一、安装SonarQube Community版本的服务器
SonarQube官网 https://www.sonarqube.org ,按照Sonar-iOS-SonarQube服务器安装中一步步开始进行服务器的搭建操作。
二、Sonar-Swift插件的安装
- 在Github上的Sonar-Swift,去下载最新的jar包。
- 将下载的jar放到SonarQube服务器的extensions/plugins文件夹下。
- 重启SonarQube服务器。
三、客户端扫描软件安装
客户端扫描代码只需要安装这部分软件即可
1、安装sonar-scannner
该软件用于上传报告到SonarQube服务器。
下载 sonar-scanner,将下载的文件解压缩到本地目录,并且将目录下的bin目录加到系统的环境变量PATH中,以便在命令行中可以访问该命令。
2、下载run-sonar-swift.sh脚本
该脚本是用于执行扫描的主入口。
下载后将该文件放到固定的目录下,并将该目录加入到系统的环境变量PATH中。
3、安装sonar-swift依赖的所有软件
3.1、xcpretty,需要安装一个修复问题版本的xcpretty
git clone https://github.com/Backelite/xcpretty.git
cd xcpretty
git checkout fix/duration_of_failed_tests_workaround
gem build xcpretty.gemspec
sudo gem install --both xcpretty-0.2.2.gem
如果报如下错误,表示没有写入/usr/bin的权限,修改安装路径即可:
>sudo gem install --both xcpretty-0.2.2.gem
ERROR: While executing gem ... (Gem::FilePermissionError)
You don't have write permissions for the /usr/bin directory.
执行如下命令:
>sudo gem install -n /usr/local/bin --both xcpretty-0.2.2.gem
在OSX系统中,/usr/bin属于系统级别的保护,任何人不能写入,包括root也一样,是绝对禁止写入的,唯一的办法就是像你上面的那样,安装到/usr/local/bin里面去。
为什么要这么严格?因为/usr/bin这个目录太敏感了,是任何病毒都想要攻克的地方,所以苹果对此做了严格的禁止。
3.2、SwiftLint,Swift的静态代码分析工具
brew install swiftlint
安装过程如下:
>brew install swiftlint
==> Downloading https://homebrew.bintray.com/bottles/swiftlint-0.38.0.catalina.bottle.tar.gz
==> Downloading from https://akamai.bintray.com/a2/a2b39e51661fc24d201788391ce4f9c68007c818857f423161b37bc51f7fcb0b?__gd
######################################################################## 100.0%
==> Pouring swiftlint-0.38.0.catalina.bottle.tar.gz
🍺 /usr/local/Cellar/swiftlint/0.38.0: 6 files, 7.9MB
3.3、Tailor,针对Swift的跨平台静态分析工具
brew install tailor
正常安装过程如下:
>brew install tailor
==> Downloading https://github.com/sleekbyte/tailor/releases/download/v0.12.0/tailor-0.12.0.tar
==> Downloading from https://github-production-release-asset-2e65be.s3.amazonaws.com/36204628/4d7049d8-1261-11e7-889c-b4
######################################################################## 100.0%
🍺 /usr/local/Cellar/tailor/0.12.0: 41 files, 4.0MB, built in 19 seconds
此工具依赖JDK,如果JDK没有安装,会报如下错误,建议先安装JDK
>brew install tailor
tailor: Java 1.8+ is required to install this formula.
Install AdoptOpenJDK with Homebrew Cask:
brew cask install adoptopenjdk
Error: An unsatisfied requirement failed this build.
3.4、slather,单元测试覆盖率检测工具
gem install slather
如果提示没有权限,则执行如下命令:
sudo gem install slather
如果还是报没有权限,则执行如下命令:
sudo gem install -n /usr/local/bin slather
安装过程如下:
>sudo gem install -n /usr/local/bin slather
Building native extensions. This could take a while...
Successfully installed nokogiri-1.10.3
Fetching: slather-2.4.7.gem (100%)
Successfully installed slather-2.4.7
Parsing documentation for nokogiri-1.10.3
Installing ri documentation for nokogiri-1.10.3
Parsing documentation for slather-2.4.7
Installing ri documentation for slather-2.4.7
Done installing documentation for nokogiri, slather after 9 seconds
2 gems installed
3.5、 lizard,复杂度检测工具
3.5.1 使用pip安装lizard
由于会有权限问题,所以先将工具安装到当前用户下
pip install lizard --user
如果提示如下错误,说明本地还没有安装python,需要先安装
>pip install lizard --user
zsh: command not found: pip
安装pip命令之后,再次执行lizard安装命令
pip是python的包管理工具,在Python2.7的安装包中,easy_install.py是默认安装的,而pip需要我们手动安装
>sudo easy_install pip
>pip install lizard --user
正常安装过程如下:
>pip install lizard --user
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Collecting lizard
Downloading https://files.pythonhosted.org/packages/24/7a/7ca04c3d84998d7344caafd3534a1b8a80d293bf32afbd2ef3956282d1c2/lizard-1.16.6-py2.py3-none-any.whl (56kB)
|████████████████████████████████| 61kB 326kB/s
Installing collected packages: lizard
WARNING: The script lizard is installed in '/Users/hushijun/Library/Python/2.7/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed lizard-1.16.6
3.5.2 将用户的python安装包目录~/Library/Python/2.7加到系统变量PATH中
3.6、OCLint,Objective-C的静态代码分析工具
brew tap oclint/formulae
brew install oclint
安装oclint报如下错误:
>brew install oclint
==> Installing oclint from oclint/formulae
Error: Your Xcode (10.1) is too outdated.
Please update to Xcode 10.2.1 (or delete it).
Xcode can be updated from the App Store.
更新brew和oclint
参考homebrew中的oclint文档
$ brew update
$ brew upgrade oclint
查看brew缓存目录:
$ brew --cache
正常安装过程如下:
>brew tap oclint/formulae
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 1 tap (homebrew/cask).
No changes to formulae.
==> Tapping oclint/formulae
Cloning into '/usr/local/Homebrew/Library/Taps/oclint/homebrew-formulae'...
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 6 (delta 0), reused 5 (delta 0), pack-reused 0
Unpacking objects: 100% (6/6), done.
Tapped 1 formula (32 files, 29.4KB).
>brew install oclint
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 1 tap (homebrew/core).
==> New Formulae
wordgrinder
==> Installing oclint from oclint/formulae
==> Downloading https://github.com/oclint/oclint/releases/download/v0.13/oclint-0.13-x86_64-darwin-16.7.0.tar.gz
==> Downloading from https://github-production-release-asset-2e65be.s3.amazonaws.com/7159640/07e87f60-9c5f-11e7-8590-f3a
######################################################################## 100.0%
🍺 /usr/local/Cellar/oclint/0.13: 374 files, 86.2MB, built in 50 seconds
四、客户端扫描配置
添加sonar-project.properties文件到项目的根目录下,配置sonar-project.properties
在进行单元测试覆盖率检测的时候,需要对要扫描的target的进行Test相关配置
1、用到Cocoapods的项目,要将项目中依赖的库,都要放到Test的target中去。
2、对选中的Scheme进行编辑(Edit Scheme), 最终做到如下效果。
image.png
3、配置对应Test的Target。
A、在Host Application部分一定要选择你要进行扫描的target。同时下部的复选框要选中Allow testing Host Application API。
如果是私有库framework,则不需要选择,只有真正的APP项目才需要选择。
B、在签名部分要选择对的Team和签名环境。
取消自动签名,手动配置签名。
私有库framework的单元测试,不需要选择Host Application部分,如下图:
image.png
APP项目的单元测试需要选择,如下图:
image.png
4、build setting 配置
sonar 扫描需要把framework的Target做如下配置:
mach-o type 修改成dynamic library
defines module 修改成 yes
如下图所示:
扫描
五、客户端sonar扫描
1、终端进入xcode项目根目录
2、执行命令
run-sonar-swift.sh
如果是本地扫描,需要启动本地数据库和sonar服务器:
//启动mysql数据库
mysql.server start
//启动sonar服务器
sonar.sh start
//开始扫描
run-sonar-swift.sh
//如果需要单独将扫描结果上传到指定服务器
1、修改sonar-project.properties配置中的
sonar.host.url
2、执行命令:
sonar-scanner
六、 参考文档
- OCLint: http://docs.oclint.org/en/stable/contents.html
- SonarQube & sonar-scanner: https://docs.sonarqube.org/display/SCAN/
- slather: https://github.com/SlatherOrg/slather
- Lizard: https://github.com/terryyin/lizard
- xcpretty: https://github.com/supermarin/xcpretty
- SwiftLint: https://github.com/realm/SwiftLint
网友评论