Skip to content

Latest commit

 

History

History
102 lines (70 loc) · 4.89 KB

README.md

File metadata and controls

102 lines (70 loc) · 4.89 KB

Install SonarQube Scanner

GitHub

Description

This GitHub Action installs the SonarQube scanner along with Java in a platform-agnostic way. It's designed to help seamlessly integrate SonarQube's static code analysis tools into your CI/CD pipeline.

Use this scanner if you are not using one of the following techs:

This should cover all other cases. Check the specifics of your language/tech in the Languages section of the SonarQube documentation.

Why?

Well, the default sonarqube action (sonarsource/sonarqube-scan-action) uses a Dockerfile image. That is not bad in itself, but:

  • It's not completely platform agnostic, as it requires a container runtime in the github runner. We are avoiding that in our windows runners.
  • It builds every time you run the action, which we consider particularly wasteful. Also, you'll more often than not will hit the Docker Hub rate limit and your builds will fail.

Is it perfect? Not really. Now you will have to issue the sonar-scanner command yourself, which is a bit of a hassle.

Author

  • NOS Inovação

Inputs

Name Description Required Default
version The version of the SonarQube scanner to be used No 6.1.0.4477
javaDistribution The distribution of Java to be used No temurin
javaVersion The version of Java to be used No 21

You can check if there's a new version of the scanner here.

Usage

To use this action in your workflow, add the following step to your GitHub Actions configuration file (.yml):

name: CI
on: [push]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2

    - name: Install SonarQube scanner
      uses: nosinovacao/sonarscanner-action@v1
      with:
        version: '6.1.0.4477' # Specify the version if needed
        javaDistribution: 'temurin' # Specify the Java distribution
        javaVersion: '21'    # Specify the Java version

Then you can use the SonarQube scanner in your workflow by running sonar-scanner in your project's root directory.

The following example is for a Golang project, you must adapt it to your project and language.

    - name: Create sonar-project.properties file
      run: |
        touch sonar-project.properties
        echo "sonar.projectKey=your-project-key" >> sonar-project.properties
        echo "sonar.host.url=${{ secrets.SONARQUBE_URL }}" >> sonar-project.properties
        echo "sonar.login=${{ secrets.SONARQUBE_TOKEN }}" >> sonar-project.properties
        # point this to your sources folder
        # this is a Golang example
        echo "sonar.sources=." >> sonar-project.properties  
        echo "sonar.exclusions=**/*_test.go" >> sonar-project.properties
        echo "sonar.tests=." >> sonar-project.properties
        echo "sonar.test.inclusions=**/*_test.go" >> sonar-project.properties

    - name: Run SonarQube Scanner 
      run: sonar-scanner 

For test coverage, please refer to the SonarQube documentation on test coverage.

Steps

  • Check if Java is installed: This step checks if Java is installed on the runner.

  • Set up JDK: If Java is not installed, this step will install the specified Java distribution and version using the actions/setup-java action.

  • Set up SonarQube scanner: This step downloads and unzips the SonarQube scanner to /tmp and adds its path to the system by appending it to $GITHUB_PATH.

License

This project is licensed under the MIT License - see the LICENSE file for details.