SonarQube Scanner Action
ActionsTags
(1)A GitHub action to configure and run the SonarQube scanner inside a SonarQube Docker container and connect to a self hosted Sonar.
The action support the following features
- Configure scanner
- Configure scanner for pull request decoration
- Run sonar scanner
- Export scanner configuration for consuming by e.g.
gradle
,maven
.
Static Analysis using SonarQube
parameter | description | required | default |
---|---|---|---|
projectName | Sonar Project name | true |
|
projectKey | Sonar Project Key | true |
|
baseDir | Project Base Directory | false |
|
token | Sonar Login Token | true |
|
url | Sonar Server url | true |
|
scmProvider | SCM provider | false |
git |
sourceEncoding | Encoding of the source files | false |
UTF-8 |
enablePullRequestDecoration | Decorate a pull request. PR, branch and base are extracted from the pull request event | false |
|
onlyConfig | Generate sonar configuration, scanner will not be invoked. Sonar parameters are available as output | false |
|
isCommunityEdition | Flags if your SonarQube instance is Community edition. Skips setting PRs/branches and defaults to master | false |
|
runQualityGate | Run the quality gate associated to this repo in SonarQube | false |
|
qualityGateTimeout | Number of seconds until build is failed for not passing quailty gate. Defaulted to 300 by SonarQube | false |
|
organization | Organization in case of using sonarcloud | false |
parameter | description |
---|---|
sonarParameters | Sonar parameters generate based on input. |
Tool | Version |
---|---|
SonarScanner | 4.6.2.2472 |
Java | 11.0.11 |
Node | v16.4.2 |
Python | 2.7.16 |
Python | 3.7.3 |
To prevent your token from showing in the runner's output, it is advised to store the token configuration inside of a github secret variable.
The listing below uses the secret SONARQUBE_TOKEN
from your project's configuration.
sonarqube:
name: SonarQube
runs-on: self-hosted
steps:
- uses: philips-software/sonar-scanner-action@<version>
with:
token: ${{ secrets.SONARQUBE_TOKEN }}
projectName: My Project Name
projectKey: project.key.from.sonar.qube
baseDir: .
url: https://your.sonar.instance.io/
name: SonarQube
runs-on: self-hosted
steps:
- uses: philips-software/sonar-scanner-action@<version>
with:
token: ${{ secrets.SONARQUBE_TOKEN }}
projectName: My Project Name
projectKey: project.key.from.sonar.qube
url: https://your.sonar.instance.io/
enablePullRequestDecoration: true
sonarqube:
name: SonarQube
runs-on: self-hosted
steps:
- uses: philips-software/sonar-scanner-action@<version>
with:
token: ${{ secrets.SONARQUBE_TOKEN }}
projectName: My Project Name
projectKey: project.key.from.sonar.qube
url: https://your.sonar.instance.io/
isCommunityEdition: true
name: SonarQube
runs-on: self-hosted
steps:
- name: Configure sonar scanner
uses: philips-software/sonar-scanner-action@<version>
id: sonarconfig
with:
token: ${{ secrets.SONARQUBE_TOKEN }}
projectName: My Project Name
projectKey: project.key.from.sonar.qube
url: https://your.sonar.instance.io/
enablePullRequestDecoration: true
onlyConfig: true
- name: Run sonar scanner
uses: docker://openjdk:11.0.6-jdk-slim
with:
entrypoint: bash
args:
-c "./gradlew --info sonarQube ${{ steps.sonarconfig.outputs.sonarParameters }}"
Please look at CONTRIBUTING.md on how to contribute.
You can test the action locally by building the docker image and use with the correct parameters.
docker build . -t sonar
Set your environment variables as given in the statement below. All the fields after a -e
:
docker run -e INPUT_PROJECTNAME -e INPUT_PROJECTKEY -e INPUT_URL -e INPUT_BASEDIR -e INPUT_SCMPROVIDER -e INPUT_SOURCEENCODING -e INPUT_ENABLEPULLREQUESTDECORATION -e INPUT_ONLYCONFIG -e INPUT_ISCOMMUNITYEDITION -e INPUT_RUNQUALITYGATE -e INPUT_QUALITYGATETIMEOUT -e INPUT_TOKEN -e GITHUB_REF -e GITHUB_SHA sonar
This module is part of the Philips Forest.
___ _
/ __\__ _ __ ___ ___| |_
/ _\/ _ \| '__/ _ \/ __| __|
/ / | (_) | | | __/\__ \ |_
\/ \___/|_| \___||___/\__|
CI
Talk to the forestkeepers in the forest
-channel on Slack.
SonarQube Scanner Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.