Skip to content
umbrella

GitHub Action

Finalyze with SonarCloud

v1.0.0 Latest version

Finalyze with SonarCloud

umbrella

Finalyze with SonarCloud

An opinionated action that analysis generated data and then uploads everything to SonarCloud

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Finalyze with SonarCloud

uses: codebeltnet/[email protected]

Learn more about this action in codebeltnet/sonarcloud-scan-finalize

Choose a version

Finalyze with SonarCloud

Uses the SonarScanner for .NET tool and cleans the MSBuild/dotnet build hooks, collects the analysis data generated by the build, the test results, the code coverage and then uploads everything to SonarCloud.

This action is part of the Codebelt umbrella and ensures a consistent way of:

  • Defining your CI/CD pipeline
  • Structuring your repository
  • Keeping your codebase small and feasible
  • Writing clean and maintainable code
  • Deploying your code to different environments
  • Automating as much as possible

A paved path to excel as a DevSecOps Engineer.

Usage

To use this action in your GitHub repository, you can follow these steps:

uses: codebeltnet/sonarcloud-scan-finalize@v1

Inputs

with:
  # The SonarCloud generated token.
  token:

Outputs

This action has no outputs.

Examples

Complete SonarCloud Quality Analysis

steps:
  - name: Run SonarCloud Analysis
    uses: codebeltnet/sonarcloud-scan@v1
    with:
      token: ${{ secrets.SONAR_TOKEN }}
      organization: geekle
      projectKey: savvyio
      version: ${{ needs.build.outputs.version }}

  - name: Build
    uses: codebeltnet/dotnet-build@v1
    with:
      uploadBuildArtifact: false

  - name: Finalize SonarCloud Analysis
    uses: codebeltnet/sonarcloud-scan-finalize@v1
    with:
      token: ${{ secrets.SONAR_TOKEN }}

Sample workflow for .NET Class Library

name: Generic CI/CD Pipeline (.NET Library)
on:
  push:
    branches: [main]
    paths-ignore:
      - .codecov
      - .docfx
      - .github
      - .nuget
  pull_request:
    branches: [main]
  workflow_dispatch:
    inputs:
      configuration:
        type: choice
        description: The build configuration to use in the deploy stage.
        required: true
        default: Release
        options:
          - Debug
          - Release

jobs:
  build:
    name: πŸ› οΈ Build
    runs-on: ubuntu-22.04
    outputs:
      version: ${{ steps.minver-calculate.outputs.version }}
    steps:
      - name: Checkout
        uses: codebeltnet/git-checkout@v1

      - name: Install .NET
        uses: codebeltnet/install-dotnet@v1

      - name: Install MinVer
        uses: codebeltnet/dotnet-tool-install-minver@v1

      - id: minver-calculate
        name: Calculate Version
        uses: codebeltnet/minver-calculate@v1

      - name: Download strongname.snk file
        uses: codebeltnet/gcp-download-file@v1
        with: 
          serviceAccountKey: ${{ secrets.GCP_TOKEN }}
          bucketName: ${{ secrets.GCP_BUCKETNAME }}
          objectName: strongname.snk

      - name: Restore Dependencies
        uses: codebeltnet/dotnet-restore@v1

      - name: Build for Preview
        uses: codebeltnet/dotnet-build@v1
        with:
          configuration: Debug

      - name: Build for Production
        uses: codebeltnet/dotnet-build@v1
        with:
          configuration: Release

  pack:
    name: πŸ“¦ Pack
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        configuration: [Debug, Release]
    needs: [build]
    steps:     
      - name: Pack for ${{ matrix.configuration }}
        uses: codebeltnet/dotnet-pack@v1
        with:
          configuration: ${{ matrix.configuration }}
          uploadPackedArtifact: true
          version: ${{ needs.build.outputs.version }}

  test:
    name: πŸ§ͺ Test
    needs: [build]
    strategy:
      matrix:
        os: [ubuntu-22.04, windows-2022]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout
        uses: codebeltnet/git-checkout@v1

