Automate Static Code Quality Analysis in SonarCloud from GitHub Actions:
- Login to https://sonarcloud.io/ and then click on login.
Depending on your SCM tool, please click on it.
Enter GitHub credentials to setup your account in SonarCloud.
click confirm to grant access to SonarCloud.
Login to GitHub--> Settings--> Integration
This confirms that SonarCloud is integrated with GitHub successfully.
After login, click on Admin on your top side. You need to login to SonarCloud using your credentials. Go to https://sonarcloud.io/account
Under Tokens, Give some value for token name and choose Global analysis token, click on generate Tokens. Copy the token value generated.
note down org key as well under My Organization:
Pre-requisites in GitHub Actions:
GitHub Actions CICD Workflw code for running scan in SonarCloud
name: implement a CICD workflow for a Java WebApp using GitHub Actions and Maven
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: '11'
- name: Build with Maven
run: mvn clean install -f MyWebApp/pom.xml
- name: Run SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
with:
projectBaseDir: .
args: >
-Dsonar.organization=akannan1087
-Dsonar.projectKey=akannan1087_my-javawebapp-repo
-Dsonar.java.binaries=**/target/classes
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
Now login to SonarCloud under --> https://sonarcloud.io/projects
No comments:
Post a Comment