Update mobb-sonar.yaml #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Mobb/SonarQube Fixer on pull requests. | |
| # | |
| # This workflow defines the needed steps to run SonarQube on every pull request | |
| # and pass the results to Mobb Fixer. | |
| # | |
| # Secrets in use (add your missing ones): | |
| # | |
| # SONARQUBE_HOST_URL - your SonarQube server host. https://sonarcloud.io for cloud version. | |
| # SONARQUBE_PROJECT - your SonarQube project name. | |
| # SONARQUBE_ORG - your SonarQube organization name. | |
| # SONARQUBE_TOKEN - your SonarQube access token. | |
| # MOBB_API_TOKEN - your Mobb user API token. | |
| # GITHUB_TOKEN - automatically set by GitHub. | |
| # | |
| name: "Mobb/Sonar" | |
| on: | |
| pull_request: | |
| branches: [ "*" ] | |
| jobs: | |
| scan-and-fix: | |
| name: Scan with SonarQube and fix with Mobb | |
| runs-on: 'ubuntu-latest' | |
| timeout-minutes: 360 | |
| permissions: | |
| pull-requests: write | |
| statuses: write | |
| contents: read | |
| actions: read | |
| env: | |
| BRANCH: ${{ github.head_ref || github.ref_name }} | |
| steps: | |
| - name: Setup Java on this machine | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: "oracle" | |
| java-version: "19" | |
| - name: Setup Maven on this machine | |
| uses: stCarolas/setup-maven@v4.5 | |
| with: | |
| maven-version: 3.8.6 | |
| - name: Setup Node on this machine | |
| uses: actions/setup-node@v3.6.0 | |
| with: | |
| node-version: 18 | |
| - name: Install pip requests | |
| run: pip install requests | |
| - name: Checkout repo to get code | |
| uses: actions/checkout@v3 | |
| - name: Run SonarQube SAST scan | |
| run: | | |
| mvn clean verify sonar:sonar \ | |
| -Dsonar.host.url=${{ secrets.SONARQUBE_HOST_URL }} \ | |
| -Dsonar.projectKey=${{ secrets.SONARQUBE_PROJECT }} \ | |
| -Dsonar.token=${{ secrets.SONARQUBE_TOKEN }} \ | |
| -Dsonar.organization=${{ secrets.SONARQUBE_ORG }} \ | |
| -Dsonar.branch.name="$BRANCH" \ | |
| -Dsonar.qualitygate.wait=true \ | |
| -Dsonar.java.skipUnchanged=false | |
| - name: Export SonarQube report | |
| if: always() | |
| run: | | |
| SONARQUBE_HOST_URL=${{ secrets.SONARQUBE_HOST_URL }} \ | |
| SONARQUBE_PROJECT=${{ secrets.SONARQUBE_PROJECT }} \ | |
| SONARQUBE_TOKEN=${{ secrets.SONARQUBE_TOKEN }} \ | |
| SONARQUBE_ORG=${{ secrets.SONARQUBE_ORG }} \ | |
| BRANCH="$BRANCH" \ | |
| REPORT_PATH=report.json \ | |
| python .github/scripts/sonarqube_download_report.py | |
| - name: Run Mobb on the findings and get fixes | |
| if: always() | |
| uses: mobb-dev/action/review@v1.1 | |
| with: | |
| report-file: "report.json" | |
| api-key: ${{ secrets.MOBB_API_TOKEN }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| scanner: sonarqube |