Skip to content

sonar #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lithium147 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

sonar #13

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions .github/workflows/maven.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ on:

jobs:
build:

runs-on: ubuntu-latest

steps:
Expand All @@ -29,7 +28,11 @@ jobs:
cache: maven
- name: Build with Maven
run: mvn -B install

- name: Official SonarQube Scan
# You may pin to the exact commit or the version.
# uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9
uses: SonarSource/sonarqube-scan-action@v7.0.0
Comment on lines +31 to +34
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 SonarQube scan step missing required SONAR_HOST_URL and SONAR_TOKEN configuration

The SonarSource/sonarqube-scan-action@v7.0.0 requires SONAR_HOST_URL and SONAR_TOKEN to be set as environment variables (typically from GitHub secrets). Neither is configured in this step via env: block. There is also no sonar-project.properties file in the repository to provide the host URL. Without these, the action will fail at runtime, and since continue-on-error is not set, this will cause the entire CI build to fail on every push/PR to main.

Prompt for agents 
In .github/workflows/maven.yml, the SonarQube scan step (lines 31-34) needs required configuration. At minimum:

1. Add an `env:` block to the step with SONAR_HOST_URL and SONAR_TOKEN from GitHub secrets:
    - name: Official SonarQube Scan
      uses: SonarSource/sonarqube-scan-action@v7.0.0
      env:
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

2. Create a sonar-project.properties file in the repository root with at least:
   sonar.projectKey=<your-project-key>

3. Alternatively, pass the project key via the `args` input of the action.

4. Make sure the corresponding secrets (SONAR_HOST_URL and SONAR_TOKEN) are configured in the GitHub repository settings.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.


# Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
# - name: Update dependency graph
# uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
Loading