首先把husky整上,7.0版本之后不需要在package.json
里配置了,按github
上操作完之后会在根目录下生成一个.husky目录,下边有个pre-commit脚本
接下来上写脚本
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"
sonar-scanner
echo "\033[32m 扫描结果分析中。。。 \033[0m"
# 没找到怎么在本地直接拿到扫描结果,这里在扫描之后调sonarQube提供的接口
sleep 10s
res=$(curl -H Authorization:token(没有的话用自己账号生成一个) -s http://sonarQube服务器地址/api/measures/search\?projectKeys\=自己项目的projectKey\&metricKeys\=new_bugs,bugs,new_vulnerabilities,vulnerabilities,security_hotspots,new_security_hotspots,code_smells,new_code_smells)
# vulnerabilities: 漏洞
# security_hotspots: 安全热点
# code_smells: 异味
function getSonarRes() {
local data=$1
local key=$2
# 这里用了node处理,用其他语言也可以
node -pe "
const res = JSON.parse(process.argv[1]);
const key = process.argv[2];
const { measures } = res;
let bugs = 0,
new_bugs = 0,
vulnerabilities = 0,
new_vulnerabilities = 0,
code_smells = 0,
new_code_smells = 0,
security_hotspots,
new_security_hotspots;
for (let i = 0; i < measures.length; i++) {
if (measures[i].metric === key) {
if (!key.match('new')) {
measures[i].value;
} else {
measures[i].period.value;
}
break;
}
}
" $data $key #这是传进node的两个参数
}
codeSmells=$(getSonarRes $res "code_smells")
newCodeSmells=$(getSonarRes $res "new_code_smells")
vulnerabilities=$(getSonarRes $res "vulnerabilities")
newVulnerabilities=$(getSonarRes $res "new_vulnerabilities")
securityHotspots=$(getSonarRes $res "security_hotspots")
newSecurityHotspots=$(getSonarRes $res "new_security_hotspots")
bugs=$(getSonarRes $res "bugs")
newBugs=$(getSonarRes $res "new_bugs")
# 输出文字带颜色和背景色
echo "
***********************
\033[31m BUG: $bugs \033[0m
\033[41;33m 新增BUG: $newBugs \033[0m
\033[31m 漏洞: $vulnerabilities \033[0m
\033[43;31m 新增漏洞: $newVulnerabilities \033[0m
\033[31m 安全热点: $securityHotspots \033[0m
\033[43;31m 新增安全热点: $newSecurityHotspots \033[0m
\033[34m 异味: $codeSmells \033[0m
\033[44;37m 新增异味: $newCodeSmells \033[0m
***********************
"
# 如果有bug、漏洞、安全热点exit 1禁止commit代码
if [[ $bugs -gt 0 ]] || [[ $vulnerabilities -gt 0 ]] || [[ $securityHotspots -gt 0 ]]
then
echo "\033[31m 扫描存在BUG: $bugs, 漏洞: $vulnerabilities, 安全热点: $securityHotspots 禁止请修复后提交 \033[0m"
exit 1
fi
echo "\033[32m OK \033[0m"
exit 0
api在sonarQube的页面
在页面底部有个链接
生成token的话用postman
选Basic Auth
再点Refresh headers
就可以生成token了
最后看一下效果
如果有bug
、漏洞
、安全热点
会提示并禁止commit