You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
sonarscan-dotnet
v2.4.0-beta6
Pre-release
SonarScanner for .NET for use in Github Actions, with automatic pull request detection, analysis and decoration.
The current version supports .NET 9
- For .NET 8, use version 2.3.2
- For .NET 7, use version 2.2.6
- For .NET 6, use version 2.1.5
- For .NET 5, use version 2.0
- For .NET Core 3.1, use version 1.0.2
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Include code coverage with Coverlet
Also includes test results.
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
# Optional command arguments to dotnet test
dotnetTestArguments: --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
# Optional extra command arguments the the SonarScanner 'begin' command
sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx"
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Also includes test results.
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
# Optional command arguments to dotnet build
dotnetBuildArguments: ./src
# Optional command arguments to dotnet test
dotnetTestArguments: ./src --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
# Optional extra command arguments the the SonarScanner 'begin' command
sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx"
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube Organization
sonarOrganization: your_organization
# Optional. Set to 1 or true to not run 'dotnet test' command
dotnetDisableTests: true
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
# Optional command to run before 'dotnet build'. This example adds a NuGet source for other private GitHub Packages registry.
dotnetPreBuildCmd: dotnet nuget add source --username your_github_user --password ${{ secrets.MY_PAT_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/OWNER/index.json"
# Optional command arguments to dotnet build
dotnetBuildArguments: ./src
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/[email protected]
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The SonarQube server URL. For SonarCloud, skip this setting.
sonarHostname: your_selfhosted_sonarqube_hostname
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN
– Required this is the token used to authenticate access to SonarCloud. You can generate a token on your Security page in SonarCloud. You can set theSONAR_TOKEN
environment variable in the "Secrets" settings page of your repository.GITHUB_TOKEN
– Provided by Github (see Authenticating with the GITHUB_TOKEN).
inputs:
sonarProjectKey:
description: "The key of the SonarQube project"
required: true
sonarProjectName:
description: "The name of the SonarQube project"
required: true
sonarOrganization:
description: "The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting."
required: false
dotnetBuildArguments:
description: "Optional command arguments to 'dotnet build'"
required: false
dotnetPreBuildCmd:
description: "Optional command run before the 'dotnet build'"
required: false
dotnetTestArguments:
description: "Optional command arguments to 'dotnet test'"
required: false
dotnetDisableTests:
description: "Optional. Set to 1 or true to not run 'dotnet test' command"
required: false
sonarBeginArguments:
description: "Optional extra command arguments the the SonarScanner 'begin' command"
required: false
sonarHostname:
description: "The SonarQube server URL. For SonarCloud, skip this setting."
default: "https://sonarcloud.io"
required: false
If this error occurs in the build log, you can try this:
- You may have to manually create the project in SonarQube/SonarCloud dashboard first. Make sure the Action input parameter sonarProjectKey (and sonarOrganization for SonarCloud) matches the ones in SonarQube/SonarCloud.
- Make sure you have correct SONAR_TOKEN set. See Secrets above.
If the SonarQube/SonarCloud dashboard shows a warning message in the top right ("Last analysis had x warning"), and the message is
"Shallow clone detected during the analysis. Some files will miss SCM information. This will affect features like auto-assignment of issues. Please configure your build to disable shallow clone."
it can be fixed by modifying the Git checkout action fetch-depth parameter:
- uses: actions/checkout@v2
with:
fetch-depth: '0'