Scripted Pipeline, like Declarative Pipeline, is built on top of the underlying Pipeline sub-system. Unlike Declarative, Scripted Pipeline is effectively a general-purpose DSL [2] built with Groovy. Most functionality provided by the Groovy language is made available to users of Scripted Pipeline, which means it can be a very expressive and flexible tool with which one can author continuous delivery pipelines.
SonarQube is an open source static code analysis tool that is gaining great popularity among software developers. It allows software developers to measure code quality and fix code quality issues. The SonarQube community is active and provides continuous upgrade, plug-ins, and customization information on regular intervals. Further, it is a healthy practice to intermittently run SonarQube on the source code to fix code quality violations and reduce the technical obligation.
SonarQube allows the developers to track code quality which helps the developers to determine if a project is ready to be deployed in production. It also allows the developers to continuously review and perform automatic reviews and run analysis to find code quality issues. SonarQube provides a lot of other features, including the ability to record metrics, progress graphs and much more. It has inherent options to perform automated analysis and continuous integration utilizing tools such as Jenkins, Hudson, etc.
STEP BY STEP INSTALLATION OF SONARQUBE ON UBUNTU 16.04
Step1 : System update
Step2 : Install jdk
Step3 : Install postgresql
Step 4 : Download and configure SonarQube
Step 5 : Configure Systemd service
TO INTEGRATE JENKINS WITH SONARQUBE
Firstly, in the Jenkins server install the SonarQube plugins on Jenkins.
1. Go to manage plugins and install SonarQube plugin.
2. Go to global tool configuration and install Sonarscanner and save it.
SonarQube Scanner used to start code analysis. Project configuration is read from a
sonarproject.properties or passed on command line.
3. Configure system.
Token can be generated from the sonar browser.
Go to administration >security>user>generate token
Create a new item in Jenkins and update the configure.
Pipeline adds a powerful set of automation tools onto Jenkins, supporting use cases that span from simple continuous integration to comprehensive continuous delivery pipelines. By modeling a series of related tasks, users can take advantage of the many features of Pipeline.
Code: Pipelines are implemented in code and typically checked into source control, giving teams the ability to edit, review, and iterate upon their delivery pipeline.
Durable: Pipelines can survive both planned and unplanned restarts of the Jenkins master.
Pausable: Pipelines can optionally stop and wait for human input or approval before continuing the Pipeline run.
Versatile: Pipelines support complex real-world continuous delivery requirements, including the ability to fork/join, loop, and perform work in parallel.
Extensible: The Pipeline plugin supports custom extensions to its DSL and multiple options for integration with other plugins.
To create a backup, all you need to do is to periodically back up your JENKINS_HOME directory. This contains all of your build jobs configurations, your slave node configurations, and your build history. To create a back-up of your Jenkins setup, just copy the directory.
The Multibranch Pipeline project enables you to implement different Jenkins files for different branches of the same project. In a Multibranch Pipeline project, Jenkins automatically discovers, manages, and executes Pipelines for branches which contain a Jenkins file in source control.
To create a backup all you need to do is to periodically back up your JENKINS_HOME directory. This contains all of your build jobs configurations, your slave node configurations, and your build history. To create a back-up of your Jenkins setup, just copy this directory. You can also copy a job directory to clone or replicate a job or rename the directory.
The way to secure Jenkins is mentioned below :-
Ensure global security is on.
Ensure that Jenkins is integrated with company’s user directory with appropriate plugin.
Ensure that Matrix/Project matrix is enabled to fine tune access.
Automate the process of setting rights/privileges in Jenkins with custom version controlled script.
Limit physical access to Jenkins data/folders.
Periodically run security audits on same.
.