Merge pull request #507 from usdot-jpo-ode/fix_sonar

Fix Sonar Project_Key
usdot-jpo-ode · Jun 27, 2023 · c109566 · c109566
2 parents 2e64568 + c1b3b3f
commit c109566
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -27,4 +27,4 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: |
           ls -la && pwd
-          mvn -e -X clean org.jacoco:jacoco-maven-plugin:prepare-agent package sonar:sonar -Dsonar.projectKey=usdot-jpo-ode_jpo-ode -Dsonar.projectName=jpo-ode -Dsonar.organization=usdot-jpo-ode-1 -Dsonar.host.url=https://sonarcloud.io -Dsonar.branch.name=$GITHUB_REF_NAM
+          mvn -e -X clean org.jacoco:jacoco-maven-plugin:prepare-agent package sonar:sonar -Dsonar.projectKey=usdot-jpo-ode-1_jpo-ode -Dsonar.projectName=jpo-ode -Dsonar.organization=usdot-jpo-ode-1 -Dsonar.host.url=https://sonarcloud.io -Dsonar.branch.name=$GITHUB_REF_NAME
diff --git a/README.md b/README.md
@@ -40,6 +40,7 @@ All stakeholders are invited to provide input to these documents. To provide fee
 10. [Credits and Acknowledgement](#credits-and-acknowledgement)
 11. [Code.gov Registration Info](#codegov-registration-info)
 12. [Kubernetes](#kubernetes)
+13. Sonar Token Configuration([#Sonar cloud](https://sonarqube.ow2.org/documentation/user-guide/user-token/))
 
 <!--
 #########################################
@@ -571,3 +572,34 @@ The ODE can be run in a k8s environment.
 See [this document](./docs/Kubernetes.md) for more details about this.
 
 [Back to top](#toc)
+
+## 13. Sonar Token Configuration
+Generating and Using Tokens
+Users can generate tokens that can be used to run analyses or invoke web services without access to the user's actual credentials.
+
+USDOT-JPO-ODE SonarCloud Organization : https://sonarcloud.io/organizations/usdot-jpo-ode-1/
+
+## Generating a token
+You can generate new tokens at User > My Account > Security.
+The form at the bottom of the page allows you to generate new tokens. Once you click the Generate button, you will see the token value. Copy it immediately; once you dismiss the notification you will not be able to retrieve it.
+
+## Using a token
+SonarScanners running in GitHub Actions can automatically detect branches and pull requests being built so you don't need to specifically pass them as parameters to the scanner.
+
+**<ins>To analyze your projects with GitHub Actions, you need to: </ins>**
+
+**<ins> Creating your GitHub secrets </ins>**
+You can create repository secrets from your GitHub repository as below:
+
+Sonar Token: Generate a SonarQube token and, in GitHub, create a new repository secret in GitHub with SONAR_TOKEN as the Name and the token you generated as the Value.
+Sonar Host URL: In GitHub, create a new repository secret with SONAR_HOST_URL as the Name and your SonarQube server URL as the Value.
+
+Configure your workflow YAML file as below:
+
+	1. Add GitHub Secrets in ci.yml workflow as SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }
+ 	2. Update the sonar properties in Sonar scan step (- name: Run Sonar) with new sonar project properties.
+
+Commit and push your code to start the analysis.
+
+## Revoking a token
+You can revoke an existing token at User > My Account > Security by clicking the Revoke button next to the token.