Automate Static Code Quality Analysis in SonarQube Cloud from GitHub Actions:
- Login to https://sonarcloud.io/ and then click on login.
Depending on your SCM tool, We will use GitHub. So please click on it.
Enter GitHub credentials to setup your account in SonarCloud. Click Authorize SonarQube Cloud.
Go to SonarCloud → My Account → Organizations → Create/Select organization
Choose “Import from GitHub” (or connect GitHub) and Install the SonarCloud GitHub App
Start analyzing a project:
Check any one of the options to confirm what is new code:
Select with other CI tools
Select Maven, note organization key, project key and token.
Pre-requisites in GitHub Actions:
Sonar URL should be https://sonarcloud.io/GitHub Actions CICD Workflw code for running scan in SonarCloud
name: Implement static code analysis for a Java App using SonarQube from GitHub Actions
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: '11'
- name: Build with Maven
run: mvn clean install -f MyWebApp/pom.xml
- name: Run SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
with:
projectBaseDir: .
args: >
-Dsonar.organization=akannan1087
-Dsonar.projectKey=akannan1087_my-javawebapp-repo
-Dsonar.java.binaries=**/target/classes
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
Now login to SonarCloud under --> https://sonarcloud.io/projects
Watch steps in YouTube channel:
No comments:
Post a Comment