Skip to content

Github Integration

Documents the following: * Adding Projects to SonarQube * Adding SonarQube tasks to Github Actions * Adding PR Decorations from SonarQube

Add Projects to SonarQube

Projects will need to be manually added to SonarQube from the UI.

From the homepage, click on the "Add project" button located at the top-right corner of the Projects homepage, then choose "GitHub" from the dropdown menu. Follow the instructions from there.

The repository must have the following permissions: | Permission | Access | |---------------------------|----------------| | Checks | Read & write | | GitHub Enterprise | Read-only | | GitHub.com | Read-only | | Pull Requests | Read & write | | Commit statuses | Read-only | | Contents | Read-only |

Setting Up Analysis

Steps - Create GitHub Secrets - Configure the workflow YAML file - Commit and push code to start the analysis

SONAR_TOKEN

Since there is currently not an available service connection for SonarQube on Github due to platform limitations - you will need to generate a Project Analysis Token for SONAR_TOKEN.

You can generate new tokens at User > My Account > Security. The user generating this token must have Global Execute Analysis permission or Execute Analysis permission on the token's associated project.

sonar-project.properties

 sonar-project.properties ``` sonar.projectKey= # relative paths to source directories. sonar.sources=. 
</details>

#### Adding `.NET` Analysis
<details>
  <summary>&nbsp;build.yml</summary>
name: Build on: push: branches: - main # the name of your main branch pull_request: types: [opened, synchronize, reopened] jobs: build: name: Build runs-on: windows-latest steps: - name: Set up JDK 11 uses: actions/setup-java@v1 with: java-version: 1.11 - uses: actions/checkout@v2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Cache SonarQube packages uses: actions/cache@v1 with: path: ~\.sonar\cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache SonarQube scanner id: cache-sonar-scanner uses: actions/cache@v1 with: path: .\.sonar\scanner key: ${{ runner.os }}-sonar-scanner restore-keys: ${{ runner.os }}-sonar-scanner - name: Install SonarQube scanner if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' shell: powershell run: | New-Item -Path .\.sonar\scanner -ItemType Directory dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner - name: Build and analyze shell: powershell run: | .\.sonar\scanner\dotnet-sonarscanner begin /k:"example" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}" dotnet build .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" 

</details>

#### Adding `Gradle` Analysis
<details>
  <summary>&nbsp;build.gradle</summary>

  ```
  plugins {
  id "org.sonarqube" version "3.5.0.2730"
  }
  ```

</details>
<details>
  <summary>&nbsp;build.yml</summary>
name: Build on: push: branches: - main # the name of your main branch pull_request: types: [opened, synchronize, reopened] jobs: build: name: Build runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Set up JDK 11 uses: actions/setup-java@v1 with: java-version: 11 - name: Cache SonarQube packages uses: actions/cache@v1 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache Gradle packages uses: actions/cache@v1 with: path: ~/.gradle/caches key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} restore-keys: ${{ runner.os }}-gradle - name: Build and analyze env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} run: ./gradlew build sonar --info 

</details>

#### Adding `Maven` Analysis
<details>
  <summary>&nbsp;build.yml</summary>
name: Build on: push: branches: - main # the name of your main branch pull_request: types: [opened, synchronize, reopened] jobs: build: name: Build runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Set up JDK 11 uses: actions/setup-java@v1 with: java-version: 11 - name: Cache SonarQube packages uses: actions/cache@v1 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache Maven packages uses: actions/cache@v1 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 - name: Build and analyze env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar 

</details>

#### Adding `C/C++/Obj-C` Analysis
<details>
  <summary>&nbsp;build.yml</summary>
name: Build on: push: branches: - master pull_request: types: [opened, synchronize, reopened] name: Main Workflow jobs: sonarqube: runs-on: ubuntu-latest env: BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed steps: - uses: actions/checkout@v4 with: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 - name: Install sonar-scanner and build-wrapper uses: sonarsource/sonarqube-github-c-cpp@v1 env: SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }} - name: Run build-wrapper run: | #here goes your compilation wrapped with build-wrapper; See https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/languages/c-family/#using-build-wrapper for more information # build-preparation steps # build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} build-command - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} run: sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" #Consult https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options ```

PR Decoration

If the project was added manually and not through the integration prompts then PR decoration will need to be enabled in the project settings. Project Settings -> General Settings -> Pull Request Decoration