Sonar-Scanner action
ActionsTags
(1)An action that runs sonar-scanner in a docker-container and retrieves the quality gate status, if needed. In the latter case if the quality gate fails the action fails as well.
A workflow example:
# ...
jobs:
# ...
sonar-scanner-job:
# ...
steps:
# ...
- name: Run sonar-scanner
uses: LowCostCustoms/[email protected]
with:
image: sonarsource/sonar-scanner-cli:4.4
wait-for-quality-gate: 'true'
quality-gate-wait-timeout: 2m
sonar-host-url: https://sonar-host.local.domain
sonar-host-cert: ${{ secrets.sonar-host-public-cert }}
project-file-location: sonar-project.properties
sources-mount-point: '/app'
log-level: 'info'
tls-skip-verify: 'false'
sources-location: ${{ github.workspace }}
sonar-login: 'login'
sonar-password: 'password'
# ...
Minimal configuration:
# ...
jobs:
# ...
sonar-scanner-job:
# ...
steps:
# ...
- name: Run sonar-scanner
uses: LowCostCustoms/[email protected]
with:
project-file-location: sonar-project.properties
# ...
Default value: "sonarsource/sonar-scanner-cli:latest"
The name and tag of the docker image containing the sonar-scanner-cli tool.
Default value: "true"
If set to the "true" the quality gate staus will be polled after analysis is
finished. If the corresponding analysis task doesn't finish within a time
interval specified by the quality-gate-wait-timeout
input or finishes with
a failure the action run is considered failed. To disable this behavior set
the value of this input to the "false".
Default value: "2m"
The maximum amount of time after which a non-finished analysis task is considered failed. The value must be a positive integer followed by one of the prefixes "s", "m" or "h" (meaning seconds, minutes and hours respectively), for example "20s" or "1h".
Default value: ""
The url where the SonarQube server is located.
Default value: ""
The PEM-encoded sonar-host certificate, if any.
Default value: ""
The path to the sonar-scanner project file, relative to the sources-location
.
Should be a relative path.
Default value: "/app"
The mountpoint where the application sources specified by the sources-location
are mounted in the sonar-scanner docker container.
Default value: the current github workspace path
The place where the project sources are located. Should be an absolute path.
Default value: "false"
If set to the "true", sonar host certificate validation will be skipped. It's not recommended to use this option, however it's still here for some reasons...
Default value: ""
Either the login of a SonarQube account that has permissions to run analysis and retrieve analysis task results or an authentication token associated with a such account.
Default value: ""
Along with the sonar-login
defines the sonar host authentication credentials.
Default value: "info"
Determines the action output verbosity level. Should be one of "error", "warning", "info" or "debug".
The file specified by the project-file-location
, if any, should be located
within the sources-location
directory.
Not sure if authentication works but lets pretend it does.
Sonar-Scanner action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.