The goal of this action is to open up the possibility of Sonar scanning external forks of your project.
Add this action to your build workflow.
name: 'Build'
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: 'Build project'
runs-on: ubuntu-latest
steps:
...
- name: 'Build'
run: ./mvnw -B install # Be sure to invoke the install goal!
- name: 'Prepare Sonar analysis'
uses: evaristegalois11/sonar-fork-analysis@v1
Create a new workflow triggered by the conclusion of the previous one and add this action to it.
name: 'Sonar'
on:
workflow_run:
workflows: [ Build ]
types:
- completed
jobs:
sonar:
name: 'Sonar analysis'
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions:
actions: read # Required to download artifacts
steps:
- name: 'Sonar analysis'
uses: evaristegalois11/sonar-fork-analysis@v1
with:
distribution: your-java-distribution
java-version: your-java-version
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
project-key: your-project-key
The first workflow will gather all the necessary files and upload them as an artifact. The second one will use the produced artifact to kick off the Sonar analysis.
-
java-version
:The Java version to set up. Takes a whole or semver Java version. See examples of supported syntax in actions/setup-java README file. -
distribution
:The Java distribution. See the list of supported distributions in actions/setup-java README file. -
github-token
:The GitHub token used to authenticate with the GitHub API. -
sonar-token
:The Sonar token used to authenticate with the Sonar API. -
project-key
:The project's unique key assigned by Sonar.