diff --git a/README.md b/README.md index 462d5c8..a8bf50b 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,53 @@ -# sonarqube-action -Integrate SonarQube scanner to GitHub Actions +# SonarQube GitHub Action + +Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages! + + + +SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. + +## Requirements + +* Have SonarQube on server. [Install now](https://docs.sonarqube.org/latest/setup/install-server/) if it's not already the case! + +## Usage + +The workflow, usually declared in `.github/workflows/build.yml`, looks like: + +```yaml +on: push +name: Main Workflow +jobs: + sonarQubeTrigger: + name: SonarQube Trigger + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: SonarQube Scan + uses: kitabisa/sonarqube-action@master + with: + host: ${{ secrets.SONARQUBE_HOST }} + login: ${{ secrets.SONARQUBE_TOKEN }} +``` + +You can change the analysis base directory by using the optional input `projectBaseDir` like this: + +```yaml +uses: kitabisa/sonarqube-action@master +with: + projectBaseDir: my-custom-directory +``` + +## Secrets + +- `host` - **_(Required)_** this is the SonarQube server URL. +- `login` - **_(Required)_** the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See [how to generate SonarQube token](https://docs.sonarqube.org/latest/user-guide/user-token/). +- `password` - The password that goes with the `login` username. This should be left blank if an `login` are authentication token. + +You can set all variable in the "Secrets" settings page of your repository. + +## License + +The Dockerfile and associated scripts and documentation in this project are released under the MIT License. + +Container images built with this project include third party materials. \ No newline at end of file