SQL Server - JavaScript Files Analysis
This document explains how to use GitHub workflows to automate SonarQube scans against JavaScript source code files which are hosted in SQL Server databases in order to ensure code quality and compliance with best practices.
For this purpose, FintechOS provides the sonarqube-scan-files-sqlserver GitHub composite action which you can integrate in your CI/CD workflows. The action retrieves the JavaScript files from the SQL Server database and performs a SonarQube analysis against these files. It also sends a summary report to a designated email address.
Use
Copy
- name: SonarQube JavaScript Scan
uses: fintechos-com/sonarqube-scan-files-sqlserver@0.0.39
with:
SONARQUBE_SVC: ${{ secrets.SONARQUBE_SVC }}
SONARQUBE_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
TEAM: ${{ env.TEAM_PROJECT }}
EMAIL_TO: ${{ env.EMAIL_TO }}
DATABASE_CONNECTION_STRING: ${{ secrets[env.DATABASE_SECRET] }}
CUSTOMIZATION_SET: ""
AZURE_ARTIFACT_URI: "https://pkgs.dev.azure.com/FintechOS-ManagedServices/ftos-cloud-operations/_packaging/test-ftos-nugets-automation/nuget/v3/index.json"
AZURE_ARTIFACT_PAT: "${{secrets.AZURE_PAT}}"
TOOL_VERSION_GET_FILES: "1.0.11"
DATABASE_RUN_STORED_PROCEDURE_GET_FILES: true
EMAIL_SERVER: ${{secrets.EMAIL_SERVER}}
EMAIL_PORT: ${{secrets.EMAIL_PORT}}
EMAIL_USER: ${{secrets.EMAIL_USER}}
EMAIL_PASSWORD: ${{secrets.EMAIL_PASSWORD}}
EMAIL_REPORT_ATTACHED: trueAction Inputs
| Action Input | Description | Default | Mandatory |
|---|---|---|---|
| SONARQUBE_SVC | SonarQube URI | yes | |
| SONARQUBE_TOKEN | SonarQube token | yes | |
| APPLICATION | Application name | yes | |
| SONARQUBE_PROFILE | SonarQube quality profile | DigitalSolutions-JavaScript-Sonar-way-Copy | no |
| TEAM | FintechOS team | yes | |
| AZURE_ARTIFACT_PAT | Azure Artifact Personal Access Token (PAT) - used to download dotnet get-files tool | yes | |
| AZURE_ARTIFACT_URI | Azure Artifact URI - used to download dotnet get-files tool | yes | |
| TOOL_VERSION_GET_FILES | .NET tool version to get files from the database | 1.0.14 | no |
| TOOL_SDK_VERSION | .NET tool SDK version | 6.0.402 | no |
| CUSTOMIZATION_SET | Digital customization set | no | |
| IS_SYSTEM | Filter scripts by system type | false | no |
| UPLOAD_JSFILES | Publish JavaScript files as GitHub artifacts | false | no |
| DATABASE_CONNECTION_STRING | Database connection string | yes | |
| DATABASE_RUN_STORED_PROCEDURE_GET_FILES | Run stored procedure to get the file | false | no |
| DATABASE_STORED_PROCEDURE_COMMAND_TIMEOUT_SECONDS | Time in seconds to wait for the command to execute | 30 | no |
| LOCAL_FILE_MAX_NAME_LENGTH | Maximum file name length - avoid windows max path restrictions | 160 | no |
| EMAIL_TO | Send report email to this address | yes | |
| EMAIL_SERVER | Email server | yes | |
| EMAIL_PORT | Email port | yes | |
| EMAIL_USER | Email user | yes | |
| EMAIL_PASSWORD | Email password | yes | |
| EMAIL_REPORT_ATTACHED |
|
yes |