Skip to content
/ sonarscan-dotnet Public
forked from highbyte/sonarscan-dotnet

GitHub Action SonarCloud/SonarQube scanner for .NET 5 and .NET Core applications with pull request decoration support

github.com/marketplace/actions/sonarscan-dotnet

License

MIT license
0 stars 24 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SplinterRAT/sonarscan-dotnet

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
.github/workflows
.github/workflows
 
 
images
images
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

SonarScanner for .NET

Docker Image build

SonarScanner for .NET for use in Github Actions, with automatic pull request detection, analysis and decoration.

The current version supports .NET 5.

  • For .NET Core 3.1, use version 1.0.2

Usage examples

Simple use with SonarCloud

    - name: SonarScanner for .NET 5 with pull request decoration support
      uses: highbyte/[email protected]
      with:
        # The key of the SonarQube project
        sonarProjectKey: your_projectkey
        # The name of the SonarQube project
        sonarProjectName:  your_projectname
        # The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
        sonarOrganization: your_organization

  env:
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Include code coverage with Coverlet

Also includes test results.

    - name: SonarScanner for .NET 5 with pull request decoration support
      uses: highbyte/[email protected]
      with:
        # The key of the SonarQube project
        sonarProjectKey: your_projectkey
        # The name of the SonarQube project
        sonarProjectName:  your_projectname
        # The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
        sonarOrganization: your_organization
        # Optional command arguments to dotnet test
        dotnetTestArguments: --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
        # Optional extra command arguments the the SonarScanner 'begin' command
        sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx"
        
  env:
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Build subfolder src, and include code coverage

Also includes test results.

    - name: SonarScanner for .NET 5 with pull request decoration support
      uses: highbyte/[email protected]
      with:
        # The key of the SonarQube project
        sonarProjectKey: your_projectkey
        # The name of the SonarQube project
        sonarProjectName:  your_projectname
        # The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
        sonarOrganization: your_organization
        # Optional command arguments to dotnet build
        dotnetBuildArguments: ./src
        # Optional command arguments to dotnet test
        dotnetTestArguments: ./src --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
        # Optional extra command arguments the the SonarScanner 'begin' command
        sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx"
        
  env:
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Skip tests

    - name: SonarScanner for .NET 5 with pull request decoration support
      uses: highbyte/[email protected]
      with:
        # The key of the SonarQube project
        sonarProjectKey: your_projectkey
        # The name of the SonarQube project
        sonarProjectName:  your_projectname
        # The name of the SonarQube Organization
        sonarOrganization: your_organization
        # Optional. Set to 1 or true to not run 'dotnet test' command
        dotnetDisableTests: true
        
  env:
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Use with self-hosted SonarQube

    - name: SonarScanner for .NET 5 with pull request decoration support
      uses: highbyte/[email protected]
      with:
        # The key of the SonarQube project
        sonarProjectKey: your_projectkey
        # The name of the SonarQube project
        sonarProjectName:  your_projectname
        # The SonarQube server URL. For SonarCloud, skip this setting.
        sonarHostname:  your_selfhosted_sonarqube_hostname
  env:
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Secrets

  • SONAR_TOKENRequired this is the token used to authenticate access to SonarCloud. You can generate a token on your Security page in SonarCloud. You can set the SONAR_TOKEN environment variable in the "Secrets" settings page of your repository.
  • GITHUB_TOKEN – Provided by Github (see Authenticating with the GITHUB_TOKEN).

Description of all inputs

inputs:
  sonarProjectKey:
    description: "The key of the SonarQube project"
    required: true
  sonarProjectName:
    description: "The name of the SonarQube project"
    required: true
  sonarOrganization:
    description: "The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting."
    required: false
  dotnetBuildArguments:
    description: "Optional command arguments to 'dotnet build'"
    required: false
  dotnetTestArguments:
    description: "Optional command arguments to 'dotnet test'"
    required: false
  dotnetDisableTests:
    description: "Optional. Set to 1 or true to not run 'dotnet test' command"
    required: false
  sonarBeginArguments:
    description: "Optional extra command arguments the the SonarScanner 'begin' command"
    required: false
  sonarHostname:
    description: "The SonarQube server URL. For SonarCloud, skip this setting."
    default: "https://sonarcloud.io"
    required: false

Troubleshooting

Build error "ERROR: Could not find a default branch to fall back on."

If this error occurs in the build log, you can try this:

  • You may have to manually create the project in SonarQube/SonarCloud dashboard first. Make sure the Action input parameter sonarProjectKey (and sonarOrganization for SonarCloud) matches the ones in SonarQube/SonarCloud.
  • Make sure you have correct SONAR_TOKEN set. See Secrects above.

SonarQube/SonarCloud dashboard warning "Shallow clone detected during the analysis..."

If the SonarQube/SonarCloud dashboard shows a warning message in the top right ("Last analysis had x warning"), and the message is

"Shallow clone detected during the analysis. Some files will miss SCM information. This will affect features like auto-assignment of issues. Please configure your build to disable shallow clone."

it can be fixed by modifying the Git checkout action fetch-depth parameter:

- uses: actions/checkout@v2
      with:
        fetch-depth: '0'

About

GitHub Action SonarCloud/SonarQube scanner for .NET 5 and .NET Core applications with pull request decoration support

github.com/marketplace/actions/sonarscan-dotnet

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

patch to avoid issue with nuget Latest
Jan 28, 2021

Packages

No packages published

Languages

  • Shell 76.9%
  • Dockerfile 23.1%