Merge pull request #30 from leonardomerlin/patch-1

fix: use official sonnar scanner docker image

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,25 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: dwisiswant0
+
+---
+
+### Issue and Steps to Reproduce
+<!-- Describe your issue and tell us how to reproduce it (include any useful information). -->
+
+### Versions
+
+### Screenshots
+
+#### Expected
+
+#### Actual
+
+### Specifications
+
+  - Version:
+  - Platform:
+  - Subsystem:

Dockerfile

@@ -1,22 +1,24 @@
-FROM newtmitch/sonar-scanner:4.0.0-alpine
+FROM sonarsource/sonar-scanner-cli:4
 
 LABEL "com.github.actions.name"="SonarQube Scan"
 LABEL "com.github.actions.description"="Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
 LABEL "com.github.actions.icon"="check"
 LABEL "com.github.actions.color"="green"
 
-LABEL version="0.0.1"
+LABEL version="0.0.2"
 LABEL repository="https://github.com/kitabisa/sonarqube-action"
 LABEL homepage="https://kitabisa.github.io"
 LABEL maintainer="dwisiswant0"
 
 RUN npm config set unsafe-perm true && \
   npm install --silent --save-dev -g typescript@3.5.2 && \
-  npm config set unsafe-perm false
+  npm config set unsafe-perm false && \
+  apk add --no-cache ca-certificates jq
+
 ENV NODE_PATH "/usr/lib/node_modules/"
 
-RUN apk add --no-cache ca-certificates jq
-
 COPY entrypoint.sh /entrypoint.sh
+
 RUN chmod +x /entrypoint.sh
+
 ENTRYPOINT ["/entrypoint.sh"]

PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,37 @@
+THIS PROJECT IS IN MAINTENANCE MODE. We accept pull-requests for Bug Fixes **ONLY**. NO NEW FEATURES ACCEPTED!
+
+---
+
+<!--- Provide a general summary of your changes in the Title above -->
+
+### Description
+<!--- Describe your changes in detail -->
+
+### Related Issue
+
+Fixes #
+<!--- This project only accepts pull requests related to open issues -->
+<!--- If suggesting a new feature or change, please discuss it in an issue first -->
+<!--- If fixing a bug, there should be an issue describing it with steps to reproduce -->
+<!--- Please link to the issue here: -->
+
+### Motivation and Context
+<!--- Why is this change required? What problem does it solve? -->
+<!--- If it fixes an open issue, please link to the issue here. -->
+
+### Types of Changes
+<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] ~New feature (non-breaking change which adds functionality)~
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+- [ ] My code follows the code style of this project.
+- [ ] My change requires a change to the documentation.
+- [ ] I have updated the documentation accordingly.
+- [ ] All new and existing tests passed.
+
+### How Has This Been Tested?
+<!--- Please describe in detail how you tested your changes. -->
+<!--- Include details of your testing environment, and the tests you ran to -->
+<!--- see how your change affects other areas of the code, etc. -->
+
+### Screenshots (if appropriate):

README.md

@@ -24,18 +24,21 @@ jobs:
     steps:
     - uses: actions/checkout@master
     - name: SonarQube Scan
-      uses: kitabisa/sonarqube-action@master
+      uses: kitabisa/sonarqube-action@v1.1.0
       with:
         host: ${{ secrets.SONARQUBE_HOST }}
         login: ${{ secrets.SONARQUBE_TOKEN }}
 ```
 
-You can change the analysis base directory by using the optional input `projectBaseDir` like this:
+You can change the analysis base directory and/ project key _(allowed characters: letters, numbers, -, \_, . and :, with at least one non-digit.)_ by using the optional input like this:
 
