tools/sonarqube-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tools:v0.0.1
Branches Tags
tools:master tools:development
tools:v0.0.3 tools:v1.2.1 tools:v1.2.0 tools:v1.1.2 tools:v1.1.1 tools:v1.1.0 tools:v1.0.1 tools:v1.0.1-dev tools:v1.0.0 tools:v1.0.0-rc.1 tools:v0.1.2 tools:v0.0.1
..
compare: tools:v0.1.2
Branches Tags
tools:master tools:development
tools:v0.0.3 tools:v1.2.1 tools:v1.2.0 tools:v1.1.2 tools:v1.1.1 tools:v1.1.0 tools:v1.0.1 tools:v1.0.1-dev tools:v1.0.0 tools:v1.0.0-rc.1 tools:v0.1.2 tools:v0.0.1

3 Commits
v0.0.1 ... v0.1.2

Author SHA1 Message Date
dw1
abc24397e0 Add jq package to Dockerfile 2020-06-23 00:45:57 +07:00
dw1
07b55c6b20 🐛 Bug fixed for #2 2020-06-23 00:40:38 +07:00
dw1
3d458002e9 update readme 2020-01-30 17:50:20 +07:00
3 changed files with 56 additions and 7 deletions
Expand all files Collapse all files

2
Dockerfile
View File

@@ -15,6 +15,8 @@ RUN npm config set unsafe-perm true && \
npm config set unsafe-perm false npm config set unsafe-perm false
ENV NODE_PATH "/usr/lib/node_modules/" ENV NODE_PATH "/usr/lib/node_modules/"
RUN apk add --no-cache ca-certificates jq
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

55
README.md
View File

@@ -1,2 +1,53 @@
# sonarqube-action # SonarQube GitHub Action
Integrate SonarQube scanner to GitHub Actions
Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
<img src="https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg" width="320px">
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
## Requirements
* Have SonarQube on server. [Install now](https://docs.sonarqube.org/latest/setup/install-server/) if it's not already the case!
## Usage
The workflow, usually declared in `.github/workflows/build.yml`, looks like:
```yaml
on: push
name: Main Workflow
jobs:
sonarQubeTrigger:
name: SonarQube Trigger
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: SonarQube Scan
uses: kitabisa/sonarqube-action@master
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
```
You can change the analysis base directory by using the optional input `projectBaseDir` like this:
```yaml
uses: kitabisa/sonarqube-action@master
with:
projectBaseDir: my-custom-directory
```
## Secrets
- `host` - **_(Required)_** this is the SonarQube server URL.
- `login` - **_(Required)_** the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See [how to generate SonarQube token](https://docs.sonarqube.org/latest/user-guide/user-token/).
- `password` - The password that goes with the `login` username. This should be left blank if an `login` are authentication token.
You can set all variable in the "Secrets" settings page of your repository.
## License
The Dockerfile and associated scripts and documentation in this project are released under the MIT License.
Container images built with this project include third party materials.

6
entrypoint.sh
View File

@@ -10,11 +10,7 @@ if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
fi fi
fi fi
if [[ -z "${INPUT_PASSWORD}" ]]; then [[ ! -z ${INPUT_PASSWORD} ]] && SONAR_PASSWORD="${INPUT_PASSWORD}" || SONAR_PASSWORD=""
SONAR_PASSWORD="&& true"
else
SONAR_PASSWORD="${INPUT_PASSWORD}"
fi
sonar-scanner \ sonar-scanner \
-Dsonar.host.url=${INPUT_HOST} \ -Dsonar.host.url=${INPUT_HOST} \