Sunday, October 29, 2023

Setup Sonarqube on Ubuntu 22 and integrate it with Github

Description: In this tutorial, I have explained how to setup SonarQube on Ubuntu 22 and integrate it with GitHub

SonarQube: SonarQube is an open-source tool for code quality analysis. It can scan source code for potential bugs and vulnerabilities and generates a report which allows you to identify issues.

Prerequisites:

  • Ubuntu 22 with atlease 2 GB RAM and one CPU
  • User with sudo rights
  • Domain name to access the server using name
  • JDK
  • Postgres 


Install Open JDK

Install Open JDK 11
# apt-get install openjdk-11-jdk -y

Verify the JDK version
# java --version

Configure System for Sonarqube and PostgreSQL

Open /etc/sysctl.conf and add the below configuration 

vm.max_map_count=262144
fs.file-max=65536
ulimit -n 65536
ulimit -u 4096

After add above configuration reboot the server 

Install and configure PostgreSQL

Setup PostgreSQL by following the below steps 
sudo apt update -y
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add -
sudo apt install postgresql postgresql-contrib -y
sudo systemctl enable postgresql
sudo systemctl start postgresql

Configure PostgreSQL user and database 

We are setting up the user and database for Sonarqube 

sudo passwd postgres
su - postgres
createuser sonar
psql
ALTER USER sonar WITH ENCRYPTED password '';
CREATE DATABASE sonarqube OWNER sonar;
GRANT ALL PRIVILEGES ON DATABASE sonarqube to sonar;
\q
exit



Install and configure SonarQube

After setting up all the above things, now install and configure SonarQube. Follow below steps to install the same


sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.8.0.63668.zip
sudo unzip sonarqube-9.8.0.63668.zip
sudo mv sonarqube-9.8.0.63668 /opt/sonarqube
sudo groupadd sonar
sudo useradd -d /opt/sonarqube -g sonar sonar
sudo chown sonar:sonar /opt/sonarqube -R



Install SonarQube plugins 

cd /opt/sonarqube/extensions/pluginssudo wget https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/1.14.0/sonarqube-community-branch-plugin-1.14.0.jar


Configure SonarQube properties 

Open the sonar.properties file and update the configuration as follow in  /opt/sonarqube/conf/sonar.properties


sonar.jdbc.username=sonar
sonar.jdbc.password=
sonar.jdbc.url=jdbc:postgresql://localhost:5432/sonarqube

sonar.web.javaAdditionalOpts=-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=web
sonar.ce.javaAdditionalOpts=-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=ce


sonar.web.host=0.0.0.0    ### if you want to access the sonar using external ip using port number

Setup SonarQube service: Create the service file for sonarqube under /etc/systemd/system and add below content on service file

# vi /etc/systemd/system/sonar.service


[Unit]

Description=SonarQube service
After=syslog.target network.target

[Service]
Type=forking


ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop


User=sonar
Group=sonar
Restart=always
LimitNOFILE=65536
LimitNPROC=4096


[Install]
WantedBy=multi-user.target

After the service file saved reload the daemon and start the service 

# systemctl daemon-reload
# systemctl start sonar
# systemctl status sonar



After performing all the tasks try to browse the URL using port 9000 

i.e : http://54.86.47.253:9000/ 



Default username and password 

Username: admin
Password: admin


After first login it ask to change the password 



We have setup the plugins so it shows warning for same so we can ignore it 




Home page of Sonarqube looks like as follow




Setup Nginx to access the URL with domain name and with SSL

First I have add A record for 54.86.47.253 IP with sonarqube.techserverglobal.shop



Install and configure Nginx with SSL 


Install dependencies 
# apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y

Import Nginx GPG signing key
# curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \ | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

Add Nginx stable repository
# echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64]  http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list

Update the package repository
# apt update

Install nginx 
# apt install nginx

Start nginx service 
# systemctl start nginx





Install SSL for Web and generate the ssl for domain

snap install core; sudo snap refresh core
# apt remove certbot
#  snap install --classic certbot
# ln -s /snap/bin/certbot /usr/bin/certbot
# certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m Email_id  -d sonarqube.techservergloabal.shop



Certificate and key saved at given location


Create Nginx configuration for domain under /etc/nginx/conf.d location and paste the configuration 

# vi /etc/nginx/conf.d/sonar.conf


server {
    listen 80 default_server;
    server_name sonarqube.techservergloabal.shop;
    return 301 https://$server_name$request_uri;

}

server {
    listen 443 ssl http2;
    server_name sonarqube.techservergloabal.shop;
    http2_push_preload on; # Enable HTTP/2 Server Push

    ssl_certificate /etc/letsencrypt/live/sonarqube.techservergloabal.shop/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/sonarqube.techservergloabal.shop/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/sonarqube.techservergloabal.shop/chain.pem;
    ssl_session_timeout 1d;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;


    access_log /var/log/nginx/sonarqube.access.log main;
    error_log  /var/log/nginx/sonarqube.error.log;

    location / {
        proxy_set_header Connection "";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_pass http://127.0.0.1:9000;
    }

}

After apply all the settings, Kindly restart the nginx and validate by browse the page 

i.e https://sonarqube.techservergloabal.shop/



Integrate SonarQube with GitHub: 

Create GitHub App: To create the GitHub App open the settings on your account and navigate to Developer Setting, click on Create New GitHub App




Fill the below details on form 

Github App Name: sonarqube
Homepage URL : https://sonarqube.techservergloabal.shop/
Permissions:  For permission check the URL


After create GitHub App navigate to Sonarqube console and click on from GitHub 

Fill all the required details as follow

Configuration Name:
GitHub API URL: https://api.github.com/
Client ID: You can find from the GitHub App page in github.com
Client Secret:  Generate from the GitHub
Callback URL:  https://sonarqube.techservergloabal.shop


Private Key : Generate private key from the GitHub Apps















 


After filled all the details click on save configuration. After save the configuration you will find the project in Sonarqube.




Here, I have use With GitHub Action and add the workflow and secrets with GitHub. After fill all the requirement, repository is started wit sonar scan and it shows output as follow






at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)