workflow file added for sonarqube

Author: Suraj-Varade

.github/workflows/main.yml

@@ -1,4 +1,4 @@
-name: CareerPath Workflow - (with SonarQube)
+name: CareerPath Workflow - (SonarCloud)
 
 on:
   push:
@@ -21,61 +21,35 @@ jobs:
   build:
     runs-on: ubuntu-latest
 
-    services:
-      sonarqube:
-        image: sonarqube:lts
-        ports:
-          - 9000:9000
-        env:
-          SONAR_ES_BOOTSTRAP_CHECKS_DISABLE: "true"
-        options: >-
-          --health-cmd="exit 0"
-          -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true
-          -e ES_JAVA_OPTS="-Xms512m -Xmx512m"
-        
     steps:
-
+      # Checkout
       - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0  # SonarCloud needs full history
 
+      # Install .NET
       - name: Setup .NET
         uses: actions/setup-dotnet@v4
         with:
           dotnet-version: ${{ env.DOTNET_VERSION }}
 
-      - name: Wait for SonarQube to start
-        run: |
-          for i in {1..30}; do
-            if curl -s http://localhost:9000 >/dev/null; then
-              echo "SonarQube is up !!!"; break;
-            fi
-            echo "Waiting for SonarQube...."; sleep 10
-          done
-
-      - name: Install SonarScanner
-        uses: sonarsource/sonarqube-scan-action@v2
-
-      - name: Begin Sonar Analysis
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: |
-          dotnet sonarscanner begin \
-            /k:"CareerPathApp" \
-            /d:sonar.host.url="http://sonarqube:9000" \
-            /d:sonar.login="${{ secrets.SONAR_TOKEN }}" \
-            /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml"
-
-      - name: Restore dependencies
+      # Restore
+      - name: Restore
         run: dotnet restore ./CareerPath.sln
 
+      # Build
       - name: Build
-        run: dotnet build ./API/API.csproj --configuration Release
+        run: dotnet build ./API/API.csproj --configuration Release --no-restore
 
-      - name: Test (Generate Coverage)
+      # Test + Code Coverage
+      - name: Test
         run: dotnet test ./API.Tests/API.Tests.csproj \
           --collect:"XPlat Code Coverage" \
-          --results-directory "./TestResults"
+          --results-directory "./TestResults" \
+          --no-build
 
-      - name: Convert Coverage to OpenCover
+      # Convert Cobertura → OpenCover
+      - name: Convert Coverage
         run: |
           report=$(find ./TestResults -name "coverage.cobertura.xml" | head -n 1)
           echo "Found report: $report"
@@ -85,26 +59,22 @@ jobs:
             -targetdir:coveragereport \
             -reporttypes:opencover
 
-      - name: End Sonar Analysis
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: |
-          dotnet sonarscanner end \
-            /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
-
+      # Cleanup publish
       - name: Clean API publish output
         run: rm -rf ${{ env.BUILD_OUTPUT }}
 
-      - name: Publish
+      # Publish App
+      - name: Publish Project
         run: dotnet publish ./API/API.csproj -c Release -o ${{ env.BUILD_OUTPUT }} --no-build
 
-      - name: Upload artifact
+      # Upload artifacts
+      - name: Upload Build Artifact
         uses: actions/upload-artifact@v4
         with:
           name: dotnet-app
           path: ${{ env.BUILD_OUTPUT }}
 
-      - name: Upload Coverage Report (optional)
+      - name: Upload Coverage Report
         uses: actions/upload-artifact@v4
         with:
           name: code-coverage

.github/workflows/sonarqube-build.yml

@@ -0,0 +1,47 @@
+name: SonarQube
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  build:
+    name: Build and analyze
+    runs-on: windows-latest
+    steps:
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: 'zulu' # Alternative distribution options are available.
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Cache SonarQube Cloud packages
+        uses: actions/cache@v4
+        with:
+          path: ~\sonar\cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache SonarQube Cloud scanner
+        id: cache-sonar-scanner
+        uses: actions/cache@v4
+        with:
+          path: ${{ runner.temp }}\scanner
+          key: ${{ runner.os }}-sonar-scanner
+          restore-keys: ${{ runner.os }}-sonar-scanner
+      - name: Install SonarQube Cloud scanner
+        if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
+        shell: powershell
+        run: |
+          New-Item -Path ${{ runner.temp }}\scanner -ItemType Directory
+          dotnet tool update dotnet-sonarscanner --tool-path ${{ runner.temp }}\scanner
+      - name: Build and analyze
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        shell: powershell
+        run: |
+          ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"Suraj-Varade_CareerPath-Clean-Architecture-.NET-9" /o:"suraj-varade" /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
+          dotnet build
+          ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"