成compile_commands.json
3. 生成coverage的xml報(bào)告
4. 執(zhí)行SwiftLint和Tailor檢查Swift画舌,我這里沒(méi)有Swift堕担,直接沒(méi)裝這兩個(gè)工具
5. 執(zhí)行oclint
6. 執(zhí)行Lizard
7. 執(zhí)行sonar-scanner
安裝方式:
先clone
代碼到本地https://github.com/Backelite/sonar-swift
然后拷貝sonar-swift/sonar-swift-plugin/src/main/shell/run-sonar-swift.sh
到sonar-scanner/.../bin/
目錄下,
xcpretty
對(duì)xcodebuild
的輸出進(jìn)行格式化的工具骗炉,生成報(bào)告照宝,增加可讀性
直接安裝最新版本,Backelite
中說(shuō)的問(wèn)題已在最新版中改正
官方參考:https://github.com/xcpretty/xcpretty
SwiftLint
Swift語(yǔ)言的靜態(tài)檢測(cè)工具,目前iOS全部為Objective-C語(yǔ)言句葵,沒(méi)有swift厕鹃,所以暫時(shí)不用安裝
Tailor
Swift語(yǔ)言的靜態(tài)檢測(cè)工具兢仰,目前iOS全部為Objective-C語(yǔ)言,沒(méi)有swift剂碴,所以暫時(shí)不用安裝
slather
語(yǔ)言:ruby
用于將xcode
生成的coverage
報(bào)告轉(zhuǎn)換成xml
格式把将,核心命令是使用llvm-cov
命令
安裝方式:gem install slather
官網(wǎng):https://github.com/SlatherOrg/slather
此處有坑:
坑一:static library
在使用llvm-cov
時(shí)會(huì)出錯(cuò),錯(cuò)誤信息如下
Failed to load coverage: Malformed coverage data
error: Could not load coverage information
Traceback (most recent call last):
16: from /usr/local/Cellar/ruby/2.6.1/bin/slather:23:in `<main>'
15: from /usr/local/Cellar/ruby/2.6.1/bin/slather:23:in `load'
14: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/slather-2.4.7/bin/slather:17:in `<top (required)>'
13: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/clamp-1.3.1/lib/clamp/command.rb:140:in `run'
12: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/clamp-1.3.1/lib/clamp/command.rb:66:in `run'
11: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/clamp-1.3.1/lib/clamp/subcommand/execution.rb:18:in `execute'
10: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/clamp-1.3.1/lib/clamp/command.rb:66:in `run'
9: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/slather-2.4.7/lib/slather/command/coverage_command.rb:59:in `execute'
8: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/slather-2.4.7/lib/slather/command/coverage_command.rb:97:in `post'
7: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/slather-2.4.7/lib/slather/coverage_service/cobertura_xml_output.rb:18:in `post'
6: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/slather-2.4.7/lib/slather/project.rb:98:in `coverage_files'
5: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/slather-2.4.7/lib/slather/project.rb:123:in `profdata_coverage_files'
4: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/slather-2.4.7/lib/slather/project.rb:123:in `each'
3: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/slather-2.4.7/lib/slather/project.rb:124:in `block in profdata_coverage_files'
2: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/gems/2.6.0/gems/slather-2.4.7/lib/slather/project.rb:135:in `pathnames_per_binary'
1: from /usr/local/Cellar/ruby/2.6.1/lib/ruby/2.6.0/json/common.rb:156:in `parse'
