https://github.com/vtex/action-sonarqube

A Github action that runs the SonarScanner and adds SonarQube Issues as annotations in your pull requests.
https://github.com/vtex/action-sonarqube

Last synced: about 1 month ago
JSON representation

A Github action that runs the SonarScanner and adds SonarQube Issues as annotations in your pull requests.

• Host: GitHub
• URL: https://github.com/vtex/action-sonarqube
• Owner: vtex
• Created: 2020-12-29T19:28:58.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2021-09-15T19:50:33.000Z (over 3 years ago)
• Last Synced: 2024-10-31T10:43:48.386Z (2 months ago)
• Language: TypeScript
• Homepage:
• Size: 521 KB
• Stars: 9
• Watchers: 84
• Forks: 4
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# SonarQube Action

This is a Github action that runs the [SonarScanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) and add SonarQube Issues as annotations in your pull requests.

## Usage

Before creating your workflow, you need set two secret variables in your repository: The SonarQube server URL and your [SonarQube token](https://docs.sonarqube.org/latest/user-guide/user-token/). The github token secret is automatically created by Github, you just need to reference on your workflow.

```yml

name: Some workflow

on:

    pull_request:

        branches: [master, main]

jobs:

  SonarScanner:

    runs-on: ubuntu-latest

    name: Sonar Scanner

    steps:

      - name: Checkout

        uses: actions/checkout@v2

        with:

          fetch-depth: 0

      - name: Install dependencies

        run: yarn install --production=false

      - name: Scan code

        uses: vtex/action-sonarqube@main

        with:

          githubToken: ${{ secrets.GITHUB_TOKEN }} # https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret

          host: ${{ secrets.SQHost }} # Variable set in the Github Secrets

          token: ${{ secrets.SQToken }} # Variable set in the Github Secrets

```

> If your project uses `typescript`, you need to install the dependencies. If not, you can remove the installation step.

## Variables

The key and name of the SonarQube project will follow the format `github-owner/github-repository` and project base dir will be the project root folder. But if you wish, you can customize the variables as in the example below:

```yml

with:

    githubToken: ${{ secrets.GITHUB_TOKEN }} #required

    host: ${{ secrets.SQHost }} # required

    token: ${{ secrets.SQToken }} # required

    projectKey: "my-custom-project"

    projectName: "my-custom-project-name"

    projectBaseDir: "/path/to/my-custom-project"

    lintReport:  "/path/to/lint-report-json" # https://docs.sonarqube.org/pages/viewpage.action?pageId=11639183

```

## Roadmap

Roadmap of the project

- [x] Run SonarScanner

- [x] Add annotations on pull requests with SonarQube issues

- [x] Genereate summary report with SonarQube analysis

- [x] Use lint report in the Sonar Scanner

## Developing

After cloning the repository, install the dependencies with [`yarn`](https://yarnpkg.com):

```sh

yarn

```

When you are ready to submit your code, you just need to commit and the husky pre-commit script will do the build for you. Make sure the build works correctly.

If for some reason you don't want to use husky and want to do the build by yourself, just use the following commands:

```sh

yarn build

git add .

git commit --no-verify

```