Jenkins集成openshift容器中进行代码扫描

1.Dockerfile

 sonarDockerfile： （基础slave镜像参考上篇博文）

FROM registry.it.com/openshift/jenkins-slave:latest

#tool maven
ADD apache-maven-3.5.0.tar.gz /usr/local/

#tool sonar
ADD sonar-scanner.tar.gz /usr/local/

2.Jenkinsfile

def label = "mypod-${UUID.randomUUID().toString()}"

//代码扫描
def SonarScan(projectType,skipSonar,srcDir,serviceName){
    def scanHome = "/usr/local/sonar-scanner"
    if (projectType == 'java'){
        if ("${buildType}" == 'gradle'){
            codepath = 'build/classes'
        } else{
            codepath = 'target/classes'
        }
        try {
            sh """
                cd ${srcDir} 
                ${scanHome}/bin/sonar-scanner -Dsonar.projectName=${serviceName} -Dsonar.projectKey=${serviceName}  
                -Dsonar.sources=src/main -Dsonar.tests=src/test -Dsonar.language=java -Dsonar.sourceEncoding=UTF-8 
                -Dsonar.java.binaries=${codepath} -Dsonar.java.coveragePlugin=jacoco 
                -Dsonar.jacoco.reportPath=target/jacoco.exec -Dsonar.junit.reportsPath=target/surefire-reports 
                -Dsonar.surefire.reportsPath=target/surefire-reports -Dsonar.projectDescription='devopsdevops'
             """ 
        } catch (e){
            currentBuild.description="代码扫描失败!"
            error '代码扫描失败!'
        }
    }
}

//docker
podTemplate(
    label: label,
    cloud: 'kubernetes', 
    containers: [ 
        containerTemplate(
            name: 'jnlp',
            image: 'registry.it.com/openshift/slave-maven-sonar-jdk8u111:latest',
            ttyEnabled: true,
            privileged: false,
            alwaysPullImage: true,
            args: '${computer.jnlpmac} ${computer.name}',
            resourceRequestCpu: '8000m',
            resourceLimitCpu: '8000m',
            resourceRequestMemory: '16Gi',
            resourceLimitMemory: '16Gi',
            envVars: [
                envVar(key: 'PATH', value: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/apache-maven-3.5.0/bin'),
                envVar(key: 'CLASS_PATH', value: '/docker-java-home/jre/lib/rt.jar:/docker-java-home/jre/lib/dt.jar:/docker-java-home/jre/lib/tools.jar')]
        )
    ],
    volumes: [persistentVolumeClaim(mountPath: '/etc/data/', claimName: 'jenkins')],
    //idleMinutes: '60',
    //activeDeadlineSeconds: '60',
    slaveConnectTimeout: '60'
    ){
        node(label) {
            ws("${workspace}"){
                stage('GetCode'){
                    .......
                }
                
                stage('Build'){
 
                   .......
                }
          
                stage('CodeScan'){
                    SonarScan('java',skipSonar,srcDir,serviceName)
                }
                
            }
        }
}