/usr/local/Cellar/ruby/2.6.1/lib/ruby/2.6.0/json/common.rb:156:in `parse': 767: unexpected token at '' (JSON::ParserError)
原因:
slather
使用llvm-cov
命令將coverage轉(zhuǎn)換為xml忆矛,但llvm-cov
貌似對(duì)靜態(tài)庫(kù)不支持察蹲,命令執(zhí)行會(huì)出錯(cuò)
解決方案:
- 修改
run-sonar-swift.sh
腳本,添加MACH_O_TYPE=mh_dylib
到xcodebuild test
命令中催训,生成結(jié)果為動(dòng)態(tài)庫(kù)形式洽议,這樣就可以正常生成xml
了
buildCmd+=( -scheme "$appScheme" -configuration "$appConfiguration" -enableCodeCoverage YES MACH_O_TYPE=mh_dylib)
坑二:slather
生成的coverage-swift.xml
中如果存在line number="0"
的情況,在調(diào)用sonar-scanner
上傳的時(shí)候會(huì)報(bào)錯(cuò)漫拭,如下
//coverage-swift.xml中存在number="0"的情況
<class name="uSDKConst.h" filename="Modules/uSDKCommon/uSDKCommon/uSDKConst.h" line-rate="0.7586206896551724" branch-rate="1.0000000000000000" complexity="0.0">
<methods/>
<lines>
<line number="0" branch="false" hits="1910"/>
<line number="0" branch="false" hits="1500"/>
//在sonar-scanner上傳時(shí)會(huì)出錯(cuò)
ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: Line number must be strictly positive: 0
at org.sonar.api.internal.google.common.base.Preconditions.checkState(Preconditions.java:197)
at org.sonar.api.batch.sensor.coverage.internal.DefaultCoverage.validateLine(DefaultCoverage.java:94)
at org.sonar.api.batch.sensor.coverage.internal.DefaultCoverage.lineHits(DefaultCoverage.java:81)
at com.backelite.sonarqube.swift.coverage.CoberturaReportParser.collectFileData(CoberturaReportParser.java:109)
at com.backelite.sonarqube.swift.coverage.CoberturaReportParser.collectClassMeasures(CoberturaReportParser.java:91)
at com.backelite.sonarqube.swift.coverage.CoberturaReportParser.collectPackageMeasures(CoberturaReportParser.java:79)
at com.backelite.sonarqube.swift.coverage.CoberturaReportParser.parseReport(CoberturaReportParser.java:61)
at com.backelite.sonarqube.swift.coverage.CoberturaSensor.execute(CoberturaSensor.java:69)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:85)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:400)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:395)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:358)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:141)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:73)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:67)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:567)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
原因:
coverage-swift.xml
中存在number="0"
的情況
解決方案:
- 在工程根目錄下新增
.slather.yml
文件亚兄,采用配置文件方式執(zhí)行slather
命令,注意yml
文件的格式 - 在
.slather.yml
中配置ignore
采驻,將coverage-swift.xml
中line number="0"
的文件添加到ignore
中审胚,對(duì)ruby實(shí)在不懂,目前沒(méi)找到直接忽略目錄的方式礼旅,所以采用單個(gè)文件添加
# .slather.yml
coverage_service: cobertura_xml
xcodeproj: project_path.xcodeproj
scheme: YourXcodeSchemeName
source_directory: source_dir
output_directory: sonar-reports
