github-actions

Dotnet SonarCloud Scan

A reusable GitHub Action for running SonarCloud analysis on .NET applications by wrapping a build with SonarScanner.


Purpose

This action provides a consistent way to integrate SonarCloud analysis into .NET pipelines without duplicating configuration.

It:


Inputs

Usage

Add the action as a step in your workflow:

- name: SonarCloud scan
  uses: DFE-Digital/github-actions/sonarscan-dotnet@main
  with:
    sonarcloud-project-key: your_project_key
    sonarcloud-token: $

Example: with coverage

- name: Download merged coverage
  uses: actions/download-artifact@v4
  with:
    name: coverage
    path: coverage-reports

- name: SonarCloud scan
  uses: DFE-Digital/github-actions/sonarscan-dotnet@main
  with:
    sonarcloud-project-key: your_project_key
    sonarcloud-token: $
    coverage-report-path: coverage-reports/SonarQube.xml

Example: using global.json

- name: SonarCloud scan
  uses: DFE-Digital/github-actions/sonarscan-dotnet@main
  with:
    sonarcloud-project-key: your_project_key
    sonarcloud-token: $
    use-global-json: true

If use-global-json is true, a global.json file must exist in the repository.


Example: custom build command

with:
  build-command: dotnet build YourSolution.sln --no-restore --no-incremental

Dependabot and SONAR_TOKEN

SonarCloud analysis requires a valid SONAR_TOKEN to publish results.

Dependabot pull requests do not have access to repository secrets by default. This means:

Control execution in the calling workflow to avoid running the scan when secrets are not available:

```yaml