2025-11-03 15:04:18 +08:00
7 changed files with 41 additions and 213 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -1,25 +0,0 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: ''
 labels: bug
 assignees: dwisiswant0
 ---
 ### Issue and Steps to Reproduce
 <!-- Describe your issue and tell us how to reproduce it (include any useful information). -->
 ### Versions
 ### Screenshots
 #### Expected
 #### Actual
 ### Specifications
  - Version:
  - Platform:
  - Subsystem:
--- a/1
+++ b/1
@ -1 +0,0 @@
 * @dwisiswant0
--- a/9
+++ b/9
@ -1,15 +1,20 @@
-FROM sonarsource/sonar-scanner-cli:4
+FROM newtmitch/sonar-scanner:4.0.0-alpine
 LABEL "com.github.actions.name"="SonarQube Scan"
 LABEL "com.github.actions.description"="Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
 LABEL "com.github.actions.icon"="check"
 LABEL "com.github.actions.color"="green"
-LABEL version="0.0.2"
+LABEL version="0.0.1"
 LABEL repository="https://github.com/kitabisa/sonarqube-action"
 LABEL homepage="https://kitabisa.github.io"
 LABEL maintainer="dwisiswant0"
 RUN npm config set unsafe-perm true && \
  npm install --silent --save-dev -g typescript@3.5.2 && \
  npm config set unsafe-perm false
 ENV NODE_PATH "/usr/lib/node_modules/"
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/PULL_REQUEST_TEMPLATE.md
+++ b/PULL_REQUEST_TEMPLATE.md
@ -1,37 +0,0 @@
 THIS PROJECT IS IN MAINTENANCE MODE. We accept pull-requests for Bug Fixes **ONLY**. NO NEW FEATURES ACCEPTED!
 ---
 <!--- Provide a general summary of your changes in the Title above -->
 ### Description
 <!--- Describe your changes in detail -->
 ### Related Issue
 Fixes #
 <!--- This project only accepts pull requests related to open issues -->
 <!--- If suggesting a new feature or change, please discuss it in an issue first -->
 <!--- If fixing a bug, there should be an issue describing it with steps to reproduce -->
 <!--- Please link to the issue here: -->
 ### Motivation and Context
 <!--- Why is this change required? What problem does it solve? -->
 <!--- If it fixes an open issue, please link to the issue here. -->
 ### Types of Changes
 <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] ~New feature (non-breaking change which adds functionality)~
 - [ ] Breaking change (fix or feature that would cause existing functionality to change)
 - [ ] My code follows the code style of this project.
 - [ ] My change requires a change to the documentation.
 - [ ] I have updated the documentation accordingly.
 - [ ] All new and existing tests passed.
 ### How Has This Been Tested?
 <!--- Please describe in detail how you tested your changes. -->
 <!--- Include details of your testing environment, and the tests you ran to -->
 <!--- see how your change affects other areas of the code, etc. -->
 ### Screenshots (if appropriate):
--- a/README.md
+++ b/README.md
@ -1,80 +1,2 @@
-# SonarQube GitHub Action
+# sonarqube-action
-
+Integrate SonarQube scanner to GitHub Actions
 Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
 <img src="https://assets-eu-01.kc-usercontent.com/d1e40bf0-65fc-01ef-5235-9aeaedac229b/12e3974b-220d-4cde-8f17-2ff9fa9d9c27/SonarQube_Logo.svg" width="320px">
 SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
 ## Requirements
 * [SonarQube server](https://docs.sonarqube.org/latest/setup/install-server/).
 * That's all!
 ## Usage
 The workflow, usually declared in `.github/workflows/build.yaml`, looks like:
 ```yaml
 on:
  # Trigger analysis when pushing in master or pull requests, and when creating
  # a pull request. 
  push:
    branches:
      - master
  pull_request:
      types: [opened, synchronize, reopened]
 name: SonarQube Scan
 jobs:
  sonarqube:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
    - name: Checking out
      uses: actions/checkout@master
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting
        fetch-depth: 0
    - name: SonarQube Scan
      uses: kitabisa/sonarqube-action@v1.2.0
      with:
        host: ${{ secrets.SONARQUBE_HOST }}
        login: ${{ secrets.SONARQUBE_TOKEN }}
 ```
 You can change the analysis base directory and/or project key by using the optional input like this:
 ```yaml
 uses: kitabisa/sonarqube-action@master
 with:
  host: ${{ secrets.SONARQUBE_HOST }}
  login: ${{ secrets.SONARQUBE_TOKEN }}
  projectBaseDir: "src/"
  projectKey: "my-custom-project"
 ```
 ### Inputs
 These are some of the supported input parameters of action.
 | **Parameter**        | **Description**                                   | **Required?** | **Default** | **Note**                                                                                      |
 |----------------------|---------------------------------------------------|---------------|-------------|-----------------------------------------------------------------------------------------------|
 | **`host`**           | SonarQube server URL                              | 🟢            |             |                                                                                               |
 | **`login`**          | Login or authentication token of a SonarQube user | 🟢            |             | `Execute Analysis` permission required.                                                       |
 | **`password`**       | The password that goes with the `login` username  | 🔴            |             | This should be left blank if an `login` are authentication token.                             |
 | **`projectBaseDir`** | Set custom project base directory analysis        | 🔴            | `.`         |                                                                                               |
 | **`projectKey`**     | The project's unique key                          | 🔴            |             | Allowed characters are: letters, numbers, `-`, `_`, `.` and `:`, with at least one non-digit. |
 | **`projectName`**    | Name of the project                               | 🔴            |             | It will be displayed on the SonarQube web interface.                                          |
 | **`projectVersion`** | The project version                               | 🔴            |             |                                                                                               |
 | **`encoding`**       | Encoding of the source code                       | 🔴            | `UTF-8`     |                                                                                               |
 > [!NOTE]
 > If you opt to configure the project metadata and other related settings in a **`sonar-project.properties`** file (must be placed within the base directory, `projectBaseDir`) instead of using input parameters, this action is compatible with that approach!