 ```yaml
 uses: kitabisa/sonarqube-action@master
 with:
-  projectBaseDir: my-custom-directory
+  projectBaseDir: "/path/to/my-custom-project"
+  projectKey: "my-custom-project"
+  projectName: "my-custom-project-name"
+  projectVersion: "v0.0.1"
 ```
 
 ## Secrets

action.yaml

@@ -1,23 +1,35 @@
-name: 'SonarQube Scan'
-description: 'Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages.'
-author: 'Dwi Siswanto'
+name: "SonarQube Scan"
+description: "Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
+author: "Dwi Siswanto"
 branding:
-  icon: 'check'
-  color: 'green'
+  icon: "check"
+  color: "green"
 runs:
-  using: 'docker'
-  image: 'Dockerfile'
+  using: "docker"
+  image: "Dockerfile"
 inputs:
   host:
-    description: 'SonarQube server URL'
+    description: "SonarQube server URL"
     required: true
-  projectBaseDir:
-    description: 'Set the sonar.projectBaseDir analysis property'
+  projectKey:
+    description: "The project's unique key. Allowed characters are: letters, numbers, -, _, . and :, with at least one non-digit."
     required: false
-    default: '.'
+    default: ""
+  projectName:
+    description: "Name of the project that will be displayed on the web interface."
+    required: false
+    default: ""
+  projectVersion:
+    description: "The project version."
+    required: false
+    default: ""
+  projectBaseDir:
+    description: "Set the sonar.projectBaseDir analysis property"
+    required: false
+    default: "."
   login:
-    description: 'Login or authentication token of a SonarQube user'
+    description: "Login or authentication token of a SonarQube user"
     required: true
   password:
-    description: 'Password that goes with the sonar.login username. This should be left blank if an authentication token is being used.'
+    description: "Password that goes with the sonar.login username. This should be left blank if an authentication token is being used."
     required: false

entrypoint.sh

@@ -6,19 +6,32 @@ if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
 	EVENT_ACTION=$(jq -r ".action" "${GITHUB_EVENT_PATH}")
 	if [[ "${EVENT_ACTION}" != "opened" ]]; then
 		echo "No need to run analysis. It is already triggered by the push event."
-		exit 78
+		exit
 	fi
 fi
 
+REPOSITORY_NAME=$(basename "${GITHUB_REPOSITORY}")
+
 [[ ! -z ${INPUT_PASSWORD} ]] && SONAR_PASSWORD="${INPUT_PASSWORD}" || SONAR_PASSWORD=""
 
-sonar-scanner \
-	-Dsonar.host.url=${INPUT_HOST} \
-	-Dsonar.projectKey=${PWD##*/} \
-	-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} \
-	-Dsonar.login=${INPUT_LOGIN} \
-	-Dsonar.password=${INPUT_PASSWORD} \
-	-Dsonar.sources=. \
-	-Dsonar.sourceEncoding=UTF-8 \
-	${SONAR_PASSWORD}
-
+if [[ ! -f "${GITHUB_WORKSPACE}/sonar-project.properties" ]]; then
+  [[ -z ${INPUT_PROJECTKEY} ]] && SONAR_PROJECTKEY="${REPOSITORY_NAME}" || SONAR_PROJECTKEY="${INPUT_PROJECTKEY}"
+  [[ -z ${INPUT_PROJECTNAME} ]] && SONAR_PROJECTNAME="${REPOSITORY_NAME}" || SONAR_PROJECTNAME="${INPUT_PROJECTNAME}"
+  [[ -z ${INPUT_PROJECTVERSION} ]] && SONAR_PROJECTVERSION="" || SONAR_PROJECTVERSION="${INPUT_PROJECTVERSION}"
+  sonar-scanner \
+    -Dsonar.host.url=${INPUT_HOST} \
+    -Dsonar.projectKey=${SONAR_PROJECTKEY} \
+    -Dsonar.projectName=${SONAR_PROJECTNAME} \
+    -Dsonar.projectVersion=${SONAR_PROJECTVERSION} \
+    -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} \
+    -Dsonar.login=${INPUT_LOGIN} \
+    -Dsonar.password=${SONAR_PASSWORD} \
+    -Dsonar.sources=. \
+    -Dsonar.sourceEncoding=UTF-8
+else
+  sonar-scanner \
+    -Dsonar.host.url=${INPUT_HOST} \
+    -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} \
+    -Dsonar.login=${INPUT_LOGIN} \
+    -Dsonar.password=${SONAR_PASSWORD}
+fi