on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
name: Main Workflow
jobs:
sonarcloud:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
sonarcloud-github-action
Integrate SonarCloud code analysis to GitHub Actions
This document provides information to set up SonarCloud GitHub Action with configured code analysis for our CI/CD pipelines. This helps to maintain code quality through automated static code analysis.
By using SonarCloud with GitHub Actions, we will be able to automatically check our code for quality or security issues, significantly improving our codebase's health.
SonarCloud allows the detection of bugs, code smells, and security vulnerabilities before merging, ensuring high-quality code.
How to Change the Analysis Base Directory?
-
Setting Project Base Directory:
- You can change the analysis base directory by using the optional input
projectBaseDir.
uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
with:
projectBaseDir: my-custom-directory - You can change the analysis base directory by using the optional input
This is useful when your project is not located at the root of the repository.
How to Add Additional Analysis Parameters?
-
Using Additional Analysis Parameters:
- If you need to add extra parameters for the analysis, you can use the
argsoption.
- name: Analyze with SonarCloud
uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
with:
projectBaseDir: my-custom-directory
args: >
-Dsonar.organization=my-organization
-Dsonar.projectKey=my-projectkey
-Dsonar.python.coverage.reportPaths=coverage.xml
-Dsonar.sources=lib/
-Dsonar.test.exclusions=tests/**
-Dsonar.tests=tests/
-Dsonar.verbose=true - If you need to add extra parameters for the analysis, you can use the
This allows fine-tuning the analysis parameters to match the project’s requirements.
How to Set Secrets for SonarCloud Action?
- Setting Up Secrets:
- SONAR_TOKEN: This is required to authenticate access to SonarCloud. Generate a token on your SonarCloud Security page and set it in the "Secrets" settings page of your repository.
- GITHUB_TOKEN: This is provided by GitHub for authentication. Refer to GitHub's documentation on how to use it.
Properly managing secrets ensures secure and authenticated access to SonarCloud.
How to Clean the Workspace Manually?
-
Manual Workspace Cleanup:
- If the workspace is not cleaned up upon checkout, use the following step to clean it up manually.
- name: Clean the workspace
uses: docker://alpine
with:
args: /bin/sh -c "find \"${GITHUB_WORKSPACE}\" -mindepth 1 ! -name . -prune -exec rm -rf {} +"
This helps resolve permission issues that may occur with self-hosted runners.
How to Perform Pull Request Analysis?
-
Pull Request Analysis Example:
- To analyze a pull request with SonarCloud, configure the action as shown in the example. This ensures each PR is checked for quality before merging.
name: Analyze Pull Request
on:
pull_request:
branches:
- main
jobs:
sonarcloud:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Analyze with SonarCloud
uses: sonarsource/sonarcloud-github-[email protected]
with:
projectBaseDir: my-custom-directory
args: >
-Dsonar.organization=my-organization
-Dsonar.projectKey=my-projectkey
-Dsonar.python.coverage.reportPaths=coverage.xml
-Dsonar.sources=lib/
-Dsonar.test.exclusions=tests/**
-Dsonar.tests=tests/
-Dsonar.verbose=true
This setup ensures every pull request is analyzed, helping to catch issues early in the development process.