背景
kubesphere流水线自带的agent只有四类:base、maven、nodejs、go,当需要构建其他框架的项目,就需要自定义jenkins agent了。
准备工作
采用官方的 docker.io/kubesphere/builder-base:v2.1.0 作为基础镜像,在此之上,安装jdk和sonnar scanner cli,构建代码扫描环境。
使用如下Dockerfile构建用于打包的基础镜像:
FROM docker.io/kubesphere/builder-base:v2.1.0
RUN mkdir /usr/local/java /opt/sonar-scanner
# copy the jdk archive to the image,and it will automaticlly unzip the tar file
ADD jdk-8u181-linux-x64.tar.gz /usr/local/java/
# make a symbol link
RUN ln -s /usr/local/java/jdk1.8.0_181 /usr/local/java/jdk
# set environment variables
ENV JAVA_HOME /usr/local/java/jdk
ENV JRE_HOME ${JAVA_HOME}/jre
ENV CLASSPATH .:${JAVA_HOME}/lib:${JRE_HOME}/lib
ENV PATH ${JAVA_HOME}/bin:$PATH
COPY sonar-scanner-cli-4.6.0.2311-linux /opt/sonar-scanner
RUN ln -s /opt/sonar-scanner/bin/sonar-scanner /usr/sbin将Dockerfile置于一个空目录即可,下载JDK和sonnar-scanner的压缩包放到目录下,其中sonnar-scanner需要解压,然后打包并推送:
docker build -t general:v1.0 .
docker tag general:v1.0 xxx.com/general:v1.0
docker push xxx.com/general:v1.0配置jenkins agent
登录kubesphere,进入【配置中心】-【配置】,搜索 jenkins-casc-config ,修改配置。
在go的描述下添加如下:
- name: "general"
namespace: "kubesphere-devops-system"
label: "general"
nodeUsageMode: "EXCLUSIVE"
idleMinutes: 0
containers:
- name: "general"
image: "xxx.com/public/general:v1.0" # 镜像地址
command: "cat"
args: ""
ttyEnabled: true
resourceRequestCpu: "100m"
resourceLimitCpu: "4000m"
resourceRequestMemory: "100Mi"
resourceLimitMemory: "8192Mi"
- name: "jnlp"
image: "jenkins/jnlp-slave:3.27-1"
command: "jenkins-slave"
args: "^${computer.jnlpmac} ^${computer.name}"
resourceRequestCpu: "50m"
resourceRequestMemory: "400Mi"
resourceLimitMemory: "1536Mi"
workspaceVolume:
emptyDirWorkspaceVolume:
memory: false
volumes:
- hostPathVolume:
hostPath: "/var/run/docker.sock"
mountPath: "/var/run/docker.sock"
- hostPathVolume:
hostPath: "jenkins_general_cache"
mountPath: "/home/jenkins/general/pkg"
- hostPathVolume:
hostPath: "sonar_cache"
mountPath: "/root/.sonar/cache"
yaml: "spec:\r\n affinity:\r\n nodeAffinity:\r\n preferredDuringSchedulingIgnoredDuringExecution:\r\n - weight: 1\r\n preference:\r\n matchExpressions:\r\n - key: node-role.kubernetes.io/worker\r\n operator: In\r\n values:\r\n - ci\r\n tolerations:\r\n - key: \"node.kubernetes.io/ci\"\r\n operator: \"Exists\"\r\n effect: \"NoSchedule\"\r\n - key: \"node.kubernetes.io/ci\"\r\n operator: \"Exists\"\r\n effect: \"PreferNoSchedule\"\r\n containers:\r\n - name: \"general\"\r\n resources:\r\n requests:\r\n ephemeral-storage: \"1Gi\"\r\n limits:\r\n ephemeral-storage: \"10Gi\"\r\n securityContext:\r\n fsGroup: 1000\r\n "已将相关镜像上传到dockerhub,仓库为 leksas/kubesphere-sonnar-scanner:v1。
使用
在流水线中,编辑Jenkinsfile如下:
pipeline {
agent {
node {
label 'general'
}
}
stages {
stage('SCM') {
steps {
git(url: 'your project url', credentialsId: 'gitlab-account', branch: 'dev', changelog: true, poll: false)
}
}
stage('Code Analysis') {
steps {
container('general') {
withCredentials([string(credentialsId : 'snoar-token' ,variable : 'SONAR_TOKEN' ,)]) {
withSonarQubeEnv('sonar') {
sh 'sonar-scanner -Dsonar.projectKey=your project name -Dsonar.sources=. -Dsonar.host.url=your sonnar server url -Dsonar.token=$SONAR_TOKEN'
}
}
timeout(unit: 'HOURS', activity: true, time: 1) {
waitForQualityGate 'true'
}
}
}
}
}
}对比参考链接中的方案,该镜像集成了sonnar scanner,任何语言都可以使用此agent去调用sonnarqube执行代码扫描。
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。