input-format: profdata
ignore:
- number_0_file_1.h
- number_0_file_2.h
- number_0_file_3.h
-
run-sonar-swift.sh
中的slather
命令可改可不改膳叨,我是沒(méi)有改,因?yàn)橹挥?code>.slather.yml中的ignore
字段痘系,跟原命令不沖突
待解決 .slather.yml如何精準(zhǔn)配置source和ignore菲嘴,目前不能配置ignore的目錄方式,且生成的xml中依然有tests.m文件
lizard
語(yǔ)言:python
復(fù)雜度分析工具碎浇,安裝方式:sudo pip install lizard
官網(wǎng):https://github.com/terryyin/lizard
此處有坑:
坑一:腳本中的lizard
命令不支持sonar.sources
為多路徑的情況
解決方案:
//修改腳本中l(wèi)izard命令
paths=`tr ',' ' ' <<< "${srcDirs}"`
$LIZARD_CMD --xml -l objectivec $paths > sonar-reports/lizard-report.xml
OCLint
OCLint
是Objective-C
語(yǔ)言的靜態(tài)檢測(cè)工具, 目前使用homebrew
所能安裝的最新版本是0.13临谱,但不適用于最新的xcode11(可能xcode10都不支持,各種報(bào)錯(cuò))
, 需要自己源碼編譯安裝最新的0.15版本奴璃,下面主要介紹源碼編譯的方法悉默,編譯過(guò)程可以在自己本機(jī)即可。
編譯&安裝方法:
從https://github.com/oclint/oclint/releases下載0.15版本的源碼
從http://releases.llvm.org/download.html#9.0.0下載已編譯的
llvm9.0
注意:
- 這里安裝
llvm9.0
是因?yàn)?code>oclint0.15 release中說(shuō)明了對(duì)llvm
版本的要求 - 下載直接編譯好的
llvm
是因?yàn)槿绻捎?code>oclint官網(wǎng)推薦的./make
安裝方式苟穆,會(huì)下載llvm
源碼并編譯抄课,其過(guò)程非常非常漫長(zhǎng)也容易失敗,不可取雳旅。跟磨。。
- 編譯
1. cd到oclint-scripts目錄下
cd oclint-0.15/oclint-scripts
2. 編譯攒盈,注意參數(shù)為llvm的絕對(duì)路徑
./makeWithSystemLLVM /absolute/llvm/path/clang+llvm-9.0.0-x86_64-darwin-apple/
3. 編譯完成后會(huì)在oclint-0.15目錄下生成一個(gè)build/oclint-release目錄抵拘,即為編譯完成的oclint
- 安裝
1. cd 到oclint-release目錄下
cd oclint-0.15/build/oclint-release
2. 拷貝oclint到代碼端的系統(tǒng)路徑
cp bin/oclint* /usr/local/bin/
cp -rp lib/* /usr/local/lib/
cp -rp include/* /usr/local/include/
sonar-project.properties
sonar-project.properties
是sonarQube
在客戶端的配置文件,一般放置于工程根目錄
sonar-project.properties
在工程的根目錄型豁,sonar-scanner
的安裝目錄和服務(wù)器上都可以配置僵蛛,優(yōu)先級(jí)是根目錄 > sonaer-scanner安裝目錄 > 服務(wù)器
尚蝌,即在自己的工程根目錄的配置就會(huì)覆蓋其他地方的配置
#scm的問(wèn)題見(jiàn)文章最下方
sonar.scm.disabled=true
sonar.host.url=http://xxx:9000
sonar.projectKey=iOS
sonar.projectName=iOSProjectName
sonar.projectVersion=1.0
sonar.language=objc
sonar.projectDescription=projectDescription
sonar.sourceEncoding=UTF-8
#源文件目錄飘言,這里采用精確到具體目錄的方式驼侠,為了不配置inclusions和exclusions倒源,因?yàn)樵谑褂玫倪^(guò)程發(fā)現(xiàn)笋熬,如果oclint或lizard產(chǎn)生的結(jié)果集比sonar.sources配置的大,上傳時(shí)容易出錯(cuò),所以最好精確的指定sonar.sources
sonar.sources=relative/dir1,relative/dir2,relative/dir3
#要包含的文件旺隙,注意不是目錄
sonar.inclusions=./**/*.h,./**/*.m
sonar.exclusions=./exclude/**/*,./**/*Tests*
#下面這些配置是run-sonar-swift.sh中定義的
sonar.swift.simulator=platform=iOS Simulator,name=iPhone 11
sonar.swift.appScheme=appScheme
sonar.swift.project=your_project.xcodeproj
運(yùn)行
cd
到工程根目錄蔬捷,即sonar-project.properties
所在位置周拐,執(zhí)行run-sonar-swift
就可以了
SCM
導(dǎo)致的問(wèn)題通常表現(xiàn)如下:
- svn: E170001
- blame file相關(guān)的描述
-
https://stackoverflow.com/questions/41857433/- sonarqube-error-when-executing-blame-for-file
https://docs.sonarqube.org/latest/analysis/scm-integration/