Skip to content
git-pull-request

GitHub Action

Action SonarQube

v1.1.0 Latest version

Action SonarQube

git-pull-request

Action SonarQube

Scan code using Sonarqube and show issues in pull requests

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Action SonarQube

              
  uses: vtex/action-sonarqube@v1.1.0
Learn more about this action in vtex/action-sonarqube

Choose a version

SonarQube Action

This is a Github action that runs the SonarScanner and add SonarQube Issues as annotations in your pull requests.

Usage

Before creating your workflow, you need set two secret variables in your repository: The SonarQube server URL and your SonarQube token. The github token secret is automatically created by Github, you just need to reference on your workflow.

name: Some workflow
on:
    pull_request:
        branches: [master, main]
jobs:
  SonarScanner:
    runs-on: ubuntu-latest
    name: Sonar Scanner
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Install dependencies
        run: yarn install --production=false
      - name: Scan code
        uses: vtex/action-sonarqube@main
        with:
          githubToken: ${{ secrets.GITHUB_TOKEN }} # https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret
          host: ${{ secrets.SQHost }} # Variable set in the Github Secrets
          token: ${{ secrets.SQToken }} # Variable set in the Github Secrets

If your project uses typescript, you need to install the dependencies. If not, you can remove the installation step.

Variables

The key and name of the SonarQube project will follow the format github-owner/github-repository and project base dir will be the project root folder. But if you wish, you can customize the variables as in the example below:

with:
    githubToken: ${{ secrets.GITHUB_TOKEN }} #required
    host: ${{ secrets.SQHost }} # required
    token: ${{ secrets.SQToken }} # required
    projectKey: "my-custom-project"
    projectName: "my-custom-project-name"
    projectBaseDir: "/path/to/my-custom-project"
    lintReport:  "/path/to/lint-report-json" # https://docs.sonarqube.org/pages/viewpage.action?pageId=11639183

Roadmap

Roadmap of the project

  • Run SonarScanner
  • Add annotations on pull requests with SonarQube issues
  • Genereate summary report with SonarQube analysis
  • Use lint report in the Sonar Scanner

Developing

After cloning the repository, install the dependencies with yarn:

yarn

When you are ready to submit your code, you just need to commit and the husky pre-commit script will do the build for you. Make sure the build works correctly.

If for some reason you don't want to use husky and want to do the build by yourself, just use the following commands:

yarn build
git add .
git commit --no-verify