ci: configure SonarQube analysis in GitHub Actions

- Added SonarQube analysis workflow for main branch pushes and pull requests. - Integrated SonarQube scan action with environment variables for secure token and host URL management. - Configured project key and source directories for accurate code analysis. - Ensured proper permissions for pull request decorations by SonarQube.
growthfolio · Aug 20, 2024 · ace18ae · ace18ae
1 parent 231a5ef
commit ace18ae
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 66 deletions.
diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
@@ -0,0 +1,31 @@
+name: SonarQube analysis
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  workflow_dispatch:
+
+permissions:
+  pull-requests: read # allows SonarQube to decorate PRs with analysis results
+
+jobs:
+  Analysis:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Analyze with SonarQube
+        # You can pin the exact commit or the version.
+        uses: SonarSource/sonarqube-scan-action@7295e71c9583053f5bf40e9d4068a0c974603ec8
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}   # Generate a token on SonarQube, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}   # add the URL of your instance to the secrets of this repo with the name SONAR_HOST_URL (Settings > Secrets > Actions > add new repository secret)
+        with:
+          args: >
+            -Dsonar.projectKey=FelipeAJdev_energyGames  # Substitua por sua chave do projeto SonarQube
+            -Dsonar.sources=.  # Define a raiz do projeto como fonte
diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml