Setting up Sonarqube scanner with Github actions

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    1.Sonarqube server - Community Edition Version 8.9.8 (build 54436)
    2.Sonarqube scan Github action version - SonarSource/sonarqube-scan-action@v1.1.0
  • what are you trying to achieve
    We have a Typescript React based project and trying to run some tests, lints and sonarqube scan for the repository.
    In terms of Sonarqube, looking at 2 different scans
  1. Against the master branch which will be scheduled
  2. Against the PR branch when the PR will be raised
  • what have you tried so far to achieve this
    Able to run the sonar scan when PR is raised
    Need to understand that the code which is used to scan does it switch to that particular PR branch or we need to checkout and then run the Sonarqube scan

Also need to understand how do I pass testExecutionReportPaths and eslint.reportPaths for Sonarqube job where my test and lint would run in the same workflow against that PR

Hi,

I don’t understand the question.

The readme gives an example that passes args in to analysis. You would just add the correct key/value pairs to the args list.

 
HTH,
Ann

I was able to run the scan on the pull request.
But on Sonarqube dashboard I could see 0 bugs and 0 vulnerabilities for the PR branch
Is it due to this?

Hi,

Could you share your analysis log? If you were able to run an analysis, then it’s not about licensing.

 
Ann

Sure, adding the logs here
6_SonarQube Scan.txt (17.6 KB)

Hi,

args: -Dsonar.sources=./src/ -Dsonar.tests=./test/ -Dsonar.projectKey=bifrost-web-app -Dsonar.pullrequest.key=154 -Dsonar.pullrequest.branch=sumeetp26-patch-2 -Dsonar.pullrequest.base=master -Dsonar.typescript.lcov.reportPaths=coverage/lcov.info -Dsonar.testExecutionReportPaths=./sonar-test/sonar-report.xml -Dsonar.eslint.reportPaths=eslint-report.json -Dsonar.javascript.lcov.reportPaths=./sonar-test/lcov.info

Since you’re on Community Edition, the pull request parameters are ignored & there’s no need to pass them.

That means that you’re setting your PR analysis up to overwrite your main project analysis. I doubt that’s what you had in mind. Instead, you should vary your sonar.projectKey. Which, BTW means you’ll create a new project for each PR & need to clean that up manually.

Other than that (and the error for the missing ESLint report) I don’t see anything out of the ordinary in your log. Can you share some screenshots?

 
Ann

Other than that (and the error for the missing ESLint report) I don’t see anything out of the ordinary in your log. Can you share some screenshots?

I was able to send the ESLint report file, but now I see these errors No ESLint issues will be imported on this file. Can you help what could be going wrong here.

I am downloading the artifact and providing the path to the file

Hi,

This is a new question. Please create a new thread & provide the relevant analysis logs.

 
Ann