Objective

In the end of this tutorial we will have two Docker containers running on the same host, one will be for Jenkins and the other for SonarQube. In the Jenkins container, we will use sonar-scanner running locally to perform the code quality inspections.

Jenkins + SonarQube Config

Jenkins Installation

Downloading Jenkins

We will start by downloading the official Jenkins image from Docker Hub with this docker command :


$ docker pull jenkins/jenkins

This command will download the Jenkins image with the latest tag. When you Run docker images in the local, you will see this message :

jenkins/jenkins: latest

Starting Jenkins

Run the next command to start a new Jenkins container from the downloaded image :

docker run -d -p 8080:8080 -p 50000:50000 --name jenkins-javatuto jenkins/jenkins:latest

This command will creates a new Docker container and starts Jenkins on port 8080 with the container name jenkins-javatuto

Installation of required plugins

Open http://localhost:8080 to show the initial Jenkins unlock screen

Here we will need the administrator password , we will find this password on the console output during the previous docker run command

Jenkins Admin Password

In the next screen we will start downloading’s and installing the plugins that we will use in the next steps :

After this step , we will create the admin user :

Confirm, then save and finish on the Instance Configuration screen

Now lets click on Start using Jenkins button, normally, you will be redirected to Jenkins Home :

Install SonarQube Scanner

Now , we will install SonarQube Scanner Jenkins plugin for that we go to :

  • Manage Jenkins ››› Manage Plugins ››› Available

SonarQube Installation

Donwload and install

We will Download the official SonarQube image from Docker Hub with this docker command:

docker pull sonarqube

This command will download the SonarQube image with the latest tag. Now we have to start a new SonarQube container from the downloaded image with the following command:

docker run -d --name sonarqube-javatuto -p 9000:9000 sonarqube

This command will creates a new Docker container and starts SonarQube on port 9000 with the container name sonarqube-javatuto.

Now we will access http://localhost:9000 to show the initial SonarQube screen:

SonarQube Scanner Configuration

SonarQube Scanner is a tool that does the actual scanning of the source code and sends results to the SonarQube Server. In our simple setup, we will install Sonar Scanner with the same container as Jenkins.

Now we have to access the Jenkins Docker container from a bash shell using this command :

docker exec -it jenkins-javatuto bash

After opening the jenkins shell , we will try to create a folder where we will download and install sonarScanner:

  1. cd /var/jenkins_home
  2. create a folder with the name “sonar-scanner” under /var/jenkins_home
  3. download SonarQube Scanner onto the container from the sonar-scanner directory with wget:
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.2.0.1873-linux.zip

4. unzip the Sonar Scanner binary using the next command :

unzip sonar-scanner-cli-3.3.0.1492-linux.zip

update Jenkins to point to sonar-scanner binary

  • Manage Jenkins ››› Global Tool Configuration ››› SonarQube Scanner

you will need to uncheck “Install automatically” so you can explicitly set SONAR_RUNNER_HOME

Configuring Jenkins with SonarQube

Get Machine IP

Now we have Jenkins and SonarQube are running inside their own docker containers, so we can configure them to communicate with each other. for that , we will get the ip address of the machine

  1. Open CMD
  2. use the Ipconfig command

Here we will use 192.168.1.105 as IP

This returned 192.168.1.105 which will be used for both Jenkins and SonarQube configuration. The problem here is if you change networks, you will have to update the IP address on Jenkins and SonarQube to be the new host IP !!!

Add webhook in SonarQube

Add webhook in SonarQube to point to Jenkins :

  • Administration ››› Configuration ››› Webhooks

In my situation , the URL will be  :

http://192.168.1.105:8080/sonarqube-webhook

Generate an access token

in SonarQube, generate an access token that will be used by Jenkins

  • My Account ››› Security ››› Tokens

Add the SonarQube Server IP

In Jenkins, we will add the SonarQube Server IP address and the access token for that go to :

  • Manage Jenkins ››› Configure System ››› SonarQube Servers
  • URL will be in the format http://192.168.1.105:9000
  • Set the Server authentification token with generated secret

Conclusion

In this tutorial we configured SonarQube and Jenkins to work together locally within Docker containers. You can now create Jenkins pipeline jobs and start analyzing your projects , SonarQube will help you to check the quality of your project code and make sure that you don’t have vulnerability in your code… Now you can start configuring Gitlab with jenkins to start your pipeline !

Commentaires

  1. Pingback: Example : Jenkins and GitLab integration » JavaTuto

Laisser un commentaire