Analyze Maven projects with SonarCloud using GitHub Actions View article history Edit article

Published: , Updated:
Talks about: <a class="post-tag post-tag-github" href="/tags/github">github</a>, <a class="post-tag post-tag-github-actions" href="/tags/github-actions">github actions</a>, <a class="post-tag post-tag-maven" href="/tags/maven">maven</a>, and <a class="post-tag post-tag-sonarqube" href="/tags/sonarqube">sonarqube</a>

To analyze Maven projects with SonarCloud using GitHub Actions, first create the following settings.xml file:

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">

    <pluginGroups>
        <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
    </pluginGroups>

    <activeProfiles>
        <activeProfile>sonar</activeProfile>
    </activeProfiles>

    <profiles>
        <profile>
            <id>sonar</id>
            <properties>
                <sonar.host.url>https://sonarcloud.io</sonar.host.url>
                <sonar.organization>YOUR_ORG</sonar.organization>
                <sonar.projectKey>YOUR_PROJECT</sonar.projectKey>
                <sonar.login>${env.SONAR_TOKEN}</sonar.login>
            </properties>
        </profile>
    </profiles>
</settings>

Finally, add a step to your workflow:

- name: Verify Project
  run: mvn --settings $GITHUB_WORKSPACE/settings.xml verify sonar:sonar
  env:
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}