Integrating Gitea with Sonarqube for Enhanced Code Quality: A Step-by-Step Guide
Sonarqube is a static code analysis tool with a B/S architecture that helps identify code defects, quickly locate potential or obvious errors in code, improve code quality, and enhance development speed. It supports code quality management and detection for over twenty programming languages, including Java, C, C++, JavaScript, etc., through plugin integration.
This blog post will guide you on how to integrate Gitea with Sonarqube using Gitea Actions.
Prerequisites
Firstly, ensure that you have installed Gitea version 1.19 or above, have enabled Actions support, and have at least one available runner. For information on installing Gitea, refer to the official documentation Install Gitea.
Secondly, you need to have a successfully installed Sonarqube. If Sonarqube is not installed yet, you can follow the quick installation method outlined below.
Sonarqube Docker Compose Installation
Make sure Docker and Docker Compose are installed. Then, create a folder and a file named compose.yml with the following content.
version: "3"
services:
sonarqube:
image: sonarqube:community
depends_on:
- db
environment:
SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
volumes:
- sonarqube_data:/opt/sonarqube/data
- sonarqube_extensions:/opt/sonarqube/extensions
- sonarqube_logs:/opt/sonarqube/logs
ports:
- "9000:9000"
db:
image: postgres:12
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
volumes:
- postgresql:/var/lib/postgresql
- postgresql_data:/var/lib/postgresql/data
volumes:
sonarqube_data:
sonarqube_extensions:
sonarqube_logs:
postgresql:
postgresql_data:
Run the following command in the terminal:
docker-compose up
Wait for the log output to stop, then open http://localhost:9000 in your browser. If Sonarqube is displayed, it indicates success. The default login credentials are both admin, and you will be prompted to change the password after logging in.
Create Workflows in Gitea
If you are not familiar with Gitea Actions, you can refer to Hacking on Gitea Actions.
If you are already familiar with Gitea Actions, proceed to create a workflow in your repository as follows:
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened]
name: SonarQube Scan
jobs:
sonarqube:
name: SonarQube Trigger
runs-on: ubuntu-latest
steps:
- name: Checking out
uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarQube Scan
uses: kitabisa/sonarqube-action@v1.2.0
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
Here, you need to set two secrets: SONARQUBE_HOST and SONARQUBE_TOKEN. SONARQUBE_HOST is the URL address of Sonarqube, similar to http://your_ip:9000. Note that you should use the local machine's IP address instead of localhost or 127.0.0.1, as CI runs in a Docker container, and using localhost or 127.0.0.1 will access the container's operating system.
SONARQUBE_TOKEN should be created in Sonarqube by logging in and generating a token in the personal settings.
After configuring these two secrets, push the code to the main branch, and you can see the Gitea Actions interface as shown below:
Once Gitea Actions runs successfully, you can view the analysis results in the Sonarqube console.
