sonarscan-dotnet
sonarscan-dotnet copied to clipboard
GitHub Action SonarCloud/SonarQube scanner for .NET 8/7/6/5 and .NET Core applications with pull request decoration support
SonarScanner for .NET
SonarScanner for .NET for use in Github Actions, with automatic pull request detection, analysis and decoration.
The current version supports .NET 8
- For .NET 7, use version 2.2.6
- For .NET 6, use version 2.1.5
- For .NET 5, use version 2.0
- For .NET Core 3.1, use version 1.0.2
Usage examples
Simple use with SonarCloud
- name: SonarScanner for .NET 8 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Include code coverage with Coverlet
Also includes test results.
- name: SonarScanner for .NET 8 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
# Optional command arguments to dotnet test
dotnetTestArguments: --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
# Optional extra command arguments the the SonarScanner 'begin' command
sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx"
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Build subfolder src, and include code coverage
Also includes test results.
- name: SonarScanner for .NET 8 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
# Optional command arguments to dotnet build
dotnetBuildArguments: ./src
# Optional command arguments to dotnet test
dotnetTestArguments: ./src --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
# Optional extra command arguments the the SonarScanner 'begin' command
sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx"
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Skip tests
- name: SonarScanner for .NET 8 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube Organization
sonarOrganization: your_organization
# Optional. Set to 1 or true to not run 'dotnet test' command
dotnetDisableTests: true
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Use pre-build command to add a custom NuGet repository
- name: SonarScanner for .NET 8 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
# Optional command to run before 'dotnet build'. This example adds a NuGet source for other private GitHub Packages registry.
dotnetPreBuildCmd: dotnet nuget add source --username your_github_user --password ${{ secrets.MY_PAT_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/OWNER/index.json"
# Optional command arguments to dotnet build
dotnetBuildArguments: ./src
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Use with self-hosted SonarQube
- name: SonarScanner for .NET 8 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The SonarQube server URL. For SonarCloud, skip this setting.
sonarHostname: your_selfhosted_sonarqube_hostname
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Secrets
-
SONAR_TOKEN
– Required this is the token used to authenticate access to SonarCloud. You can generate a token on your Security page in SonarCloud. You can set theSONAR_TOKEN
environment variable in the "Secrets" settings page of your repository. -
GITHUB_TOKEN
– Provided by Github (see Authenticating with the GITHUB_TOKEN).
Description of all inputs
inputs:
sonarProjectKey:
description: "The key of the SonarQube project"
required: true
sonarProjectName:
description: "The name of the SonarQube project"
required: true
sonarOrganization:
description: "The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting."
required: false
dotnetBuildArguments:
description: "Optional command arguments to 'dotnet build'"
required: false
dotnetPreBuildCmd:
description: "Optional command run before the 'dotnet build'"
required: false
dotnetTestArguments:
description: "Optional command arguments to 'dotnet test'"
required: false
dotnetDisableTests:
description: "Optional. Set to 1 or true to not run 'dotnet test' command"
required: false
sonarBeginArguments:
description: "Optional extra command arguments the the SonarScanner 'begin' command"
required: false
sonarHostname:
description: "The SonarQube server URL. For SonarCloud, skip this setting."
default: "https://sonarcloud.io"
required: false
Troubleshooting
Build error "ERROR: Could not find a default branch to fall back on."
If this error occurs in the build log, you can try this:
- You may have to manually create the project in SonarQube/SonarCloud dashboard first. Make sure the Action input parameter sonarProjectKey (and sonarOrganization for SonarCloud) matches the ones in SonarQube/SonarCloud.
- Make sure you have correct SONAR_TOKEN set. See Secrets above.
SonarQube/SonarCloud dashboard warning "Shallow clone detected during the analysis..."
If the SonarQube/SonarCloud dashboard shows a warning message in the top right ("Last analysis had x warning"), and the message is
"Shallow clone detected during the analysis. Some files will miss SCM information. This will affect features like auto-assignment of issues. Please configure your build to disable shallow clone."
it can be fixed by modifying the Git checkout action fetch-depth parameter:
- uses: actions/checkout@v2
with:
fetch-depth: '0'