Wednesday, February 14, 2024

How to integrate SonarQube with GitHub Actions CICD Pipeine | SonarQube Integration with GitHub Actions| Automate Code Scan using SonarQube In GitHub Actions

Please find steps for integrating SonarQube with GitHub Actions:


Pre-requisites:

How to integrate SonarQube with GitHub Actions:
We will be following below steps:
  • Create Token in SonarQube to authenticate with GitHub Actions
  • Add Sonar Token, SonarQube URL as Secrets in GitHub Actions
  • Create GitHub Actions CICD workflow yaml
  • Add tasks for Maven build and Sonar Scan
  • Run the workflow in GitHub hosted runner(Ubuntu)
  • Verify scan report in SonarQube

Create Token in SonarQube to authenticate with GitHub Actions
You need to login to SonarQube using your admin password and click on Admin on your top side.
Click on My Account, Security. 
Under Tokens, Give some value for token name and choose global analysis token, click on generate Tokens. Copy the token value generated.


Add Sonar Token and Sonar Host URLs as Secret in GitHub Actions
Go to your GitHub Repo --> Settings --> 

Click on Secrets and Variables under Security in left nav 
Click new Repository Secret


Add another variable for storing Sonar token


Create GitHub Actions CICD workflow yaml:

Go to GitHub repo where your Java project is, create a new file:

.github/workflows/cicd.yml


The below file have four steps(tasks) 
    - Checkout
    - Install Java on runner
    - Build using Maven
    - run Sonar Scan (this task need to have projectKey defined, otherwise build will fail)

Copy the content from below:

name: CI/CD workflow for Maven Build and Sonar Code scan
on:
  push:
    branches:
      - main
  workflow_dispatch:
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Set up JDK 11
      uses: actions/setup-java@v2
      with:
        distribution: 'adopt'
        java-version: '11'
    - name: Build with Maven
      run: mvn clean install -f MyWebApp/pom.xml
    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@master
      with:
        projectBaseDir: .
        args: >
          -Dsonar.organization=my-org
          -Dsonar.projectKey=my-Java-web-app
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

Commit the file.

As soon as you commit, build will run immediately in GitHub Actions. 
Now you can see the output of build in Actions tab.


Now login to SonarQube to see the Scan report


Notes:
You can also refer the documentation below from below websites.


Watch steps in YouTube channel:

No comments:

Post a Comment

DevSecOps Bootcamp Dec 2024 Schedule | DevSecOps & AWS Azure Cloud Coaching by Coach AK | DevSecOps and Cloud Computing Online Classes

Lot of new topics covered like GitHub Actions, GitHub Advanced Security, Helm, Prometheus and Grafana..) The DevOps requirements in the IT m...