tools/sonarqube-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tools:v0.0.1
Branches Tags
tools:master tools:development
tools:v0.0.3 tools:v1.2.1 tools:v1.2.0 tools:v1.1.2 tools:v1.1.1 tools:v1.1.0 tools:v1.0.1 tools:v1.0.1-dev tools:v1.0.0 tools:v1.0.0-rc.1 tools:v0.1.2 tools:v0.0.1
..
compare: tools:v0.1.2
Branches Tags
tools:master tools:development
tools:v0.0.3 tools:v1.2.1 tools:v1.2.0 tools:v1.1.2 tools:v1.1.1 tools:v1.1.0 tools:v1.0.1 tools:v1.0.1-dev tools:v1.0.0 tools:v1.0.0-rc.1 tools:v0.1.2 tools:v0.0.1

3 Commits
v0.0.1 ... v0.1.2

Author SHA1 Message Date
dw1
abc24397e0 Add jq package to Dockerfile 2020-06-23 00:45:57 +07:00
dw1
07b55c6b20 🐛 Bug fixed for #2 2020-06-23 00:40:38 +07:00
dw1
3d458002e9 update readme 2020-01-30 17:50:20 +07:00
3 changed files with 56 additions and 7 deletions
Expand all files Collapse all files

2
Dockerfile
View File

@@ -15,6 +15,8 @@ RUN npm config set unsafe-perm true && \
npm config set unsafe-perm false
ENV NODE_PATH "/usr/lib/node_modules/"
RUN apk add --no-cache ca-certificates jq
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

55
README.md
View File

@@ -1,2 +1,53 @@
# sonarqube-action
Integrate SonarQube scanner to GitHub Actions
# SonarQube GitHub Action
Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
<img src="https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg" width="320px">
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
## Requirements
* Have SonarQube on server. [Install now](https://docs.sonarqube.org/latest/setup/install-server/) if it's not already the case!
## Usage
The workflow, usually declared in `.github/workflows/build.yml`, looks like:
```yaml
on: push
name: Main Workflow
jobs:
sonarQubeTrigger:
name: SonarQube Trigger
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: SonarQube Scan
uses: kitabisa/sonarqube-action@master
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
```
You can change the analysis base directory by using the optional input `projectBaseDir` like this:
```yaml
uses: kitabisa/sonarqube-action@master
with:
projectBaseDir: my-custom-directory
```
## Secrets
- `host` - **_(Required)_** this is the SonarQube server URL.
- `login` - **_(Required)_** the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See [how to generate SonarQube token](https://docs.sonarqube.org/latest/user-guide/user-token/).
- `password` - The password that goes with the `login` username. This should be left blank if an `login` are authentication token.
You can set all variable in the "Secrets" settings page of your repository.
## License
The Dockerfile and associated scripts and documentation in this project are released under the MIT License.
Container images built with this project include third party materials.

6
entrypoint.sh
View File

@@ -10,11 +10,7 @@ if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
fi
fi
if [[ -z "${INPUT_PASSWORD}" ]]; then
SONAR_PASSWORD="&& true"
else
SONAR_PASSWORD="${INPUT_PASSWORD}"
fi
[[ ! -z ${INPUT_PASSWORD} ]] && SONAR_PASSWORD="${INPUT_PASSWORD}" || SONAR_PASSWORD=""
sonar-scanner \
-Dsonar.host.url=${INPUT_HOST} \