This developer-friendly CLI and GitHub Action enable SonarQube scanning for your repository without the need for a dedicated hosted SonarQube server. It starts a SonarQube Docker instance, allowing developers to scan code, check results, and generate a JSON metrics file for automation. This ensures you can easily assess and maintain the quality of your code.
Please refer to the release page for the latest release notes.
To install CLI, paste and run the following in a terminal:
curl -s "https://raw.githubusercontent.com/gitricko/sonarless/main/install.sh" | bash
_
___ ___ _ __ __ _ _ __ | | ___ ___ ___
/ __| / _ \ | "_ \ / _` || "__|| | / _ \/ __|/ __|
\__ \| (_) || | | || (_| || | | || __/\__ \\__ \
|___/ \___/ |_| |_| \__,_||_| |_| \___||___/|___/
Now attempting installation...
Looking for a previous installation of SONARLESS...
Looking for docker...
Looking for jq...
Looking for sed...
Installing Sonarless helper scripts...
* Downloading...
######################################################################## 100.0%
Please open a new terminal, or run the following in the existing one:
alias sonarless='/home/runner/.sonarless/makefile.sh'
Then issue the following command:
sonarless help
Enjoy!!!
To understand CLI sub-commands, just run sonarless help
Usually, you only need to know 2 sub-commands
-
sonarless scan
: to start scanning your code in the current directory will be uploaded for scanning. When the scan is done, just login webui into your local personal instance of sonarqube via http://localhost:9234 to get details from SonarQube. The default password foradmin
issonarless
-
sonarless results
: to generatesonar-metrics.json
metrics file in your current directory
To clean up your sonar instance, just run sonarless docker-clean
. SonarQube docker instance will be stop and all images removed.
This CLI works perfectly with Github CodeSpace
- uses: gitricko/[email protected]
with:
# Folder path to scan from git-root
# Default: .
sonar-source-path: ''
# Path to SonarQube metrics json from git-root
# Default: ./sonar-metrics.json
sonar-metrics-path: ''
# SonarQube Project Name
# Default: ${{ github.event.repository.name }}
sonar-project-name: ''
# SonarQube Project Key
# Default: ${{ github.event.repository.name }}
sonar-project-key: ''
- Scan all files from git root directory
- Scan particular folder from git root directory
- Scan code and fail build if metrics is below expectation
- Options to change local sonarqube server port
jobs:
Sonarless-Scan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Sonarless Scan
uses: gitricko/[email protected]
jobs:
Sonarless-Scan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Sonarless Scan
uses: gitricko/[email protected]
with:
sonar-source-path: 'src'
jobs:
Sonarless-Scan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Sonarless Scan
uses: gitricko/[email protected]
with:
sonar-source-path: 'src'
sonar-metrics-path: './sonar-mymetrics.json'
- name: Check Sonar Metrics - No Vulnerabilities
run: |
echo "Checking for any vulnerabilities in Sonar Metrics JSON"
VULN=$(cat ./sonar-mymetrics.json | jq -r '.component.measures[] | select(.metric == "vulnerabilities").value')
echo "# of vulnerabilities = ${VULN}"
[ ${VULN} -eq "0" ]
Just in case your local machine/GHA container need to use the default port of 9234
jobs:
Sonarless-Scan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Sonarless Scan
uses: gitricko/[email protected]
with:
sonar-instance-port: '1234'
If you find this small helper script and action helpful, buy me a sip of coffee here to show your appreciation (only if you want to)