diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..090a1f0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.idea
+.DS_Store
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..ecb1ee3
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,20 @@
+FROM sonarsource/sonar-scanner-cli:4.6
+
+LABEL version="1.0.0" \
+ repository="https://github.com/sonarsource/sonarqube-scan-action" \
+ homepage="https://github.com/sonarsource/sonarqube-scan-action" \
+ maintainer="SonarSource" \
+ com.github.actions.name="SonarQube Scan" \
+ com.github.actions.description="Scan your code with SonarQube to detect Bugs, Vulnerabilities and Code Smells in more than 27 programming languages!" \
+ com.github.actions.icon="check" \
+ com.github.actions.color="green"
+
+# Set up local envs in order to allow for special chars (non-asci) in filenames.
+ENV LC_ALL="C.UTF-8"
+
+# https://help.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user
+USER root
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000..65c5ca8
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,165 @@
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+ This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+ 0. Additional Definitions.
+
+ As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+ "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+ An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+ A "Combined Work" is a work produced by combining or linking an
+Application with the Library. The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+ The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+ The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+ 1. Exception to Section 3 of the GNU GPL.
+
+ You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+ 2. Conveying Modified Versions.
+
+ If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+ a) under this License, provided that you make a good faith effort to
+ ensure that, in the event an Application does not supply the
+ function or data, the facility still operates, and performs
+ whatever part of its purpose remains meaningful, or
+
+ b) under the GNU GPL, with none of the additional permissions of
+ this License applicable to that copy.
+
+ 3. Object Code Incorporating Material from Library Header Files.
+
+ The object code form of an Application may incorporate material from
+a header file that is part of the Library. You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+ a) Give prominent notice with each copy of the object code that the
+ Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the object code with a copy of the GNU GPL and this license
+ document.
+
+ 4. Combined Works.
+
+ You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+ a) Give prominent notice with each copy of the Combined Work that
+ the Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the Combined Work with a copy of the GNU GPL and this license
+ document.
+
+ c) For a Combined Work that displays copyright notices during
+ execution, include the copyright notice for the Library among
+ these notices, as well as a reference directing the user to the
+ copies of the GNU GPL and this license document.
+
+ d) Do one of the following:
+
+ 0) Convey the Minimal Corresponding Source under the terms of this
+ License, and the Corresponding Application Code in a form
+ suitable for, and under terms that permit, the user to
+ recombine or relink the Application with a modified version of
+ the Linked Version to produce a modified Combined Work, in the
+ manner specified by section 6 of the GNU GPL for conveying
+ Corresponding Source.
+
+ 1) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (a) uses at run time
+ a copy of the Library already present on the user's computer
+ system, and (b) will operate properly with a modified version
+ of the Library that is interface-compatible with the Linked
+ Version.
+
+ e) Provide Installation Information, but only if you would otherwise
+ be required to provide such information under section 6 of the
+ GNU GPL, and only to the extent that such information is
+ necessary to install and execute a modified version of the
+ Combined Work produced by recombining or relinking the
+ Application with a modified version of the Linked Version. (If
+ you use option 4d0, the Installation Information must accompany
+ the Minimal Corresponding Source and Corresponding Application
+ Code. If you use option 4d1, you must provide the Installation
+ Information in the manner specified by section 6 of the GNU GPL
+ for conveying Corresponding Source.)
+
+ 5. Combined Libraries.
+
+ You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+ a) Accompany the combined library with a copy of the same work based
+ on the Library, uncombined with any other library facilities,
+ conveyed under the terms of this License.
+
+ b) Give prominent notice with the combined library that part of it
+ is a work based on the Library, and explaining where to find the
+ accompanying uncombined form of the same work.
+
+ 6. Revised Versions of the GNU Lesser General Public License.
+
+ The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+ If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.
diff --git a/README.md b/README.md
index 5816fe0..1329dba 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,102 @@
-# sonarqube-scan-action
+# Scan your code with SonarQube
+
+Using this GitHub Action, scan your code with [SonarQube](https://www.sonarqube.org/) to detects Bugs, Vulnerabilities and Code Smells in more than 27 programming languages!
+
+
+
+SonarQube is the leading product for Continuous Code Quality & Code Security. It supports most popular programming languages, including Java, JavaScript, TypeScript, C#, Python, C, C++, and many more.
+
+## Requirements
+
+The repository to analyze is set up on SonarQube.
