Skip to content

jacek-poreda-sonarsource/test-gh-action

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.github/workflows
.github/workflows
 
 
images
images
 
 
script
script
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

SonarQube Quality Gate check

Check the Quality Gate of your code with SonarQube to ensure your code meets your own quality standards before you release or deploy new features.

SonarQube is the leading product for Continuous Code Quality & Code Security. It supports most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and many more.

Requirements

Repository with SonarQube analysis results.

Usage

The workflow, usually declared in .github/workflows/build.yml, should look like this:

on:
  # Trigger analysis when pushing in master or pull requests, and when creating
  # a pull request. 
  push:
    branches:
      - master
  pull_request:
      types: [opened, synchronize, reopened]
name: Main Workflow
jobs:
  sonarqube:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting
        fetch-depth: 0
      #Triggering SonarQube analysis as results of it is required by Quality Gate check
    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@master
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
    - name: SonarQube Quality Gate check
      uses: sonarsource/sonarqube-quality-gate-action@master
      # Force to fail step after specific time
      timeout-minutes: 5
      env:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

You can change the location of the report metadata file by using the optional scanMetadataReportFile input:

uses: sonarsource/sonarqube-quality-gate-action@master
with:
  scanMetadataReportFile: target/sonar/report-task.txt

Environment variables

  • SONAR_TOKENRequired – this token is used to authenticate access to SonarQube. You can read more about security tokens here. You need to set the SONAR_TOKEN environment variable in the "Secrets" settings page of your repository.

Do not use this GitHub action if you are in the following situations

Have questions or feedback?

To provide feedback (request a feature or report a bug), please post on the SonarSource Community Forum with the tag sonarqube.

License

Scripts and documentation in this project are released under the LGPLv3 License.

Container images built with this project include third-party materials.

About

No description, website, or topics provided.

Resources

Readme

License

LGPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 1

0.1 Latest
May 21, 2021

Packages

No packages published

Contributors 2

  •  
  •  

Languages