diff --git a/README.md b/README.md index fc88550..23aceec 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ -# SonarQube Quality Gate check [![QA](https://github.com/SonarSource/sonarqube-quality-gate-action/actions/workflows/run-qa.yml/badge.svg)](https://github.com/SonarSource/sonarqube-quality-gate-action/actions/workflows/run-qa.yml) +# SonarQube Server Quality Gate check [![QA](https://github.com/SonarSource/sonarqube-quality-gate-action/actions/workflows/run-qa.yml/badge.svg)](https://github.com/SonarSource/sonarqube-quality-gate-action/actions/workflows/run-qa.yml) -Check the Quality Gate of your code with [SonarQube](https://www.sonarqube.org/) to ensure your code meets your own quality standards before you release or deploy new features. +Check the Quality Gate of your code with [SonarQube Server](https://www.sonarsource.com/products/sonarqube/) to ensure your code meets your own quality standards before you release or deploy new features. - + -SonarQube is the leading product for Continuous Code Quality & Code Security. It supports most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and many more. +SonarQube Server is the leading product for Continuous Code Quality & Code Security. It supports most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and many more. ## Requirements @@ -19,44 +19,43 @@ The workflow YAML file will usually look something like this:: ```yaml on: # Trigger analysis when pushing in master or pull requests, and when creating - # a pull request. + # a pull request. push: branches: - master pull_request: - types: [opened, synchronize, reopened] + types: [opened, synchronize, reopened] name: Main Workflow jobs: sonarqube: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - # Disabling shallow clone is recommended for improving relevancy of reporting. - fetch-depth: 0 - - # Triggering SonarQube analysis as results of it are required by Quality Gate check. - - name: SonarQube Scan - uses: sonarsource/sonarqube-scan-action@master - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} - - # Check the Quality Gate status. - - name: SonarQube Quality Gate check - id: sonarqube-quality-gate-check - uses: sonarsource/sonarqube-quality-gate-action@master - with: - pollingTimeoutSec: 600 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} #OPTIONAL - - # Optionally you can use the output from the Quality Gate in another step. - # The possible outputs of the `quality-gate-status` variable are `PASSED`, `WARN` or `FAILED`. - - name: "Example show SonarQube Quality Gate Status value" - run: echo "The Quality Gate status is ${{ steps.sonarqube-quality-gate-check.outputs.quality-gate-status }}" - + - uses: actions/checkout@v4 + with: + # Disabling shallow clone is recommended for improving relevancy of reporting. + fetch-depth: 0 + + # Triggering SonarQube analysis as results of it are required by Quality Gate check. + - name: SonarQube Server Scan + uses: sonarsource/sonarqube-scan-action@master + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + + # Check the Quality Gate status. + - name: SonarQube Server Quality Gate check + id: sonarqube-quality-gate-check + uses: sonarsource/sonarqube-quality-gate-action@master + with: + pollingTimeoutSec: 600 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} #OPTIONAL + + # Optionally you can use the output from the Quality Gate in another step. + # The possible outputs of the `quality-gate-status` variable are `PASSED`, `WARN` or `FAILED`. + - name: "Example show SonarQube Server Quality Gate Status value" + run: echo "The Quality Gate status is ${{ steps.sonarqube-quality-gate-check.outputs.quality-gate-status }}" ``` Make sure to set up `pollingTimeoutSec` property in your step, to avoid wasting action minutes per month (see above example). If not provided, the default value of 300s is applied. @@ -72,7 +71,7 @@ Typically, report metadata file for different scanners can vary and can be locat Example usage: ```yaml -- name: SonarQube Quality Gate check +- name: SonarQube Server Quality Gate check uses: sonarsource/sonarqube-quality-gate-action@master with: scanMetadataReportFile: target/sonar/report-task.txt @@ -80,11 +79,11 @@ Example usage: ### Environment variables -- `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarQube. You can read more about security tokens [here](https://docs.sonarqube.org/latest/user-guide/user-token/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended). +- `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarQube Server. You can read more about security tokens [here](https://docs.sonarqube.org/latest/user-guide/user-token/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended). -- `SONAR_HOST_URL` – **Optional** this tells the scanner where SonarQube is hosted, otherwise it will get the one from the scan report. You can set the `SONAR_HOST_URL` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended). +- `SONAR_HOST_URL` – **Optional** this tells the scanner where SonarQube Server is hosted, otherwise it will get the one from the scan report. You can set the `SONAR_HOST_URL` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended). -- `SONAR_ROOT_CERT` – Holds an additional root certificate (in PEM format) that is used to validate the SonarQube server certificate. You can set the `SONAR_ROOT_CERT` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended). +- `SONAR_ROOT_CERT` – Holds an additional root certificate (in PEM format) that is used to validate the SonarQube Server certificate. You can set the `SONAR_ROOT_CERT` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended). ## Quality Gate check run diff --git a/action.yml b/action.yml index 5f932ba..574a7bf 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -name: SonarQube Quality Gate Check +name: SonarQube Server Quality Gate Check description: > Check if a project / analysis passed the Quality Gate check branding: @@ -16,7 +16,7 @@ inputs: required: false default: .scannerwork/report-task.txt pollingTimeoutSec: - description: "The maximum time (in seconds) to poll for SonarQube's Quality Gate status. Default: 300." + description: "The maximum time (in seconds) to poll for SonarQube Server's Quality Gate status. Default: 300." required: false default: "300" outputs: diff --git a/images/SonarQube-72px.png b/images/SonarQube-72px.png deleted file mode 100644 index ab7712b..0000000 Binary files a/images/SonarQube-72px.png and /dev/null differ diff --git a/images/SonarQubeServer.png b/images/SonarQubeServer.png new file mode 100644 index 0000000..1052c50 Binary files /dev/null and b/images/SonarQubeServer.png differ diff --git a/script/check-quality-gate.sh b/script/check-quality-gate.sh index 5ae8c9b..fa9f95c 100755 --- a/script/check-quality-gate.sh +++ b/script/check-quality-gate.sh @@ -55,7 +55,7 @@ done printf '\n' if [[ ${status} == "PENDING" || ${status} == "IN_PROGRESS" ]] && [[ ${SECONDS} -ge ${endTime} ]]; then - echo "Polling timeout reached for waiting for finishing of the Sonar scan! Aborting the check for SonarQube's Quality Gate." + echo "Polling timeout reached for waiting for finishing of the Sonar scan! Aborting the check for SonarQube Server's Quality Gate." exit 1 fi @@ -77,6 +77,6 @@ elif [[ ${qualityGateStatus} == "ERROR" ]]; then fail "Quality Gate has FAILED.${reset}\n\n${analysisResultMsg}" else set_output "quality-gate-status" "FAILED" - fail "Quality Gate not set for the project. Please configure the Quality Gate in SonarQube or remove sonarqube-quality-gate action from the workflow." + fail "Quality Gate not set for the project. Please configure the Quality Gate in SonarQube Server or remove sonarqube-quality-gate action from the workflow." fi diff --git a/test/check-quality-gate-test.bats b/test/check-quality-gate-test.bats index 49bf4f3..45d5af2 100755 --- a/test/check-quality-gate-test.bats +++ b/test/check-quality-gate-test.bats @@ -102,7 +102,7 @@ teardown() { [ "$status" -eq 1 ] [[ "${github_out_actual}" = "quality-gate-status=FAILED" ]] - [[ "$output" = *"Quality Gate not set for the project. Please configure the Quality Gate in SonarQube or remove sonarqube-quality-gate action from the workflow."* ]] + [[ "$output" = *"Quality Gate not set for the project. Please configure the Quality Gate in SonarQube Server or remove sonarqube-quality-gate action from the workflow."* ]] } @test "fail when polling timeout is reached" { @@ -119,7 +119,7 @@ teardown() { run script/check-quality-gate.sh metadata_tmp 5 [ "$status" -eq 1 ] - [[ "$output" = *"Polling timeout reached for waiting for finishing of the Sonar scan! Aborting the check for SonarQube's Quality Gate."* ]] + [[ "$output" = *"Polling timeout reached for waiting for finishing of the Sonar scan! Aborting the check for SonarQube Server's Quality Gate."* ]] } @test "fail when Quality Gate status WARN" {