 ## License
 The Dockerfile and associated scripts and documentation in this project are released under the MIT License.
 Container images built with this project include third party materials.
--- a/action.yaml
+++ b/action.yaml
@ -1,42 +1,23 @@
-name: "SonarQube Scan"
+name: 'SonarQube Scan'
-description: "Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
+description: 'Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages.'
-author: "Dwi Siswanto"
+author: 'Dwi Siswanto'
 branding:
-  icon: "check"
+  icon: 'check'
-  color: "green"
+  color: 'green'
 runs:
-  using: "docker"
+  using: 'docker'
-  image: "Dockerfile"
+  image: 'Dockerfile'
 inputs:
  host:
-    description: "SonarQube server URL."
+    description: 'SonarQube server URL'
    required: true
  projectKey:
    description: "The project's unique key. Allowed characters are: letters, numbers, -, _, . and :, with at least one non-digit."
    required: false
    default: ""
  projectName:
    description: "Name of the project that will be displayed on the web interface."
    required: false
    default: ""
  projectVersion:
    description: "The project version."
    required: false
    default: ""
  projectBaseDir:
-    description: "Set the sonar.projectBaseDir analysis property."
+    description: 'Set the sonar.projectBaseDir analysis property'
    required: false
-    default: "."
+    default: '.'
  login:
-    description: "Login or authentication token of a SonarQube user."
+    description: 'Login or authentication token of a SonarQube user'
    required: true
  password:
-    description: "Password that goes with the sonar.login username. This should be left blank if an authentication token is being used."
+    description: 'Password that goes with the sonar.login username. This should be left blank if an authentication token is being used.'
    required: false
  encoding:
    description: "Encoding of the source code."
    required: false
    default: "UTF-8"
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -2,44 +2,27 @@
 set -e
-REPOSITORY_NAME=$(basename "${GITHUB_REPOSITORY}")
+if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
 	EVENT_ACTION=$(jq -r ".action" "${GITHUB_EVENT_PATH}")
 	if [[ "${EVENT_ACTION}" != "opened" ]]; then
 		echo "No need to run analysis. It is already triggered by the push event."
 		exit 78
 	fi
 fi
-if [[ ! -z "${INPUT_PASSWORD}" ]]; then
+if [[ -z "${INPUT_PASSWORD}" ]]; then
-  echo "::warning ::Running this GitHub Action without authentication token is NOT recommended!"
+	SONAR_PASSWORD="&& true"
  SONAR_PASSWORD="${INPUT_PASSWORD}"
 else
-  SONAR_PASSWORD=""
+	SONAR_PASSWORD="${INPUT_PASSWORD}"
 fi
-if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
+sonar-scanner \
-  echo "::error file=${INPUT_PROJECTBASEDIR%/}/pom.xml::Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
+	-Dsonar.host.url=${INPUT_HOST} \
-  exit 1
+	-Dsonar.projectKey=${PWD##*/} \
-fi
+	-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} \
 	-Dsonar.login=${INPUT_LOGIN} \
 	-Dsonar.password=${INPUT_PASSWORD} \
 	-Dsonar.sources=. \
 	-Dsonar.sourceEncoding=UTF-8 \
 	${SONAR_PASSWORD}
 if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" ]]; then
  echo "::error file=${INPUT_PROJECTBASEDIR%/}/build.gradle::Gradle project detected. You should use the SonarQube plugin for Gradle during build rather than using this GitHub Action."
  exit 1
 fi
 unset JAVA_HOME
 if [[ ! -f "${INPUT_PROJECTBASEDIR%/}/sonar-project.properties" ]]; then
  [[ -z "${INPUT_PROJECTKEY}" ]] && SONAR_PROJECTKEY="${REPOSITORY_NAME}" || SONAR_PROJECTKEY="${INPUT_PROJECTKEY}"
  [[ -z "${INPUT_PROJECTNAME}" ]] && SONAR_PROJECTNAME="${REPOSITORY_NAME}" || SONAR_PROJECTNAME="${INPUT_PROJECTNAME}"
  [[ -z "${INPUT_PROJECTVERSION}" ]] && SONAR_PROJECTVERSION="" || SONAR_PROJECTVERSION="${INPUT_PROJECTVERSION}"
  sonar-scanner \
    -Dsonar.host.url="${INPUT_HOST}" \
    -Dsonar.projectKey="${SONAR_PROJECTKEY}" \
    -Dsonar.projectName="${SONAR_PROJECTNAME}" \
    -Dsonar.projectVersion="${SONAR_PROJECTVERSION}" \
    -Dsonar.projectBaseDir="${INPUT_PROJECTBASEDIR}" \
    -Dsonar.login="${INPUT_LOGIN}" \
    -Dsonar.password="${SONAR_PASSWORD}" \
    -Dsonar.sources="${INPUT_PROJECTBASEDIR}" \
    -Dsonar.sourceEncoding="${INPUT_ENCODING}"
 else
  sonar-scanner \
    -Dsonar.host.url="${INPUT_HOST}" \
    -Dsonar.login="${INPUT_LOGIN}" \
    -Dsonar.password="${SONAR_PASSWORD}"
 fi