Please find steps for integrating SonarQube with GitHub Actions
How to integrate SonarQube with GitHub Actions:
We will be following below steps:
- Create Token in SonarQube to authenticate with GitHub Actions
- Add Sonar Token, SonarQube URL as Secrets in GitHub Actions
- Create GitHub Actions CICD workflow yaml
- Add tasks for Maven build and Sonar Scan
- Run the workflow in GitHub hosted runner(Ubuntu)
- Verify scan report in SonarQube
Create Token in SonarQube to authenticate with GitHub Actions
You need to login to SonarQube using your admin password and click on Admin on your top side.
Click on My Account, Security.
Under Tokens, Give some value for token name and choose global analysis token, click on generate Tokens. Copy the token value generated.
Add Sonar Token and Sonar Host URLs as Secret in GitHub Actions
Go to your GitHub Repo --> Settings -->
Click on Secrets and Variables under Security in left nav
Click new Repository Secret
Add another variable for storing Sonar token
Add another variable for storing Sonar token
Create GitHub Actions CICD workflow yaml:
Go to GitHub repo where your Java project is, create a new file:
.github/workflows/cicd.yml
The below file have four steps(tasks)
- Checkout
- Install Java on runner
- Build using Maven
- run Sonar Scan (this task need to have projectKey defined, otherwise build will fail)
Copy the content from below:
name: CI/CD workflow for Maven Build and Sonar Code scan
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: '11'
- name: Build with Maven
run: mvn clean install -f MyWebApp/pom.xml
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@v1
with:
projectBaseDir: .
args: >
-Dsonar.organization=my-org
-Dsonar.projectKey=my-Java-web-app
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: '11'
- name: Build with Maven
run: mvn clean install -f MyWebApp/pom.xml
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@v1
with:
projectBaseDir: .
args: >
-Dsonar.organization=my-org
-Dsonar.projectKey=my-Java-web-app
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
Commit the file.
As soon as you commit, build will run immediately in GitHub Actions.
Now you can see the output of build in Actions tab.
Now login to SonarQube to see the Scan report
Notes:
You can also refer the documentation below from below websites.
Watch steps in YouTube channel:
No comments:
Post a Comment