Skip to content

SonarQube Scan CLI + GitHub Action without a need of a dedicated hosted SonarQube Server

License

Notifications You must be signed in to change notification settings

gitricko/sonarless

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Test Codacy GitHub License GitHub Release GitHub commits since latest release

Sonarless v1.2

This developer-friendly CLI and GitHub Action enable SonarQube scanning for your repository without the need for a dedicated hosted SonarQube server. It starts a SonarQube Docker instance, allowing developers to scan code, check results, and generate a JSON metrics file for automation. This ensures you can easily assess and maintain the quality of your code.

What's new

Please refer to the release page for the latest release notes.

Use Sonarless in your Local Dev

To install CLI, paste and run the following in a terminal:

curl -s "https://raw.githubusercontent.com/gitricko/sonarless/main/install.sh" | bash

                                               _ 
               ___   ___   _ __    __ _  _ __ | |  ___  ___  ___ 
              / __| / _ \ | "_ \  / _` || "__|| | / _ \/ __|/ __| 
              \__ \| (_) || | | || (_| || |   | ||  __/\__ \\__ \ 
              |___/ \___/ |_| |_| \__,_||_|   |_| \___||___/|___/ 


                                                                        Now attempting installation...

Looking for a previous installation of SONARLESS...
Looking for docker...
Looking for jq...
Looking for sed...
Installing Sonarless helper scripts...
* Downloading...

######################################################################## 100.0%

Please open a new terminal, or run the following in the existing one:

    alias sonarless='/home/runner/.sonarless/makefile.sh' 

Then issue the following command:

    sonarless help

Enjoy!!!

To understand CLI sub-commands, just run sonarless help

Usually, you only need to know 2 sub-commands

  • sonarless scan: to start scanning your code in the current directory will be uploaded for scanning. When the scan is done, just login webui into your local personal instance of sonarqube via http://localhost:9234 to get details from SonarQube. The default password for admin is sonarless

  • sonarless results: to generate sonar-metrics.json metrics file in your current directory

To clean up your sonar instance, just run sonarless docker-clean. SonarQube docker instance will be stop and all images removed.

This CLI works perfectly with Github CodeSpace

GitHub Action Usage

- uses: gitricko/[email protected]
  with:
    # Folder path to scan from git-root
    # Default: . 
    sonar-source-path: ''

    # Path to SonarQube metrics json from git-root
    # Default: ./sonar-metrics.json 
    sonar-metrics-path: ''

    # SonarQube Project Name
    # Default: ${{ github.event.repository.name }}
    sonar-project-name: ''

    # SonarQube Project Key
    # Default: ${{ github.event.repository.name }}
    sonar-project-key: ''

Scenarios

Sonar scan all files from git root directory

jobs:
  Sonarless-Scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/[email protected]

Scan particular folder from git root directory

jobs:
  Sonarless-Scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/[email protected]
        with:
          sonar-source-path: 'src'

Scan code and fail build if metrics is below expectation

jobs:
  Sonarless-Scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/[email protected]
        with:
          sonar-source-path: 'src'
          sonar-metrics-path: './sonar-mymetrics.json'

      - name: Check Sonar Metrics - No Vulnerabilities
        run: |
          echo "Checking for any vulnerabilities in Sonar Metrics JSON"
          VULN=$(cat ./sonar-mymetrics.json | jq -r '.component.measures[] | select(.metric == "vulnerabilities").value')
          echo "# of vulnerabilities = ${VULN}"
          [ ${VULN} -eq "0" ]

Options to change local sonarqube server port

Just in case your local machine/GHA container need to use the default port of 9234

jobs:
  Sonarless-Scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Sonarless Scan
        uses: gitricko/[email protected]
        with:
          sonar-instance-port: '1234'

Coffee

If you find this small helper script and action helpful, buy me a sip of coffee here to show your appreciation (only if you want to)

About

SonarQube Scan CLI + GitHub Action without a need of a dedicated hosted SonarQube Server

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages