Skip to content

Integrate Sonarqube in Github actions

Learn how can we integrate SonarQube in GitHub actions and make our code more reliable and free of vulnerabilities.

Overview

SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution , SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects.

This document outlines the steps to integrate SonarQube with Github Actions, allowing you to automate code analysis and quality checks for your repository.

Prerequisites

Before you begin, make sure you have the following:

A Github account.
A SonarQube account or an instance of SonarQube running on your local machine or on a remote server.
Access to the repository you want to integrate SonarQube with.
A GitHub App.
GitHub App Permissions.

Steps To Follow

Setup SonarQube

  1. Navigate to SonarQube in your web browser.

  2. Log in to SonarQube with the admin credentials.

  3. Click on Administrator icon → My Account→ Security → Generate to generate a token for your project. Note down/save this token as it will be needed later(provide details according to your need like token type and Expires in).

  4. Create a new project in SonarQube by following below steps:

  5. -> Click the “Create project” button on the SonarQube dashboard.

  6. -> Select GitHub or Manual.

  7. -> If you want to create a new project click on the “Create project” button on the SonarQube dashboard then provide “Project display name” and “Project key” then click “Setup” button.

  8. ->You will get a YML file and sonar.projectKey based on your project. Copy this file because we need it later.

Add SonarQube Token And URL Into GitHub Secrets

  1. Navigate to your repository in Github and click the “Settings” tab.
  2. Click “Secrets” in the sidebar.
  3. Click “New secret” and enter SONAR_TOKEN as the name.
  4. Enter the token generated for your SonarQube project
  5. Create one more secret for SONAR_HOST_URL as the name and Enter the URL for your sonarqube dashboard as the value.
  6. Click “Add secret” to save.

Configure Github Actions

  1. Navigate to your repository in Github and click the “Actions” tab.
  2. Click the “New workflow” button and select “Set up a workflow yourself”.
  3. Give your workflow a name and create a new YAML file.
  4. Paste the yml file as we copied before..
  5. Paste the “sonar-project.properties” file.
name: SonarQube Integration
  sonarqube:
    name: SonarQube Integration
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting
        fetch-depth: 0
    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@master
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} //Sonar Token generated 
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} example URL (https://sq.bswlog.co.in/)

Conclusion

That’s it! Github Actions will now run a SonarQube analysis on every push to the main branch. You can view the results of the analysis in SonarQube by navigating to the project dashboard.

Comments