Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
2c71c02934 | ||
|
|
3fae1b5ce1 | ||
|
|
616b2df627 | ||
|
|
72254bbe1e | ||
|
|
9017aabde4 | ||
|
|
a76da8f0e6 |
@@ -1 +1 @@
|
|||||||
* @kitabisa/security @dwisiswant0
|
* @dwisiswant0
|
||||||
14
Dockerfile
14
Dockerfile
@@ -1,15 +1,15 @@
|
|||||||
FROM sonarsource/sonar-scanner-cli:4
|
FROM sonarsource/sonar-scanner-cli:11.5
|
||||||
|
|
||||||
LABEL "com.github.actions.name"="SonarQube Scan"
|
LABEL "com.github.actions.name"="SonarQube Scan"
|
||||||
LABEL "com.github.actions.description"="Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
|
LABEL "com.github.actions.description"="Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages."
|
||||||
LABEL "com.github.actions.icon"="check"
|
LABEL "com.github.actions.icon"="check"
|
||||||
LABEL "com.github.actions.color"="green"
|
LABEL "com.github.actions.color"="green"
|
||||||
|
|
||||||
LABEL version="0.0.2"
|
LABEL version="0.0.3"
|
||||||
LABEL repository="https://github.com/kitabisa/sonarqube-action"
|
LABEL repository="https://code.caldwell.digital/tools/sonarqube-action"
|
||||||
LABEL homepage="https://kitabisa.github.io"
|
LABEL homepage="https://caldwell.digital"
|
||||||
LABEL maintainer="dwisiswant0"
|
LABEL maintainer="brock"
|
||||||
|
|
||||||
|
COPY --chmod=777 entrypoint.sh /entrypoint.sh
|
||||||
|
|
||||||
COPY entrypoint.sh /entrypoint.sh
|
|
||||||
RUN chmod +x /entrypoint.sh
|
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
|||||||
25
README.md
25
README.md
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
|
Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
|
||||||
|
|
||||||
<img src="https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg" width="320px">
|
<img src="https://assets-eu-01.kc-usercontent.com/d1e40bf0-65fc-01ef-5235-9aeaedac229b/12e3974b-220d-4cde-8f17-2ff9fa9d9c27/SonarQube_Logo.svg" width="320px">
|
||||||
|
|
||||||
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
|
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
|
||||||
|
|
||||||
@@ -58,17 +58,20 @@ with:
|
|||||||
|
|
||||||
These are some of the supported input parameters of action.
|
These are some of the supported input parameters of action.
|
||||||
|
|
||||||
- `host` - **_(Required)_** this is the SonarQube server URL.
|
| **Parameter** | **Description** | **Required?** | **Default** | **Note** |
|
||||||
- `login` - **_(Required)_** the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See [how to generate SonarQube token](https://docs.sonarqube.org/latest/user-guide/user-token/).
|
|----------------------|---------------------------------------------------|---------------|-------------|-----------------------------------------------------------------------------------------------|
|
||||||
- `password` - The password that goes with the `login` username. This should be left blank if an `login` are authentication token.
|
| **`host`** | SonarQube server URL | 🟢 | | |
|
||||||
- `projectBaseDir` - Set custom project base directory analysis.
|
| **`login`** | Login or authentication token of a SonarQube user | 🟢 | | `Execute Analysis` permission required. |
|
||||||
- `projectKey` - The project's unique key _(allowed characters are: letters, numbers, `-`, `_`, `.` and `:`, with at least one non-digit)_.
|
| **`password`** | The password that goes with the `login` username | 🔴 | | This should be left blank if an `login` are authentication token. |
|
||||||
- `projectName` - Name of the project that will be displayed on the SonarQube web interface.
|
| **`projectBaseDir`** | Set custom project base directory analysis | 🔴 | `.` | |
|
||||||
- `projectVersion` - The project version.
|
| **`projectKey`** | The project's unique key | 🔴 | | Allowed characters are: letters, numbers, `-`, `_`, `.` and `:`, with at least one non-digit. |
|
||||||
- `encoding` - Encoding of the source code. Default is UTF-8.
|
| **`projectName`** | Name of the project | 🔴 | | It will be displayed on the SonarQube web interface. |
|
||||||
|
| **`projectVersion`** | The project version | 🔴 | | |
|
||||||
|
| **`encoding`** | Encoding of the source code | 🔴 | `UTF-8` | |
|
||||||
|
|
||||||
> **Note**:
|
|
||||||
> If you're thinking of setting project metadata & other related things in a **`sonar-project.properties`** configuration file _(must be declared in the base directory `projectBaseDir`)_ instead of going through the [input parameters](#inputs), this action supports that!
|
> [!NOTE]
|
||||||
|
> If you opt to configure the project metadata and other related settings in a **`sonar-project.properties`** file (must be placed within the base directory, `projectBaseDir`) instead of using input parameters, this action is compatible with that approach!
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
|||||||
@@ -11,19 +11,19 @@ else
|
|||||||
SONAR_PASSWORD=""
|
SONAR_PASSWORD=""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f "${INPUT_PROJECTBASEDIR%/}pom.xml" ]]; then
|
if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
|
||||||
echo "::error file=${INPUT_PROJECTBASEDIR%/}pom.xml::Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
|
echo "::error file=${INPUT_PROJECTBASEDIR%/}pom.xml::Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f "${INPUT_PROJECTBASEDIR%/}build.gradle" ]]; then
|
if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" ]]; then
|
||||||
echo "::error file=${INPUT_PROJECTBASEDIR%/}build.gradle::Gradle project detected. You should use the SonarQube plugin for Gradle during build rather than using this GitHub Action."
|
echo "::error file=${INPUT_PROJECTBASEDIR%/}build.gradle::Gradle project detected. You should use the SonarQube plugin for Gradle during build rather than using this GitHub Action."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
unset JAVA_HOME
|
unset JAVA_HOME
|
||||||
|
|
||||||
if [[ ! -f "${INPUT_PROJECTBASEDIR%/}sonar-project.properties" ]]; then
|
if [[ ! -f "${INPUT_PROJECTBASEDIR%/}/sonar-project.properties" ]]; then
|
||||||
[[ -z "${INPUT_PROJECTKEY}" ]] && SONAR_PROJECTKEY="${REPOSITORY_NAME}" || SONAR_PROJECTKEY="${INPUT_PROJECTKEY}"
|
[[ -z "${INPUT_PROJECTKEY}" ]] && SONAR_PROJECTKEY="${REPOSITORY_NAME}" || SONAR_PROJECTKEY="${INPUT_PROJECTKEY}"
|
||||||
[[ -z "${INPUT_PROJECTNAME}" ]] && SONAR_PROJECTNAME="${REPOSITORY_NAME}" || SONAR_PROJECTNAME="${INPUT_PROJECTNAME}"
|
[[ -z "${INPUT_PROJECTNAME}" ]] && SONAR_PROJECTNAME="${REPOSITORY_NAME}" || SONAR_PROJECTNAME="${INPUT_PROJECTNAME}"
|
||||||
[[ -z "${INPUT_PROJECTVERSION}" ]] && SONAR_PROJECTVERSION="" || SONAR_PROJECTVERSION="${INPUT_PROJECTVERSION}"
|
[[ -z "${INPUT_PROJECTVERSION}" ]] && SONAR_PROJECTVERSION="" || SONAR_PROJECTVERSION="${INPUT_PROJECTVERSION}"
|
||||||
|
|||||||
Reference in New Issue
Block a user