SonarQube provides Github plugin using which it can publish inline comments in the git pull request for issues found in the modified/new codes of the pull request. So you do not have to manually review Github pull request and add comments, SonarQube will do it for you. Below are the steps to set up the Github plugin in SonarQube.
To install the Github Plugin, follow below process:
- Login to your SonarQube as Administrator,
- Go to tab Administrator -> System -> Update Center -> Available,
- Search GitHub in the search box which will then list the plugin by searching the SonarQube plugin repository.
- On the right side of the plugin list, click the Install button to install it.
- Once installed, restart your SonarQube. You can confirm installation by going to the ‘Installed’ tab from step 2 above and check if Github is displaying as installed without any issue.
Below is the screen attached for reference:
2. Generate Github OAuth access token:
Generate your Github OAuth access token to be used in SonarQube Github plugin configuration so that SonarQube can access your Github repository and specified pull request to analyze code and publish the comments for issues found.
To Generate Github access token, follow below process:
- Login to your Github account.
- Go to the account settings page.
- On the left side of the page in the ‘Personal settings’ list, click ‘Personal access tokens’ option which will show its page on the right side.
- Click the ‘Generate new token’ button on the top right of the ‘Personal access tokens’ page.
- Give any suitable name for ‘Token description’ like SonarQube and then check the repo box to allow access to your repositories.
NOTE: If you do not want to allow private repository access and just using the public repository for SonarQube analysis then just select ‘public_repo’ checkbox.
- Click the ‘Generate token’ button at the bottom of the page and which will generate a token. save this token so as to use in SonarQUbe Github plugin configuration.
So the only process left is to add configuration code your ‘sonar-project.properties’ file which you are using for SonarQube analysis in your codebase/project.
Follow below step to add configuration:
- Open your sonar-project.properties file which you have inside your codebase/project using which you run sonar-runner to analyze code.
- Add below configuration code at the end of the file. (see inline hashed comments to know what value to give for each property)
# This is to allow sonar to access your GitHub repository. Personal access token you generated above in Github.
sonar.github.oauth= <your oauthid generated in Github>
# Give repository identification in the format of <organisation/repo> like SonarSource/SonarQube
# Pull request number of git pull request so that sonar will analysis and pull comment for that pull request.
sonar.github.pullRequest= <Pull request number>
- Pull request number you can get from pull request list or url like for “https://github.com/SonarSource/sonar-jira/pull/10” pull request number is 10.
This value you have to give/change every time before running sonar-runner so that SonarWub
- <organisation/repo> value you can get from “Repositories you contribute to” section appears on the right side of your home page at https://github.com
That’s it. Now git checkout to the branch of the pull request for which you want to do analyze and run sonar-runner.
Once the analysis is done by Sonar runner then it will post comments to the Github pull request for the modified/new codes for issues if there is any. You can open your git pull request on the browser and see inline comments for related codes having issues.