1) Installing Sonarqube on Kubernetes
To install the chart:
helm repo add sonarqube https://SonarSource.github.io/helm-chart-sonarqube helm repo update kubectl create namespace sonarqube helm upgrade --install -n sonarqube sonarqube sonarqube/sonarqube
Helm values:
Nếu bạn cần tạo ingress cho Sonarqube.
ingress:
enabled: true
ingressClassName: nginx
hosts:
- name: sonarqube.nimtechnology.com
2) Integrate GitHub Action with Sonarqube.
2.1) Create a Token on Sonarqube
2.2) Create a project on Sonarqube.
2.3) Set up GitHub Action.
Nếu bạn chưa quen với github action thì có thể tham khảo:
https://nimtechnology.com/2022/12/21/github-action-lets-use-github-action-to-build-and-push-the-docker-image-to-the-docker-hub/
tiếp đến tạo folder và yaml cho github action.
https://github.com/SonarSource/sonar-scanner-cli/blob/master/.github/workflows/release.yml
name: Main Workflow
on:
push:
branches:
- "master"
jobs:
sonarqube:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
Giờ bạn sẽ tạo file sonar-project.properties
https://github.com/mrnim94/taurus/blob/master/sonar-project.properties
Bạn sẽ cần để info project trên sonarqube để match repo với project nào trên sonarqube.
sonar.projectKey=taurusBạn có thể thấy github action run
https://github.com/mrnim94/taurus/actions
How to ignored the Sonar Recomadation.
Cách chung thì bạn sẽ dụng command //NOSONAR với code.
nhưng với Dockerfile hay yaml thì bạn không sài command được.
