SonarCloud - ggordo12/AWS-Lambda GitHub Wiki

In order to maintain a quality source code, it is necessary to regularly examine our code, knowing how many potential bugs, vulnerabilities, code smells, and other factors such as the percentage of test coverage or duplicate code.

For this purpose, SonarCloud tool has been used in this project.

SonarCloud

To start using SonarCloud, we do not need any type of previous installation, we will only have to log into the website by selecting our remote repository. We can use SonarCloud free version only with public repositories.

It was decided to dispense with the automatic analysis option that Sonar offers, because in CI environment we define when analysis will be executed.

  • Properties file:
...  
sonar.organization=gabriel-acevedo
sonar.projectKey=Gabriel-Acevedo_tfm-aws
sonar.sources= ./src
...
  • Workflow file:
...  
name: Sonar Cloud Analysis

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

jobs:
  sonarcloud:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        fetch-depth: 0
    - name: SonarCloud Scan
      uses: sonarsource/sonarcloud-github-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.SONAR_CLOUD_GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_TOKEN }}
...

Once synchronization is done, from the SonarCloud dashboard we can examine details of last analysis:

sonarAnalysisOverview