How to integrate SonarQube with GitHub Actions | SonarQube Integration with GitHub Actions| Automate Code Scan using SonarQube In GitHub Actions

 Please find steps for integrating SonarQube with GitHub Actions

Pre-requisites:

• Make sure SonarQube is up and running
• Make sure Java Project is setup in GitHub

How to integrate SonarQube with GitHub Actions:

We will be following below steps:

• Create Token in SonarQube to authenticate with GitHub Actions
• Add Sonar Token, SonarQube URL as Secrets in GitHub Actions
• Create GitHub Actions CICD workflow yaml
• Add tasks for Maven build and Sonar Scan
• Run the workflow in GitHub hosted runner(Ubuntu)
• Verify scan report in SonarQube

Create Token in SonarQube to authenticate with GitHub Actions

You need to login to SonarQube using your admin password and click on Admin on your top side.

Click on My Account, Security. 

Under Tokens, Give some value for token name and choose global analysis token, click on generate Tokens. Copy the token value generated.

Add Sonar Token and Sonar Host URLs as Secret in GitHub Actions

Go to your GitHub Repo --> Settings --> 

Click on Secrets and Variables under Security in left nav 

Click new Repository Secret

Add another variable for storing Sonar token

Create GitHub Actions CICD workflow yaml:

Go to GitHub repo where your Java project is, create a new file:

.github/workflows/cicd.yml

The below file have four steps(tasks) 

    - Checkout

    - Install Java on runner

    - Build using Maven

    - run Sonar Scan (this task need to have projectKey defined, otherwise build will fail)

Copy the content from below:

name: CI/CD workflow for Maven Build and Sonar Code scan
on:
  push:
    branches:
      - main
  workflow_dispatch:
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Set up JDK 11
      uses: actions/setup-java@v2
      with:
        distribution: 'adopt'
        java-version: '11'
    - name: Build with Maven
      run: mvn clean install -f MyWebApp/pom.xml
    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@v1
      with:
        projectBaseDir: .
        args: >
          -Dsonar.organization=my-org
          -Dsonar.projectKey=my-Java-web-app
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

Commit the file.

As soon as you commit, build will run immediately in GitHub Actions. 

Now you can see the output of build in Actions tab.

Now login to SonarQube to see the Scan report

Notes:

You can also refer the documentation below from below websites.

https://docs.sonarsource.com/sonarqube/latest/devops-platform-integration/github-integration/

https://github.com/marketplace/actions/official-sonarqube-scan

Watch steps in YouTube channel: 

How to configure Self-Hosted GitHub Actions Runner | How to install Self-Hosted GitHub Actions Runner | Configure EC2 instance as self-hosted runner in GitHub Actions

A self-hosted GitHub runner is a machine (physical or virtual) that you set up and manage to run GitHub Actions workflows. A self-hosted runner differs from the default GitHub-hosted runners in that it runs on infrastructure that you control. Self-hosted runners can be physical, virtual, in a container, on-premises, or in a cloud. To learn more about GitHub runner, please click here.

Advantages of self-hosted runners:

• full control over the environment and tools
• Any size machine or configuration
• Secure access and networking

Pre-requisites:

• Project configured in GitHub
• workflow yaml already checked-in GitHub. If you don't have one, click here to create one.
• Create a virtual machine with at least 2 GB RAM. we will use EC2 instance in AWS cloud.
• Install Maven on runner EC2 instance

How to create self-hosted GitHub Actions Runner?

Go to GitHub Repo--> Actions --> Runners

Click on self-hosted runners --> New Runner

Click on Linux

Perform update

sudo apt update

Install Maven in Runner EC2 as We will be doing Maven build for Java project

sudo apt install maven -y

Execute below commands in your virtual machine to configure runner.

Download installables

# Create a folder

mkdir actions-runner && cd actions-runner

# Download the latest runner package

 curl -o actions-runner-linux-x64-2.313.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.313.0/actions-runner-linux-x64-2.313.0.tar.gz

# Extract the installer

tar xzf ./actions-runner-linux-x64-2.313.0.tar.gz

Configure the runner

./config.sh --url https://github.com/akannan1087/myJan2024WeekdayRepo --token Token

Enter the name of the runner group to add this runner to: [press Enter for Default]

press enter default for the runner group

Enter name of the runner 

MyRunner1

Enter any additional labels

MyRunner1

Now run the runner

./run.sh

this confirms that runner is setup and running fine. waiting for the jobs.

you can also view in GitHub under Runners tab:

Create a workflow or modify your workflow to include GitHub runner:

name: Build a WAR file using Maven

on:

  push:

    branches: [ "main" ]

jobs:

  build:

    runs-on: self-hosted

    steps:

    - uses: actions/checkout@v3

    - name: Set up JDK 11
      uses: actions/setup-java@v2
      with:
        distribution: 'adopt'
        java-version: '11'
    - name: Build with Maven
      run: mvn clean install -f MyWebApp/pom.xml

Save the file and run the workflow.

Go to your virtual machine where build is running:

Watch steps in YouTube channel:

How to setup Jenkins on Ubuntu using Ansible Role | Setup Java, Jenkins, Maven on Ubuntu EC2 using Ansible Role

Here below are the Ansible Roles for installing Java, Jenkins, Maven on Ubuntu EC2 instance using Ansible. You need to install Java first (first link below) and then do the steps in the second link for installing Jenkins, third link for installing Maven.

Click here if you would like to create a new Ubuntu EC2 instance using Ansible Playbook.

You can watch this lab on YouTube:

Pre-requisites:
Setup Ansible on your EC2 instance.

Java 11 Playbook
https://www.coachdevops.com/2024/02/ansible-role-for-java-11-installation.html

Jenkins Playbook
https://www.coachdevops.com/2024/02/install-jenkins-using-ansible-role-on.html

Maven Playbook
https://www.coachdevops.com/2024/02/install-maven-using-ansible-role-on.html