Integrate SonarQube with Github action to automate the code analysis. Detect bugs, vulnerabilities, code smells and get code coverage on each pull request or push.
- Setup SonarQube server.
Required The URL of the SonarQube server.
Required The token generated for SonarQube project. See how to generate SonarQube token.
Note: Please make sure you added SONARQUBE_HOST and SONARQUBE_TOKEN in your github project secrets.
name: SonarQube
on:
push:
branches: [ master ]
jobs:
run-sonarqube:
runs-on: ubuntu-latest
steps:
- name: SonarQube Scan
uses: monstar-lab-oss/[email protected]
with:
url: ${{ secrets.SONARQUBE_HOST }}
token: ${{ secrets.SONARQUBE_TOKEN }}You can have other sonar scanner analysis parameters in configuration file named 'sonar-project.properties' inside root directory of your project repo.
Example : sonar-project.properties
sonar.language=php
sonar.php.tests.reportPath=tests/report/junit.xml
sonar.php.coverage.reportPaths=tests/report/coverage.xml
sonar.projectKey=example-project
sonar.projectName=example-project
sonar.sources=./app
sonar.sourceEncoding=UTF-8Note: Please make sure your run the unit tests before running the sonar scanner to generate the code coverage report.