/sonar-fork-analysis

A GitHub Action for Sonar scanning external forks

MIT LicenseMIT

Sonar Fork Analysis

The goal of this action is to open up the possibility of Sonar scanning external forks of your project.

Usage

Add this action to your build workflow.

name: 'Build'
on:
  push:
    branches:
      - master
  pull_request:
    types: [opened, synchronize, reopened]
jobs:
  build:
    name: 'Build project'
    runs-on: ubuntu-latest
    steps:
      
      ...

      - name: 'Build'
        run: ./mvnw -B install # Be sure to invoke the install goal!

      - name: 'Prepare Sonar analysis'
        uses: evaristegalois11/sonar-fork-analysis@v1

Create a new workflow triggered by the conclusion of the previous one and add this action to it.

name: 'Sonar'
on:
  workflow_run:
    workflows: [ Build ]
    types:
      - completed
jobs:
  sonar:
    name: 'Sonar analysis'
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    permissions:
      actions: read # Required to download artifacts
    steps:
      - name: 'Sonar analysis'
        uses: evaristegalois11/sonar-fork-analysis@v1
        with:
          distribution: your-java-distribution
          java-version: your-java-version
          github-token: ${{ secrets.GITHUB_TOKEN }}
          sonar-token: ${{ secrets.SONAR_TOKEN }}
          project-key: your-project-key

The first workflow will gather all the necessary files and upload them as an artifact. The second one will use the produced artifact to kick off the Sonar analysis.

Parameters

  • java-version:The Java version to set up. Takes a whole or semver Java version. See examples of supported syntax in actions/setup-java README file.

  • distribution:The Java distribution. See the list of supported distributions in actions/setup-java README file.

  • github-token:The GitHub token used to authenticate with the GitHub API.

  • sonar-token:The Sonar token used to authenticate with the Sonar API.

  • project-key:The project's unique key assigned by Sonar.

Useful resources