This repository provides a reusable GitHub Action for running SonarQube scans in GitHub Workflows. It wraps the official SonarQube Scanner Action to standardize details such as providing the correct branch name for pull requests and checking if the pull request is made from a fork.
To use the action, add it to a workflow in your repository:
name: Run SonarQube scanner
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
jobs:
sonarqube-scanner:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Run SonarQube scan
uses: minvws/action-sonarqube@v1
with:
sonar-token: ${{ secrets.SONAR_TOKEN }}Make sure to add the SONAR_TOKEN secret to your repository's configuration. See Using secrets in GitHub Actions.
In this basic example, the workflow is executed automatically on push to the main branch and on any pull request. And thanks to the workflow_dispatch trigger it can also be executed manually from the repository's Actions tab.
The action has the following inputs:
sonar-token: the SonarQube token.project-base-dir: set the sonar.projectBaseDir analysis property, default is..allow-run-on-fork: allow SonarQube scan to run on pull requests from forks (default: false).
If you plan to make non-trivial changes, we recommend to open an issue beforehand where we can discuss your planned changes. This increases the chance that we might be able to use your contribution (or it avoids doing work if there are reasons why we wouldn't be able to use it).
Git commits must be signed. Please check the Signing commits documentation on GitHub.
This repository is released under the EUPL 1.2 license. See LICENSE.txt for details.
This package is part of the iCore project.