Monday, February 26, 2024

How to integrate SonarQube with GitHub Actions | SonarQube Integration with GitHub Actions| Automate Code Scan using SonarQube In GitHub Actions

 Please find steps for integrating SonarQube with GitHub Actions


How to integrate SonarQube with GitHub Actions:
We will be following below steps:
  • Create Token in SonarQube to authenticate with GitHub Actions
  • Add Sonar Token, SonarQube URL as Secrets in GitHub Actions
  • Create GitHub Actions CICD workflow yaml
  • Add tasks for Maven build and Sonar Scan
  • Run the workflow in GitHub hosted runner(Ubuntu)
  • Verify scan report in SonarQube

Create Token in SonarQube to authenticate with GitHub Actions
You need to login to SonarQube using your admin password and click on Admin on your top side.
Click on My Account, Security. 
Under Tokens, Give some value for token name and choose global analysis token, click on generate Tokens. Copy the token value generated.

Add Sonar Token and Sonar Host URLs as Secret in GitHub Actions
Go to your GitHub Repo --> Settings --> 

Click on Secrets and Variables under Security in left nav 
Click new Repository Secret

Add another variable for storing Sonar token

Create GitHub Actions CICD workflow yaml:

Go to GitHub repo where your Java project is, create a new file:


The below file have four steps(tasks) 
    - Checkout
    - Install Java on runner
    - Build using Maven
    - run Sonar Scan (this task need to have projectKey defined, otherwise build will fail)

Copy the content from below:

name: CI/CD workflow for Maven Build and Sonar Code scan
      - main
    runs-on: ubuntu-latest
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Set up JDK 11
      uses: actions/setup-java@v2
        distribution: 'adopt'
        java-version: '11'
    - name: Build with Maven
      run: mvn clean install -f MyWebApp/pom.xml
    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@v1
        projectBaseDir: .
        args: >
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

Commit the file.

As soon as you commit, build will run immediately in GitHub Actions. 
Now you can see the output of build in Actions tab.

Now login to SonarQube to see the Scan report

You can also refer the documentation below from below websites.

Watch steps in YouTube channel: 

How to configure Self-Hosted GitHub Actions Runner | How to install Self-Hosted GitHub Actions Runner | Configure EC2 instance as self-hosted runner in GitHub Actions

A self-hosted GitHub runner is a machine (physical or virtual) that you set up and manage to run GitHub Actions workflows. A self-hosted runner differs from the default GitHub-hosted runners in that it runs on infrastructure that you control. Self-hosted runners can be physical, virtual, in a container, on-premises, or in a cloud. To learn more about GitHub runner, please click here.

    Advantages of self-hosted runners:

    • full control over the environment and tools
    • Any size machine or configuration
    • Secure access and networking


    • Project configured in GitHub
    • workflow yaml already checked-in GitHub. If you don't have one, click here to create one.
    • Create a virtual machine with at least 2 GB RAM. we will use EC2 instance in AWS cloud.
    • Install Maven on runner EC2 instance

    How to create self-hosted GitHub Actions Runner?

    Go to GitHub Repo--> Actions --> Runners

    Click on self-hosted runners --> New Runner

    Click on Linux

    Perform update
    sudo apt update

    Install Maven in Runner EC2 as We will be doing Maven build for Java project

    sudo apt install maven -y

    Execute below commands in your virtual machine to configure runner.

    Download installables

    # Create a folder

    mkdir actions-runner && cd actions-runner

    # Download the latest runner package

     curl -o actions-runner-linux-x64-2.313.0.tar.gz -L

    # Extract the installer

    tar xzf ./actions-runner-linux-x64-2.313.0.tar.gz

    Configure the runner

    ./ --url --token Token

    Enter the name of the runner group to add this runner to: [press Enter for Default]

    press enter default for the runner group

    Enter name of the runner 


    Enter any additional labels


    Now run the runner


    this confirms that runner is setup and running fine. waiting for the jobs.

    you can also view in GitHub under Runners tab:

    Create a workflow or modify your workflow to include GitHub runner:

    name: Build a WAR file using Maven



        branches: [ "main" ]



        runs-on: self-hosted


        - uses: actions/checkout@v3

        - name: Set up JDK 11
          uses: actions/setup-java@v2
            distribution: 'adopt'
            java-version: '11'
        - name: Build with Maven
          run: mvn clean install -f MyWebApp/pom.xml

    Save the file and run the workflow.

    Go to your virtual machine where build is running:

    Watch steps in YouTube channel:

    Saturday, February 10, 2024

    How to setup Jenkins on Ubuntu using Ansible Role | Setup Java, Jenkins, Maven on Ubuntu EC2 using Ansible Role

    Here below are the Ansible Roles for installing Java, Jenkins, Maven on Ubuntu EC2 instance using Ansible. You need to install Java first (first link below) and then do the steps in the second link for installing Jenkins, third link for installing Maven.

    Click here if you would like to create a new Ubuntu EC2 instance using Ansible Playbook.

    You can watch this lab on YouTube: