Skip to content

Update mobb-sonar.yaml #12

Update mobb-sonar.yaml

Update mobb-sonar.yaml #12

Workflow file for this run

# Mobb/SonarQube Fixer on pull requests.
#
# This workflow defines the needed steps to run SonarQube on every pull request
# and pass the results to Mobb Fixer.
#
# Secrets in use (add your missing ones):
#
# SONARQUBE_HOST_URL - your SonarQube server host. https://sonarcloud.io for cloud version.
# SONARQUBE_PROJECT - your SonarQube project name.
# SONARQUBE_ORG - your SonarQube organization name.
# SONARQUBE_TOKEN - your SonarQube access token.
# MOBB_API_TOKEN - your Mobb user API token.
# GITHUB_TOKEN - automatically set by GitHub.
#
name: "Mobb/Sonar"
on:
pull_request:
branches: [ "*" ]
jobs:
scan-and-fix:
name: Scan with SonarQube and fix with Mobb
runs-on: 'ubuntu-latest'
timeout-minutes: 360
permissions:
pull-requests: write
statuses: write
contents: read
actions: read
env:
BRANCH: ${{ github.head_ref || github.ref_name }}
steps:
- name: Setup Java on this machine
uses: actions/setup-java@v3
with:
distribution: "oracle"
java-version: "19"
- name: Setup Maven on this machine
uses: stCarolas/[email protected]
with:
maven-version: 3.8.6
- name: Setup Node on this machine
uses: actions/[email protected]
with:
node-version: 18
- name: Install pip requests
run: pip install requests
- name: Checkout repo to get code
uses: actions/checkout@v3
- name: Run SonarQube SAST scan
run: |
mvn clean verify sonar:sonar \
-Dsonar.host.url=${{ secrets.SONARQUBE_HOST_URL }} \
-Dsonar.projectKey=${{ secrets.SONARQUBE_PROJECT }} \
-Dsonar.token=${{ secrets.SONARQUBE_TOKEN }} \
-Dsonar.organization=${{ secrets.SONARQUBE_ORG }} \
-Dsonar.branch.name="$BRANCH" \
-Dsonar.qualitygate.wait=true \
-Dsonar.java.skipUnchanged=false
- name: Export SonarQube report
if: always()
run: |
SONARQUBE_HOST_URL=${{ secrets.SONARQUBE_HOST_URL }} \
SONARQUBE_PROJECT=${{ secrets.SONARQUBE_PROJECT }} \
SONARQUBE_TOKEN=${{ secrets.SONARQUBE_TOKEN }} \
SONARQUBE_ORG=${{ secrets.SONARQUBE_ORG }} \
BRANCH="$BRANCH" \
REPORT_PATH=report.json \
python .github/scripts/sonarqube_download_report.py
- name: Run Mobb on the findings and get fixes
if: always()
uses: mobb-dev/action/[email protected]
with:
report-file: "report.json"
api-key: ${{ secrets.MOBB_API_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
scanner: sonarqube