C++ example project scanned on SonarQube Cloud using GitHub Actions

This project is analysed on SonarQube Cloud!

It is very easy to analyze a C, C++ and Objective-C project with SonarQube Cloud and GitHub Actions:

1. Create a sonar-project.properties file to store your configuration

2. In your .github/workflows/build.yml file:

   1. Download the Build Wrapper using the SonarSource/sonarqube-scan-action/install-build-wrapper action

   2. Wrap your compilation with the Build Wrapper

   3. Run the SonarQube scan using the SonarSource/sonarqube-scan-action action as final step

3. Ensure that your token is stored as a secret in your repository (SONARCLOUD_TOKEN in this example project). You can request new tokens using Account/Security page.

You can take a look at the sonar-project.properties and build.yml to see it in practice.

Documentation

• C/C++/Objective-C analysis overview

• Getting started with GitHub

• Analyze your repository with GitHub Actions

• Generating a compilation database

• Running the CFamily analysis

Warnings

The following warning may appear during invocation of /build-wrapper-macosx-x86. To best of our knowledge does not affect the result of the analysis:

dyld: warning: could not load inserted library '/Users/runner/.sonar/build-wrapper-macosx-x86/libinterceptor.dylib' into hardened process because no suitable image found.  Did find:
	/Users/runner/.sonar/build-wrapper-macosx-x86/libinterceptor.dylib: code signature in (/Users/runner/.sonar/build-wrapper-macosx-x86/libinterceptor.dylib) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.

For details please refer to following ticket and community thread.

macOS\XCodeBuild

A build of the code repository on a macOS using XCode build system.

To build the code run from the repository root directory:

xcodebuild

Code Description

An example of a flawed C++ code. The code repository can be analyzed automatically, but it can also be compiled with different build systems using different CI pipelines on Linux, macOS, and Windows.

The code repository is forked into other repositories in this collection to add a specific build system, platform, and CI. The downstream repositories are analyzed either with SonarQube Server or SonarQube Cloud.

You can find examples for:

• Linux

• macOS

• Windows

Using the following build systems:

• CMake

• GNU Autotools

• Xcode

• MSBuild

Running on the following CI services:

• Azure DevOps

• GitHub Actions

• Travis

• Jenkins

• GitLab CI

• BitBucket Pipelines

• Additionally, generic examples demonstrate integration with other CIs and manual-configuration examples should help you if you are running locally.

Configured for analysis on:

• SonarQube Server

• SonarQube Cloud

You can find also a few examples demonstrating:

• The use of Compilation Database (compile_commands.json)

• Test coverage

See examples-structure.adoc for a description of the structure of this GitHub organization and the relations between its different repositories.