SonarScanner for .NET for use in Github Actions, with automatic pull request detection, analysis and decoration.
Note
This version supports .NET 9
.
Other .NET versions | GitHub Action version |
---|---|
.NET 8 |
2.3.3 or later 2.3 version |
.NET 7 |
2.2.6 |
.NET 6 |
2.1.5 |
.NET 5 |
2.0 |
.NET Core 3.1 |
1.0.2 |
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/sonarscan-dotnet@v2.4.1
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Include code coverage with Coverlet
Also includes test results.
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/sonarscan-dotnet@v2.4.1
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
# Optional command arguments to dotnet test
dotnetTestArguments: --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
# Optional extra command arguments the the SonarScanner 'begin' command
sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx"
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Also includes test results.
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/sonarscan-dotnet@v2.4.1
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
# Optional command arguments to dotnet build
dotnetBuildArguments: ./src
# Optional command arguments to dotnet test
dotnetTestArguments: ./src --logger trx --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
# Optional extra command arguments the the SonarScanner 'begin' command
sonarBeginArguments: /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" -d:sonar.cs.vstest.reportsPaths="**/TestResults/*.trx"
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/sonarscan-dotnet@v2.4.1
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube Organization
sonarOrganization: your_organization
# Optional. Set to 1 or true to not run 'dotnet test' command
dotnetDisableTests: true
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/sonarscan-dotnet@v2.4.1
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting.
sonarOrganization: your_organization
# Optional command to run before 'dotnet build'. This example adds a NuGet source for other private GitHub Packages registry.
dotnetPreBuildCmd: dotnet nuget add source --username your_github_user --password ${{ secrets.MY_PAT_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/OWNER/index.json"
# Optional command arguments to dotnet build
dotnetBuildArguments: ./src
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: SonarScanner for .NET 9 with pull request decoration support
uses: highbyte/sonarscan-dotnet@v2.4.1
with:
# The key of the SonarQube project
sonarProjectKey: your_projectkey
# The name of the SonarQube project
sonarProjectName: your_projectname
# The SonarQube server URL. For SonarCloud, skip this setting.
sonarHostname: your_selfhosted_sonarqube_hostname
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN
– Required this is the token used to authenticate access to SonarCloud. You can generate a token on your Security page in SonarCloud. You can set theSONAR_TOKEN
environment variable in the "Secrets" settings page of your repository.GITHUB_TOKEN
– Provided by Github (see Authenticating with the GITHUB_TOKEN).
inputs:
sonarProjectKey:
description: "The key of the SonarQube project"
required: true
sonarProjectName:
description: "The name of the SonarQube project"
required: true
sonarOrganization:
description: "The name of the SonarQube organization in SonarCloud. For hosted SonarQube, skip this setting."
required: false
dotnetBuildArguments:
description: "Optional command arguments to 'dotnet build'"
required: false
dotnetPreBuildCmd:
description: "Optional command run before the 'dotnet build'"
required: false
dotnetTestArguments:
description: "Optional command arguments to 'dotnet test'"
required: false
dotnetDisableTests:
description: "Optional. Set to 1 or true to not run 'dotnet test' command"
required: false
sonarBeginArguments:
description: "Optional extra command arguments the the SonarScanner 'begin' command"
required: false
sonarHostname:
description: "The SonarQube server URL. For SonarCloud, skip this setting."
default: "https://sonarcloud.io"
required: false
If this error occurs in the build log, you can try this:
- You may have to manually create the project in SonarQube/SonarCloud dashboard first. Make sure the Action input parameter sonarProjectKey (and sonarOrganization for SonarCloud) matches the ones in SonarQube/SonarCloud.
- Make sure you have correct SONAR_TOKEN set. See Secrets above.
If the SonarQube/SonarCloud dashboard shows a warning message in the top right ("Last analysis had x warning"), and the message is
"Shallow clone detected during the analysis. Some files will miss SCM information. This will affect features like auto-assignment of issues. Please configure your build to disable shallow clone."
it can be fixed by modifying the Git checkout action fetch-depth parameter:
- uses: actions/checkout@v4
with:
fetch-depth: '0'