Skip to content
/ action-sonarqube Public

A Github action that runs the SonarScanner and adds SonarQube Issues as annotations in your pull requests.

9 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vtex/action-sonarqube

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github
.github
 
 
.husky
.husky
 
 
dist
dist
 
 
src
src
 
 
.eslintrc
.eslintrc
 
 
.gitignore
.gitignore
 
 
.prettierrc
.prettierrc
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

SonarQube Action

This is a Github action that runs the SonarScanner and add SonarQube Issues as annotations in your pull requests.

Usage

Before creating your workflow, you need set two secret variables in your repository: The SonarQube server URL and your SonarQube token. The github token secret is automatically created by Github, you just need to reference on your workflow.

name: Some workflow
on:
    pull_request:
        branches: [master, main]
jobs:
  SonarScanner:
    runs-on: ubuntu-latest
    name: Sonar Scanner
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Install dependencies
        run: yarn install --production=false
      - name: Scan code
        uses: vtex/action-sonarqube@main
        with:
          githubToken: ${{ secrets.GITHUB_TOKEN }} # https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret
          host: ${{ secrets.SQHost }} # Variable set in the Github Secrets
          token: ${{ secrets.SQToken }} # Variable set in the Github Secrets

If your project uses typescript, you need to install the dependencies. If not, you can remove the installation step.

Variables

The key and name of the SonarQube project will follow the format github-owner/github-repository and project base dir will be the project root folder. But if you wish, you can customize the variables as in the example below:

with:
    githubToken: ${{ secrets.GITHUB_TOKEN }} #required
    host: ${{ secrets.SQHost }} # required
    token: ${{ secrets.SQToken }} # required
    projectKey: "my-custom-project"
    projectName: "my-custom-project-name"
    projectBaseDir: "/path/to/my-custom-project"
    lintReport:  "/path/to/lint-report-json" # https://docs.sonarqube.org/pages/viewpage.action?pageId=11639183

Roadmap

Roadmap of the project

  • Run SonarScanner
  • Add annotations on pull requests with SonarQube issues
  • Genereate summary report with SonarQube analysis
  • Use lint report in the Sonar Scanner

Developing

After cloning the repository, install the dependencies with yarn:

yarn

When you are ready to submit your code, you just need to commit and the husky pre-commit script will do the build for you. Make sure the build works correctly.

If for some reason you don't want to use husky and want to do the build by yourself, just use the following commands:

yarn build
git add .
git commit --no-verify

About

A Github action that runs the SonarScanner and adds SonarQube Issues as annotations in your pull requests.

Resources

Readme
Activity
Custom properties

Stars

9 stars

Watchers

87 watching

Forks

4 forks
Report repository

Releases 2

v1.1.0 Latest
Feb 22, 2021
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages