sonarsource/sonarcloud-github-action
1
0
Fork 0
mirror of synced 2026-06-05 15:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

SCSCANGHA-25 Replace the Docker action by a composite action forwarding to the SonarQube action

Browse source
This commit is contained in:
Antonio Aversa 2024-10-31 18:40:29 +01:00
commit 48d9e10f8a
10 changed files with 76 additions and 188 deletions
Download patch file Download diff file Expand all files Collapse all files

133
.github/workflows/qa.yml vendored
View file

@ -11,7 +11,10 @@ jobs:
argsInputTest:
name: >
'args' input
runs-on: ubuntu-latest
strategy:
matrix:
os: [ ubuntu-latest, windows-latest, macos-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
@ -28,7 +31,10 @@ jobs:
projectBaseDirInputTest:
name: >
'projectBaseDir' input
runs-on: ubuntu-latest
strategy:
matrix:
os: [ ubuntu-latest, windows-latest, macos-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
@ -45,118 +51,51 @@ jobs:
- name: Assert
run: |
./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir"
sonarTokenRequiredTest:
scannerVersionTest:
name: >
'SONAR_TOKEN' env var required
runs-on: ubuntu-latest
'scannerVersion' input
runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run action without SONAR_TOKEN
- name: Run action with scannerVersion
uses: ./
with:
scannerVersion: 6.1.0.4477
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
continue-on-error: true
- name: Previous should have failed
if: ${{ steps.runTest.outcome == 'success'}}
env:
NO_CACHE: true # force install-sonar-scanner-cli.sh execution
SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
- name: Assert
run: |
echo "Expected previous step to fail"
exit 1
dontFailGradleTest:
./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.1.0.4477-linux-x64.zip"
scannerBinariesUrlTest:
name: >
Don't fail on Gradle project
runs-on: ubuntu-latest
'scannerBinariesUrl' input with invalid URL
runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run action on Gradle project
- name: Run action with scannerBinariesUrl
id: runTest
uses: ./
continue-on-error: true
with:
scannerVersion: 6.2.1.4610
scannerBinariesUrl: https://invalid_uri/Distribution/sonar-scanner-cli
env:
SONAR_TOKEN: FAKE_TOKEN
with:
projectBaseDir: ./test/gradle-project
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
- name: Assert
NO_CACHE: true # force install-sonar-scanner-cli.sh execution
SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
- name: Fail if action succeeded
if: steps.runTest.outcome == 'success'
run: exit 1
- name: Assert Sonar Scanner CLI was not downloaded
run: |
./test/assertFileExists ./output.properties
dontFailGradleKotlinTest:
name: >
Don't fail on Kotlin Gradle project
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run action on Kotlin Gradle project
id: runTest
uses: ./
continue-on-error: true
env:
SONAR_TOKEN: FAKE_TOKEN
with:
projectBaseDir: ./test/gradle-project-kotlin
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
- name: Assert
./test/assertFileDoesntExist "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.2.1.4610-linux-x64.zip"
- name: Assert Sonar Scanner CLI was not executed
run: |
./test/assertFileExists ./output.properties
dontFailMavenTest:
name: >
Don't fail on Maven project
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run action on Maven project
id: runTest
uses: ./
continue-on-error: true
env:
SONAR_TOKEN: FAKE_TOKEN
with:
projectBaseDir: ./test/maven-project
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
- name: Assert
run: |
./test/assertFileExists ./output.properties
runnerDebugUsedTest:
name: >
'RUNNER_DEBUG' is used
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run action with debug mode
uses: ./
with:
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
env:
RUNNER_DEBUG: 1
SONAR_TOKEN: FAKE_TOKEN
- name: Assert
run: |
./test/assertFileContains ./output.properties "sonar.verbose=true"
overrideSonarcloudUrlTest:
name: >
'SONARCLOUD_URL' is used
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run action with SONARCLOUD_URL
uses: ./
with:
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
env:
SONARCLOUD_URL: mirror.sonarcloud.io
SONAR_TOKEN: FAKE_TOKEN
- name: Assert
run: |
./test/assertFileContains ./output.properties "sonar.host.url=mirror.sonarcloud.io"
./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io"
./test/assertFileDoesntExist ./output.properties

32
Dockerfile
View file

@ -1,32 +0,0 @@
FROM sonarsource/sonar-scanner-cli:11.1
LABEL version="3.1.0" \
repository="https://github.com/sonarsource/sonarcloud-github-action" \
homepage="https://github.com/sonarsource/sonarcloud-github-action" \
maintainer="SonarSource" \
com.github.actions.name="SonarCloud Scan" \
com.github.actions.description="Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells in more than 25 programming languages." \
com.github.actions.icon="check" \
com.github.actions.color="green"
ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
ARG NODEJS_HOME=/opt/nodejs
ENV PATH=${PATH}:${SONAR_SCANNER_HOME}/bin:${NODEJS_HOME}/bin
# set up local envs in order to allow for special chars (non-asci) in filenames
ENV LC_ALL="C.UTF-8"
WORKDIR /opt
# GitHub actions should be run under ROOT
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#docker-container-filesystem
USER 0
# Prepare entrypoint
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
COPY cleanup.sh /cleanup.sh
RUN chmod +x /cleanup.sh
ENTRYPOINT ["/entrypoint.sh"]

