Skip to end of metadata
Go to start of metadata
By SonarSource – GNU LGPL 3 – Issue TrackerSources – Supported by SonarSource
More versions
GitHub 1.4.2 – Nov 08, 2017 – SonarQube 6.7+ (Compatible with LTS)
Fix GitHub commit ID overflow
DownloadRelease notes

Description

The GitHub Plugin serves only one purpose: analyse GitHub pull requests without pushing results to SonarQube. Any issues that are found are published as comments on the pull request.

The plugin performs the following operations:

  1. Add an inline comment for each issue
  2. Add a global comment that gives a summary of the analysis
  3. [Optionally since v1.3] Update the status of the analysis: if no blocker no critical issues were found, the check is green - otherwise it is red to raise attention

Requirements

SonarQube

  • SonarQube Server must be up and running. If that's not the case, see Setup and Upgrade.
  • The SonarQube GitHub plugin is installed on SonarQube Server. 

GitHub

  • You have a dedicated technical GitHub user which will be used to insert comments when there are issues and update the status of the pull request.
    • To insert comments, you just need to generate a token (for that user) that has only the "public_repo" scope (or "repo" for private repositories)

    • The update of the pull request is optional (since version 1.3): the technical user must have commit rights on the target repository to be able to update the status of the Pull Request. Otherwise, then a warning will be logged. 

Usage

Checkout the branch of the pull request you want to analyse and run a SonarQube preview analysis with following parameters:

Key
Description
Default value

DEPRECATED FROM SQ 6.6

sonar.analysis.mode

Set to preview 
sonar.github.oauth
Personal access token generated in GitHub for the technical user 
sonar.github.repositoryIdentification of the repository. Format is: <organisation/repo>. Exemple: SonarSource/sonarqubeExtracted from property sonar.links.scm_dev
sonar.github.pullRequestPull request number 

Optional parameters:

Key
Description
Default value
sonar.github.endpoint
URL to access GitHub WS API. Default value is fine for public GitHub. It is needed for GitHub enterprise.https://api.github.com
sonar.github.disableInlineComments
If set to true issues will not be reported as inline comments but only in the global summary commentfalse

Example

Example with SonarQube Scanner
sonar-scanner -Dsonar.analysis.mode=preview \
              -Dsonar.github.pullRequest=$PULL_REQUEST_ID \
              -Dsonar.github.repository=myOrganisation/myProject \
              -Dsonar.github.oauth=$GITHUB_ACCESS_TOKEN \
              -Dsonar.host.url=https://server/sonarqube \
              -Dsonar.login=$SONARQUBE_ACCESS_TOKEN


Have Question or Feedback?

To provide feedback (request a feature, report a bug etc.) use the SonarQube Google Group. Please do not forget to specify plugin and SonarQube versions if it relates to a bug. If you have a question on how to use plugin direct it to StackOverflow tagged with both sonarqube and github.

 

  • No labels