GitHub Action
Sonar Fork Analysis
The goal of this action is to open up the possibility of Sonar scanning external forks of your project.
Add this action to your build workflow.
name: 'Build'
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: 'Build project'
runs-on: ubuntu-latest
steps:
...
- name: 'Build'
run: ./mvnw -B install # Be sure to invoke the install goal!
- name: 'Prepare Sonar analysis'
uses: evaristegalois11/sonar-fork-analysis@v1
Create a new workflow triggered by the conclusion of the previous one and add this action to it.
name: 'Sonar'
on:
workflow_run:
workflows: [ Build ]
types:
- completed
jobs:
sonar:
name: 'Sonar analysis'
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions:
actions: read # Required to download artifacts
steps:
- name: 'Sonar analysis'
uses: evaristegalois11/sonar-fork-analysis@v1
with:
distribution: your-java-distribution
java-version: your-java-version
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
project-key: your-project-key
The first workflow will gather all the necessary files and upload them as an artifact. The second one will use the produced artifact to kick off the Sonar analysis.
-
java-version
:The Java version to set up. Takes a whole or semver Java version. See examples of supported syntax in actions/setup-java README file. -
distribution
:The Java distribution. See the list of supported distributions in actions/setup-java README file. -
github-token
:The GitHub token used to authenticate with the GitHub API. -
sonar-token
:The Sonar token used to authenticate with the Sonar API. -
project-key
:The project's unique key assigned by Sonar.