neil/sonarqube-action
1
0
Fork 0
mirror of https://github.com/kitabisa/sonarqube-action.git synced 2025-11-02 22:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: neil:master
Branches Tags
neil:master
neil:development
neil:v1.2.1
neil:v1.2.0
neil:v1.1.2
neil:v1.1.1
neil:v1.1.0
neil:v1.0.1
neil:v1.0.1-dev
neil:v1.0.0
neil:v1.0.0-rc.1
neil:v0.1.2
neil:v0.0.1
..
compare: neil:v1.0.0
Branches Tags
neil:master
neil:development
neil:v1.2.1
neil:v1.2.0
neil:v1.1.2
neil:v1.1.1
neil:v1.1.0
neil:v1.0.1
neil:v1.0.1-dev
neil:v1.0.0
neil:v1.0.0-rc.1
neil:v0.1.2
neil:v0.0.1

No commits in common. "master" and "v1.0.0" have entirely different histories.
master ... v1.0.0

5 changed files with 50 additions and 92 deletions
Show Stats Expand all files Collapse all files

1
CODEOWNERS
View File

@ -1 +0,0 @@
* @dwisiswant0

11
Dockerfile
View File

@ -1,15 +1,22 @@
FROM sonarsource/sonar-scanner-cli:4 FROM newtmitch/sonar-scanner:4.0.0-alpine
LABEL "com.github.actions.name"="SonarQube Scan" LABEL "com.github.actions.name"="SonarQube Scan"
LABEL "com.github.actions.description"="Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages." LABEL "com.github.actions.description"="Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
LABEL "com.github.actions.icon"="check" LABEL "com.github.actions.icon"="check"
LABEL "com.github.actions.color"="green" LABEL "com.github.actions.color"="green"
LABEL version="0.0.2" LABEL version="0.0.1"
LABEL repository="https://github.com/kitabisa/sonarqube-action" LABEL repository="https://github.com/kitabisa/sonarqube-action"
LABEL homepage="https://kitabisa.github.io" LABEL homepage="https://kitabisa.github.io"
LABEL maintainer="dwisiswant0" LABEL maintainer="dwisiswant0"
RUN npm config set unsafe-perm true && \
npm install --silent --save-dev -g typescript@3.5.2 && \
npm config set unsafe-perm false
ENV NODE_PATH "/usr/lib/node_modules/"
RUN apk add --no-cache ca-certificates jq
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

58
README.md
View File

@ -2,76 +2,52 @@
Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages! Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
<img src="https://assets-eu-01.kc-usercontent.com/d1e40bf0-65fc-01ef-5235-9aeaedac229b/12e3974b-220d-4cde-8f17-2ff9fa9d9c27/SonarQube_Logo.svg" width="320px"> <img src="https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg" width="320px">
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
## Requirements ## Requirements
* [SonarQube server](https://docs.sonarqube.org/latest/setup/install-server/). * Have SonarQube on server. [Install now](https://docs.sonarqube.org/latest/setup/install-server/) if it's not already the case!
* That's all!
## Usage ## Usage
The workflow, usually declared in `.github/workflows/build.yaml`, looks like: The workflow, usually declared in `.github/workflows/build.yml`, looks like:
```yaml ```yaml
on: on: push
# Trigger analysis when pushing in master or pull requests, and when creating name: Main Workflow
# a pull request.
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
name: SonarQube Scan
jobs: jobs:
sonarqube: sonarQubeTrigger:
name: SonarQube Trigger name: SonarQube Trigger
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checking out - uses: actions/checkout@master
uses: actions/checkout@master
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarQube Scan - name: SonarQube Scan
uses: kitabisa/sonarqube-action@v1.2.0 uses: kitabisa/sonarqube-action@master
with: with:
host: ${{ secrets.SONARQUBE_HOST }} host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }} login: ${{ secrets.SONARQUBE_TOKEN }}
``` ```
You can change the analysis base directory and/or project key by using the optional input like this: You can change the analysis base directory and/ project key _(allowed characters: letters, numbers, -, \_, . and :, with at least one non-digit.)_ by using the optional input like this:
```yaml ```yaml
uses: kitabisa/sonarqube-action@master uses: kitabisa/sonarqube-action@master
with: with:
host: ${{ secrets.SONARQUBE_HOST }} projectBaseDir: "/path/to/my-custom-project"
login: ${{ secrets.SONARQUBE_TOKEN }}
projectBaseDir: "src/"
projectKey: "my-custom-project" projectKey: "my-custom-project"
projectName: "my-custom-project-name"
projectVersion: "v0.0.1"
``` ```
### Inputs ## Secrets
These are some of the supported input parameters of action. - `host` - **_(Required)_** this is the SonarQube server URL.
- `login` - **_(Required)_** the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See [how to generate SonarQube token](https://docs.sonarqube.org/latest/user-guide/user-token/).
- `password` - The password that goes with the `login` username. This should be left blank if an `login` are authentication token.
| **Parameter** | **Description** | **Required?** | **Default** | **Note** | You can set all variable in the "Secrets" settings page of your repository.
|----------------------|---------------------------------------------------|---------------|-------------|-----------------------------------------------------------------------------------------------|
| **`host`** | SonarQube server URL | 🟢 | | |
| **`login`** | Login or authentication token of a SonarQube user | 🟢 | | `Execute Analysis` permission required. |
| **`password`** | The password that goes with the `login` username | 🔴 | | This should be left blank if an `login` are authentication token. |
| **`projectBaseDir`** | Set custom project base directory analysis | 🔴 | `.` | |
| **`projectKey`** | The project's unique key | 🔴 | | Allowed characters are: letters, numbers, `-`, `_`, `.` and `:`, with at least one non-digit. |
| **`projectName`** | Name of the project | 🔴 | | It will be displayed on the SonarQube web interface. |
| **`projectVersion`** | The project version | 🔴 | | |
| **`encoding`** | Encoding of the source code | 🔴 | `UTF-8` | |
> [!NOTE]
> If you opt to configure the project metadata and other related settings in a **`sonar-project.properties`** file (must be placed within the base directory, `projectBaseDir`) instead of using input parameters, this action is compatible with that approach!
## License ## License

13
action.yaml
View File

@ -1,18 +1,15 @@
name: "SonarQube Scan" name: "SonarQube Scan"
description: "Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages." description: "Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
author: "Dwi Siswanto" author: "Dwi Siswanto"
branding: branding:
icon: "check" icon: "check"
color: "green" color: "green"
runs: runs:
using: "docker" using: "docker"
image: "Dockerfile" image: "Dockerfile"
inputs: inputs:
host: host:
description: "SonarQube server URL." description: "SonarQube server URL"
required: true required: true
projectKey: projectKey:
description: "The project's unique key. Allowed characters are: letters, numbers, -, _, . and :, with at least one non-digit." description: "The project's unique key. Allowed characters are: letters, numbers, -, _, . and :, with at least one non-digit."
@ -27,16 +24,12 @@ inputs:
required: false required: false
default: "" default: ""
projectBaseDir: projectBaseDir:
description: "Set the sonar.projectBaseDir analysis property." description: "Set the sonar.projectBaseDir analysis property"
required: false required: false
default: "." default: "."
login: login:
description: "Login or authentication token of a SonarQube user." description: "Login or authentication token of a SonarQube user"
required: true required: true
password: password:
description: "Password that goes with the sonar.login username. This should be left blank if an authentication token is being used." description: "Password that goes with the sonar.login username. This should be left blank if an authentication token is being used."
required: false required: false
encoding:
description: "Encoding of the source code."
required: false
default: "UTF-8"

57
entrypoint.sh
View File

@ -2,44 +2,27 @@
set -e set -e
REPOSITORY_NAME=$(basename "${GITHUB_REPOSITORY}") if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
EVENT_ACTION=$(jq -r ".action" "${GITHUB_EVENT_PATH}")
if [[ ! -z "${INPUT_PASSWORD}" ]]; then if [[ "${EVENT_ACTION}" != "opened" ]]; then
echo "::warning ::Running this GitHub Action without authentication token is NOT recommended!" echo "No need to run analysis. It is already triggered by the push event."
SONAR_PASSWORD="${INPUT_PASSWORD}" exit 78
else fi
SONAR_PASSWORD=""
fi fi
if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then [[ ! -z ${INPUT_PASSWORD} ]] && SONAR_PASSWORD="${INPUT_PASSWORD}" || SONAR_PASSWORD=""
echo "::error file=${INPUT_PROJECTBASEDIR%/}/pom.xml::Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action." [[ -z ${INPUT_PROJECTKEY} ]] && SONAR_PROJECTKEY="${PWD##*/}" || SONAR_PROJECTKEY="${INPUT_PROJECTKEY}"
exit 1 [[ -z ${INPUT_PROJECTNAME} ]] && SONAR_PROJECTNAME="${PWD##*/}" || SONAR_PROJECTNAME="${INPUT_PROJECTNAME}"
fi [[ -z ${INPUT_PROJECTVERSION} ]] && SONAR_PROJECTVERSION="" || SONAR_PROJECTVERSION="${INPUT_PROJECTVERSION}"
if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" ]]; then
echo "::error file=${INPUT_PROJECTBASEDIR%/}/build.gradle::Gradle project detected. You should use the SonarQube plugin for Gradle during build rather than using this GitHub Action."
exit 1
fi
unset JAVA_HOME sonar-scanner \
-Dsonar.host.url=${INPUT_HOST} \
if [[ ! -f "${INPUT_PROJECTBASEDIR%/}/sonar-project.properties" ]]; then -Dsonar.projectKey=${SONAR_PROJECTKEY} \
[[ -z "${INPUT_PROJECTKEY}" ]] && SONAR_PROJECTKEY="${REPOSITORY_NAME}" || SONAR_PROJECTKEY="${INPUT_PROJECTKEY}" -Dsonar.projectName=${SONAR_PROJECTNAME} \
[[ -z "${INPUT_PROJECTNAME}" ]] && SONAR_PROJECTNAME="${REPOSITORY_NAME}" || SONAR_PROJECTNAME="${INPUT_PROJECTNAME}" -Dsonar.projectVersion=${SONAR_PROJECTVERSION} \
[[ -z "${INPUT_PROJECTVERSION}" ]] && SONAR_PROJECTVERSION="" || SONAR_PROJECTVERSION="${INPUT_PROJECTVERSION}" -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} \
sonar-scanner \ -Dsonar.login=${INPUT_LOGIN} \
-Dsonar.host.url="${INPUT_HOST}" \ -Dsonar.password=${INPUT_PASSWORD} \
-Dsonar.projectKey="${SONAR_PROJECTKEY}" \ -Dsonar.sources=. \
-Dsonar.projectName="${SONAR_PROJECTNAME}" \ -Dsonar.sourceEncoding=UTF-8
-Dsonar.projectVersion="${SONAR_PROJECTVERSION}" \
-Dsonar.projectBaseDir="${INPUT_PROJECTBASEDIR}" \
-Dsonar.login="${INPUT_LOGIN}" \
-Dsonar.password="${SONAR_PASSWORD}" \
-Dsonar.sources="${INPUT_PROJECTBASEDIR}" \
-Dsonar.sourceEncoding="${INPUT_ENCODING}"
else
sonar-scanner \
-Dsonar.host.url="${INPUT_HOST}" \
-Dsonar.login="${INPUT_LOGIN}" \
-Dsonar.password="${SONAR_PASSWORD}"
fi