We’ve been using SonarCloud for non-Maven project successfully using Scan action + Quality Gate check action
- name: SonarCloud Scan
- name: SonarQube Quality Gate check
When using the same approach for Maven project, the scan fails with a message
Maven project detected. You should run the goal ‘org.sonarsource.scanner.maven:sonar’ during build rather than using this GitHub Action
The scan does complete successfully sonar-maven-plugin
- name: Build and analyze
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=ve_spring-petclinic
However when using sonar-maven-plugin there is no feedback from the Quality Gates configured for the project.
Regardless of the number of new issues the message in the log is
ANALYSIS SUCCESSFUL, you can find the results at:
Is there a way to break GitHub pipeline when using sonar-maven-plugin and new issues are found?
If not, is it possible to bypass a “Maven project” check and do a code scan using SonarCloud Scan GitHub Action?
The objective is to have immediate feedback in the pipeline based on Quality Gates.