From e4b74734c45d79094e4b16c47a47fc57bc012930 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Trigo=20Soares?= Date: Thu, 11 Jul 2024 10:32:43 +0100 Subject: [PATCH] update README with more specific details and examples --- README.md | 45 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 0e365f1..4f7af14 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,16 @@ This GitHub Action installs the SonarQube scanner along with Java in a platform-agnostic way. It's designed to help seamlessly integrate SonarQube's static code analysis tools into your CI/CD pipeline. +Use this scanner if you are **not** using one of the following techs: + +- Gradle (with Java, C++ or JavaScript): use the [SonarQube Scanner for Gradle](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-gradle/). +- Maven (with Java, C# or others): use the [SonarQube Scanner for Maven](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/). +- Ant (for Java): use the [SonarQube Scanner for Ant](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-ant/). +- Python: use the [SonarQube Scanner for Python](https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/scanners/sonarscanner-for-python/). +- .NET: use the [SonarQube Scanner for MSBuild](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/). + +This should cover all other cases. Check the specifics of your language/tech in the [Languages section](https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/languages/overview/) of the SonarQube documentation. + ## Why? Well, the default sonarqube action ([sonarsource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action)) @@ -18,8 +28,6 @@ in itself, but: Is it perfect? Not really. Now you will have to issue the sonar-scanner command yourself, which is a bit of a hassle. - - ## Author - NOS Inovação @@ -32,6 +40,8 @@ Is it perfect? Not really. Now you will have to issue the sonar-scanner command | `javaDistribution`| The distribution of Java to be used | No | `temurin` | | `javaVersion` | The version of Java to be used | No | `21` | +You can check if there's a new version of the scanner [here](https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/scanners/sonarscanner/). + ## Usage To use this action in your workflow, add the following step to your GitHub Actions configuration file (.yml): @@ -57,21 +67,36 @@ jobs: Then you can use the SonarQube scanner in your workflow by running `sonar-scanner` in your project's root directory. +The following example is for a Golang project, you must adapt it to your project and language. + ```yaml - - name: Run SonarQube Scanner begin - run: sonar-scanner begin -Dsonar.host.url=${{ secrets.SONARQUBE_URL }} -Dsonar.token=${{ secrets.SONARQUBE_TOKEN }} # etc… - - name: build - run: #run your build and tests and whatnot - - name: Run SonarQube Scanner end and upload results - run: sonar-scanner end + - name: Create sonar-project.properties file + run: | + touch sonar-project.properties + echo "sonar.projectKey=your-project-key" >> sonar-project.properties + echo "sonar.host.url=${{ secrets.SONARQUBE_URL }}" >> sonar-project.properties + echo "sonar.login=${{ secrets.SONARQUBE_TOKEN }}" >> sonar-project.properties + # point this to your sources folder + # this is a Golang example + echo "sonar.sources=." >> sonar-project.properties + echo "sonar.exclusions=**/*_test.go" >> sonar-project.properties + echo "sonar.tests=." >> sonar-project.properties + echo "sonar.test.inclusions=**/*_test.go" >> sonar-project.properties + + - name: Run SonarQube Scanner + run: sonar-scanner ``` +For test coverage, please refer to the [SonarQube documentation on test coverage](https://docs.sonarsource.com/sonarqube/9.9/analyzing-source-code/test-coverage/overview/). + ## Steps -- Set up JDK: If the installJava input is set to true, this step will install the specified Java distribution and version using the actions/setup-java action. +- Check if Java is installed: This step checks if Java is installed on the runner. + +- Set up JDK: If Java is not installed, this step will install the specified Java distribution and version using the actions/setup-java action. - Set up SonarQube scanner: This step downloads and unzips the SonarQube scanner to /tmp and adds its path to the system by appending it to $GITHUB_PATH. ## License -This project is licensed under the MIT License - see the LICENSE file for details. \ No newline at end of file +This project is licensed under the MIT License - see the LICENSE file for details.