11
README.md
View file

@ -81,6 +81,14 @@ In case you need to add additional analysis parameters, you can use the `args` o
More information about possible analysis parameters is found in the documentation at:
https://docs.sonarcloud.io/advanced-setup/analysis-parameters
In case you need to specify the version of the Sonar Scanner, you can use the `scannerVersion` option:
```yaml
uses: sonarsource/sonarcloud-github-action@<action version> # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
with:
scannerVersion: 6.2.0.4584
```
See also example configurations at:
https://github.com/sonarsource/sonarcloud-github-action-samples/
@ -114,7 +122,6 @@ Want to see more examples of SonarCloud in action? You can [explore current Open
* Your code is built with Gradle: use the SonarQube plugin for Gradle during the build
* You want to analyze a .NET solution: Follow our interactive tutorial for GitHub Actions after importing your project directly into SonarCloud
* You want to analyze C and C++ code: rely on our [SonarCloud Scan for C and C++](https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c) and look at [our sample C and C++ project](https://github.com/sonarsource-cfamily-examples?q=gh-actions-sc&type=all&language=&sort=)
* You want to analyze Dart code: use [SonarScanner CLI](https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-cli/) during the build
## Have questions or feedback?
@ -122,6 +129,4 @@ To provide feedback (requesting a feature or reporting a bug) please post on the
## License
The Dockerfile and associated scripts and documentation in this project are released under the LGPLv3 License.
Container images built with this project include third-party materials.

36
action.yml
View file

@ -1,20 +1,38 @@
name: SonarCloud Scan
description: >
Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells
in 26+ programming languages.
Scan your code with SonarQube Cloud to detect coding issues in 30+
languages, frameworks, and IaC platforms.
The solution also provides fix recommendations leveraging AI with
Sonar's AI CodeFix capability. (Formerly SonarCloud)
branding:
icon: check
color: green
runs:
using: docker
image: Dockerfile
entrypoint: "/entrypoint.sh"
post-entrypoint: "/cleanup.sh"
inputs:
args:
description: Additional arguments to the sonarcloud scanner
description: Additional arguments to the Sonar Scanner CLI
required: false
projectBaseDir:
description: Set the sonar.projectBaseDir analysis property
required: false
default: .
scannerVersion:
description: Version of the Sonar Scanner CLI to use
required: false
default: 6.2.1.4610
scannerBinariesUrl:
description: URL to download the Sonar Scanner CLI binaries from
required: false
default: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
runs:
using: "composite"
steps:
- name: Deprecation warning
shell: bash
run: |
echo "::warning title=SonarScanner::This action is deprecated and will be removed in a future release. Please use the sonarqube-scan-action action instead. The sonarqube-scan-action is a drop-in replacement for this action."
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v4.1.0
with:
args: ${{ inputs.args }}
projectBaseDir: ${{ inputs.projectBaseDir }}
scannerVersion: ${{ inputs.scannerVersion }}
scannerBinariesUrl: ${{ inputs.scannerBinariesUrl }}

14
cleanup.sh
View file

@ -1,14 +0,0 @@
#!/bin/bash
set -e
if [ ! -d "${INPUT_PROJECTBASEDIR}/.scannerwork" ]; then
echo ".scannerwork directory not found; nothing to clean up."
exit
fi
_tmp_file=$(ls "${INPUT_PROJECTBASEDIR}/" | head -1)
PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR}/$_tmp_file")
chown -R "$PERM" "${INPUT_PROJECTBASEDIR}/.scannerwork/"

34
entrypoint.sh
View file

@ -1,34 +0,0 @@
#!/bin/bash
set -eo pipefail
declare -a args=()
if [[ -z "${SONAR_TOKEN}" ]]; then
echo "Set the SONAR_TOKEN env variable."
exit 1
fi
if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
echo "WARNING! Maven project detected. Sonar recommends running the 'org.sonarsource.scanner.maven:sonar-maven-plugin:sonar' goal during the build process instead of using this GitHub Action
to get more accurate results."
fi
if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" || -f "${INPUT_PROJECTBASEDIR%/}/build.gradle.kts" ]]; then
echo "WARNING! Gradle project detected. Sonar recommends using the SonarQube plugin for Gradle during the build process instead of using this GitHub Action
to get more accurate results."
fi
if [[ ${SONARCLOUD_URL} ]]; then
args+=("-Dsonar.scanner.sonarcloudUrl=${SONARCLOUD_URL}")
fi
if [[ "$RUNNER_DEBUG" == '1' ]]; then
args+=("--debug")
fi
unset JAVA_HOME
args+=("-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR}")
sonar-scanner "${args[@]}" ${INPUT_ARGS}

8
test/assertFileDoesntExist Executable file
View file

@ -0,0 +1,8 @@
#!/bin/bash
error() { echo -e "\\e[31m✗ $*\\e[0m"; }
if [ -f $1 ]; then
error "File '$1' found"
exit 1
fi

0
test/gradle-project-kotlin/build.gradle.kts
View file

1
test/gradle-project/build.gradle
View file

@ -1 +0,0 @@

1
test/maven-project/pom.xml
View file

@ -1 +0,0 @@