oracle-devrel · xs2suruchi · Mar 12, 2026 · Mar 9, 2026 · Mar 9, 2026 · Mar 9, 2026
diff --git a/.github/workflows/sonarcloud.yml → .github/workflows/sonarcloud.yml.old b/.github/workflows/sonarcloud.yml → .github/workflows/sonarcloud.yml.old
diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml
@@ -0,0 +1,37 @@
+name: SonarQube Scan
+on:
+  push:
+    branches: [ "develop", "main" ]
+  pull_request:
+    branches: [ "develop", "main" ]
+  workflow_dispatch:
+
+permissions:
+  pull-requests: read # allows SonarQube to decorate PRs with analysis results
+
+jobs:
+  Analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}   # add the URL of your instance to the secrets of this repo with the name SONAR_HOST_URL (Settings > Secrets > Actions > add new repository secret)
+
+      - name: Install Sonar Scanner
+        run: |
+          wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-8.0.1.6346.zip
+          unzip sonar-scanner-cli-*.zip
+          echo "$PWD/sonar-scanner-*/bin" >> $GITHUB_PATH
+
+      - name: Run SonarQube Scan
+        run: |
+          $PWD/sonar-scanner-8.0.1.6346/bin/sonar-scanner \
+            -Dsonar.projectKey=cd3-automation-toolkit \
+            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
+            -Dsonar.token=${{ secrets.SONAR_TOKEN }}