一、Quality Gate到底是干嘛的?
一句话:代码不达标就死活不让你合进 main/master。 它会在每次扫描完后立刻判断:PASS(绿灯)还是 FAIL(红灯) ,CI/CD、GitHub PR、GitLab MR 都能直接拦住。
二、SonarQube 内置的默认Quality Gate「Sonar way」到底怎么判?(2025 最新阈值)
| 指标(Metric) | 条件(Condition) | 通过要求(PASS) | 失败(FAIL) |
|---|
| Reliability Rating(可靠性) | 项目整体 Bug 等级 | = A(0 个 Bug) | ≥ B |
| Security Rating(安全性) | 项目整体漏洞等级 | = A(0 个漏洞) | ≥ B |
| Maintainability Rating(可维护性) | 项目整体技术债比例 | ≤ B | ≥ C |
| Coverage on New Code(新代码覆盖率) | 新代码的测试覆盖率 | ≥ 80% | < 80% |
| Duplicated Lines on New Code(新代码重复率) | 新代码重复行占比 | ≤ 3% | > 3% |
| Security Hotspots Reviewed(安全热点审查率) | 安全热点已审查比例 | ≥ 100% | < 100% |
只要任意一条不满足 → Quality Gate直接红,CI 直接炸。
三、等级 A/B/C/D/E 具体含义(永久背诵版)
| 等级 | Reliability(Bug) | Security(漏洞) | Maintainability(技术债) | 覆盖率 | 重复率 |
|---|
| A | 0 Bug | 0 Vulnerability | 技术债 ≤ 5% | ≥ 80% | ≤ 3% |
| B | 只有 Minor Bug | 只有 Minor 漏洞 | 技术债 6–10% | 70–80% | 3–5% |
| C | 有 Major Bug | 有 Major 漏洞 | 技术债 11–20% | 50–70% | 5–10% |
| D | 有 Critical Bug | 有 Critical 漏洞 | 技术债 21–50% | 30–50% | 10–20% |
| E | 有 Blocker Bug | 有 Blocker 漏洞 | 技术债 > 50% | < 30% | > 20% |
四、推荐的 5 套Quality Gate配置(直接复制到项目里用)
| 场景 | 名称 | 关键条件(复制进 Quality Gate) | 适合团队 |
|---|
| 个人练手 | Personal – 超宽松 | 只有一条:Coverage on New Code ≥ 50% | 个人学习 |
| 普通团队 | Team – 推荐 | Reliability = A Security = A Maintainability ≤ B Coverage ≥ 80% Duplication ≤ 3% | 90% 团队 |
| 硬核团队 | Hardcore – 推荐 | Reliability = A Security = A Maintainability = A Coverage ≥ 85% Duplication ≤ 2% Security Hotspots 100% | 前端标杆 |
| 金融/银行/医疗 | Enterprise – 钢铁长城 | Reliability = A Security = A Maintainability = A Coverage ≥ 90% Duplication ≤ 1% New Blocker/Critical = 0 | 大厂/金融 |
| 完全不让合(修到吐) | Nuclear – 核弹级 | Reliability = A Security = A Maintainability = A Coverage ≥ 95% Duplication ≤ 1% New Critical = 0 New Code Smells = 0 | 极致团队 |
五、怎么在本地 SonarQube 里一键创建这些Quality Gate?
- 登录 http://localhost:9000 → Administration → Quality Gates
- 点右上角 “Create”
- 填名字 → Add Condition → 按上面表格选指标和阈值 → Save
- 点 “Set as Default” 让所有新项目默认用它
六、让Quality Gate真正“咬人”的终极写法(CI 必备)
sonar-scanner \
-Dsonar.qualitygate.wait=true \
-Dsonar.qualitygate.timeout=300 \
-Dsonar.token=你的token
- Quality Gate不通过 → 命令直接返回 exit code 1 → GitHub Actions / GitLab CI 直接失败
- Quality Gate通过 → 才返回 0,允许合并
七、一句话总结
| 你想要的结果 | Quality Gate要做到的事 |
|---|
| 代码不能有 Bug | Reliability = A |
| 不能埋安全地雷 | Security = A |
| 代码要干净 | Maintainability = A 或 B |
| 必须写测试 | Coverage ≥ 80% |
| 不能复制粘贴 | Duplication ≤ 3% |
| 安全热点必须审查 | Security Hotspots Reviewed = 100% |