      - name: Install .NET
        uses: codebeltnet/install-dotnet@v1

      - name: Install .NET Tool - Report Generator
        uses: codebeltnet/dotnet-tool-install-reportgenerator@v1

      - name: Test with Debug build
        uses: codebeltnet/dotnet-test@v1
        with:
          configuration: Debug
          buildSwitches: -p:SkipSignAssembly=true

      - name: Test with Release build
        uses: codebeltnet/dotnet-test@v1
        with:
          configuration: Release
          buildSwitches: -p:SkipSignAssembly=true

  sonarcloud:
    name: πŸ”¬ Code Quality Analysis
    needs: [build,test]
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: codebeltnet/git-checkout@v1

      - name: Install .NET
        uses: codebeltnet/install-dotnet@v1

      - name: Install .NET Tool - Sonar Scanner
        uses: codebeltnet/dotnet-tool-install-sonarscanner@v1

      - name: Restore Dependencies
        uses: codebeltnet/dotnet-restore@v1

      - name: Run SonarCloud Analysis
        uses: codebeltnet/sonarcloud-scan@v1
        with:
          token: ${{ secrets.SONAR_TOKEN }}
          organization: your-sonarcloud-organization
          projectKey: your-sonarcloud-project-key
          version: ${{ needs.build.outputs.version }}

      - name: Build
        uses: codebeltnet/dotnet-build@v1
        with:
          buildSwitches: -p:SkipSignAssembly=true
          uploadBuildArtifact: false

      - name: Finalize SonarCloud Analysis
        uses: codebeltnet/sonarcloud-scan-finalize@v1
        with:
          token: ${{ secrets.SONAR_TOKEN }}

  codecov:
    name: πŸ“Š Code Coverage Analysis
    needs: [build,test]
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: codebeltnet/git-checkout@v1

      - name: Run CodeCov Analysis
        uses: codebeltnet/codecov-scan@v1
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          repository: your-github-repository
          
  codeql:
    name: πŸ›‘οΈ Security Analysis
    needs: [build,test]
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: codebeltnet/git-checkout@v1

      - name: Install .NET
        uses: codebeltnet/install-dotnet@v1

      - name: Restore Dependencies
        uses: codebeltnet/dotnet-restore@v1

      - name: Prepare CodeQL SAST Analysis
        uses: codebeltnet/codeql-scan@v1

      - name: Build
        uses: codebeltnet/dotnet-build@v1
        with:
          buildSwitches: -p:SkipSignAssembly=true
          uploadBuildArtifact: false

      - name: Finalize CodeQL SAST Analysis
        uses: codebeltnet/codeql-scan-finalize@v1

  deploy:
    name: πŸš€ Deploy v${{ needs.build.outputs.version }}
    runs-on: ubuntu-22.04
    needs: [build,pack,test,sonarcloud,codecov,codeql]
    environment: Production
    steps:
      - uses: codebeltnet/nuget-push@v1
        with:
          token: ${{ secrets.NUGET_TOKEN }}
          configuration: ${{ inputs.configuration == '' && 'Release' || inputs.configuration }}

Contributing to Finalyze with SonarCloud

Contributions are welcome! Feel free to submit issues, feature requests, or pull requests to help improve this action.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Other Actions

πŸ”– Analyze with Codecov
πŸ”– Analyze with CodeQL
πŸ”– Finalyze with CodeQL
πŸ”– Docker Compose
πŸ”– .NET Build
πŸ”– .NET Pack
πŸ”– .NET Restore
πŸ”– .NET Test
πŸ”– Install .NET SDK
πŸ”– Install .NET Tool - MinVer
πŸ”– Install .NET Tool - Report Generator
πŸ”– Install .NET Tool - Sonar Scanner
πŸ”– GCP Download File
πŸ”– Git Checkout
πŸ”– MinVer Calculate
πŸ”– NuGet Push
πŸ”– Shell Globbing
πŸ”– Analyze with SonarCloud
πŸ”– Finalyze with SonarCloud