How to set up GitHub SonarQube workflow on pull request for .Net repositories
How to set up SonarQube locally
Setup GitHub workflow with Sonar Cloud
Run SonarQube code analysis on pull request
Download Git command line or Github Desktop
Need a .Net core or framework project created using Visual Studio or dotnet global command-line utility.
SonarQube enables developers to write cleaner and safer code.
Step 1: How to run setup SonarQube locally
Run locally for both .Net Core and .Net framework applications
Step 2: Setup secrets in Github
Settings Path: Go to the repository on SonarCloud > Analysis Method > Github Actions
Copy the details of SONAR_TOKEN as shown below and click Continue.
The secret created in SonarCloud and add it into the repository settings, as shown below
NOTE: The secret added here will be used in the “.yml” file in the workflow.
Step 3: Go to the GitHub repository.
Click on the “Actions” tab and click on “Setup a workflow yourself,” as shown below.
Step 3: Add workflow code in the “.yml” file
We need to update the following code in the build.yml file.
token_in_sonar: the project token created in SonarCloud or sonar running locally.
org_name: Skip if not assigned to an organization on GitHub.
Sonar.hold.url: It can be a localhost URL or SonarCloud URL.
Build command differs for .Net Core and .Net Framework.
For .Net Core build command used in the “.yml” file
dotnet build <Path to cs proj or solution file>
For .Net Framework build command used in the “.yml” file
Step 4: Initiate the workflow
After code editing, click on the start commit button in the top-right corner and then click “Commit new file.”
That’s it you have successfully integrated GitHub workflow to analyze a repository with .Net Framework or .Net Core code.
Now for each pull request, two checks will happen
SonarQube Code Analysis
Ideally, the code should be merged to the main branch only if both checks pass. Both checks, as mentioned above, will run in sequence, so if the build fails, then sonar code analysis will also fail.
The workflow creates a new folder in the selected GitHub repository named “.github/workflow” which contains the “.yml” file.
Easy to update “.yml” file for any extra functionality.
Sample analysis report from GitHub
Thank you for reading. Keep visiting and share this in your network. Please put your thoughts and feedback in the comments section.