The GitHub Plugin serves only one purpose: analyse GitHub pull requests without pushing results to SonarQube. Any issues that are found are published as comments on the pull request.
The plugin performs the following operations:
- Add an inline comment for each issue
- Add a global comment that gives a summary of the analysis
- [Optionally since v1.3] Update the status of the analysis: if no blocker no critical issues were found, the check is green - otherwise it is red to raise attention
- SonarQube Server must be up and running. If that's not the case, see Setup and Upgrade.
- The SonarQube GitHub plugin is installed on SonarQube Server.
- You have a dedicated technical GitHub user which will be used to insert comments when there are issues and update the status of the pull request.
- To insert comments, you just need to generate a token (for that user) that has only the "public_repo" scope (or "repo" for private repositories)
- The update of the pull request is optional (since version 1.3): the technical user must have commit rights on the target repository to be able to update the status of the Pull Request. Otherwise, then a warning will be logged.
Checkout the branch of the pull request you want to analyse and run a SonarQube preview analysis with following parameters:
DEPRECATED FROM SQ 6.6
|Set to |
|Personal access token generated in GitHub for the technical user|
|Identification of the repository. Format is: <organisation/repo>. Exemple: SonarSource/sonarqube||Extracted from property |
|Pull request number|
|URL to access GitHub WS API. Default value is fine for public GitHub. It is needed for GitHub enterprise.|
|If set to |
SonarSource is using this plugin to analyse every pull request that SonarSource developers create when working on a feature / improvement / bug fix.
For instance, you can take a look at the GitHub repository of the SonarQube project itself:
- Source code: https://github.com/SonarSource/sonarqube
- Analysis is launched by Travis:
- Travis file: https://github.com/SonarSource/sonarqube/blob/master/.travis.yml
- Script used to trigger the pull request analysis is in: https://github.com/SonarSource/sonarqube/blob/master/travis.sh
- Some examples of pull requests analyses can be seen here: https://github.com/SonarSource/sonarqube/pulls
Have Question or Feedback?
To provide feedback (request a feature, report a bug etc.) use the SonarQube Google Group. Please do not forget to specify plugin and SonarQube versions if it relates to a bug. If you have a question on how to use plugin direct it to StackOverflow tagged with both