+
+## Usage
+
+Project metadata, including the location to the sources to be analyzed, must be declared in the file `sonar-project.properties` in the base directory:
+
+```properties
+sonar.projectKey=
+
+# relative paths to source directories. More details and properties are described
+# in https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/
+sonar.sources=.
+```
+
+The workflow, usually declared in `.github/workflows/build.yml`, looks like:
+
+```yaml
+on:
+ # Trigger analysis when pushing in master or pull requests, and when creating
+ # a pull request.
+ push:
+ branches:
+ - master
+ pull_request:
+ types: [opened, synchronize, reopened]
+name: Main Workflow
+jobs:
+ sonarqube:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ with:
+ # Disabling shallow clone is recommended for improving relevancy of reporting
+ fetch-depth: 0
+ - name: SonarQube Scan
+ uses: sonarsource/sonarqube-scan-action@master
+ env:
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+```
+
+You can change the analysis base directory by using the optional input `projectBaseDir` like this:
+
+```yaml
+uses: sonarsource/sonarqube-scan-action@master
+with:
+ projectBaseDir: app/src
+```
+
+In case you need to add additional analysis parameters, you can use the `args` option:
+
+```yaml
+- name: Analyze with SonarQube
+ uses: sonarsource/sonarqube-scan-action@master
+ with:
+ projectBaseDir: app/src
+ args: >
+ -Dsonar.projectKey=my-projectkey
+ -Dsonar.python.coverage.reportPaths=coverage.xml
+ -Dsonar.sources=lib/
+ -Dsonar.test.exclusions=tests/**
+ -Dsonar.tests=tests/
+ -Dsonar.verbose=true
+```
+
+More information about possible analysis parameters can be found in [the documentation](https://docs.sonarqube.org/latest/analysis/analysis-parameters/).
+
+### Environment variables
+
+- `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarQube. You can read more about security tokens [here](https://docs.sonarqube.org/latest/user-guide/user-token/). You should set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository.
+- `SONAR_HOST_URL` – **Required** this tells the scanner where SonarQube is hosted. You can set the `SONAR_HOST_URL` environment variable in the "Secrets" settings page of your repository.
+
+## Example of pull request analysis
+
+
+
+## Do not use this GitHub action if you are in the following situations
+
+* Your code is built with Maven. Read the documentation about our [Scanner for Maven](https://redirect.sonarsource.com/doc/install-configure-scanner-maven.html).
+* Your code is built with Gradle. Read the documentation about our [Scanner for Gradle](https://redirect.sonarsource.com/doc/gradle.html).
+* You want to analyze a .NET solution. Read the documentation about our [Scanner for .NET](https://redirect.sonarsource.com/doc/install-configure-scanner-msbuild.html).
+* You want to analyze C/C++ code. Read the documentation on [analyzing C/C++ code](https://docs.sonarqube.org/latest/analysis/languages/cfamily/).
+
+## Have question or feedback?
+
+To provide feedback (requesting a feature or reporting a bug) please post on the [SonarSource Community Forum](https://community.sonarsource.com/tags/c/help/sq/github-actions).
+
+## License
+
+The Dockerfile and associated scripts and documentation in this project are released under the LGPLv3 License.
+
+Container images built with this project include third party materials.
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..f1ee80f
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,17 @@
+name: SonarQube Scan
+description: >
+ Scan your code with SonarQube to detect Bugs, Vulnerabilities and Code Smells in more than 27 programming languages!
+branding:
+ icon: check
+ color: green
+runs:
+ using: docker
+ image: Dockerfile
+inputs:
+ args:
+ description: Additional arguments to the sonar-scanner
+ required: false
+ projectBaseDir:
+ description: Set the sonar.projectBaseDir analysis property
+ required: false
+ default: .
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..29cda00
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -e
+
+if [[ -z "${SONAR_TOKEN}" ]]; then
+ echo "This GitHub Action requires the SONAR_TOKEN env variable."
+ exit 1
+fi
+
+if [[ -z "${SONAR_HOST_URL}" ]]; then
+ echo "This GitHub Action requires the SONAR_HOST_URL env variable."
+ exit 1
+fi
+
+if [[ -f "${INPUT_PROJECTBASEDIR%/}pom.xml" ]]; then
+ echo "Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
+ exit 1
+fi
+
+if [[ -f "${INPUT_PROJECTBASEDIR%/}build.gradle" ]]; then
+ echo "Gradle project detected. You should use the SonarQube plugin for Gradle during build rather than using this GitHub Action."
+ exit 1
+fi
+
+unset JAVA_HOME
+
+sonar-scanner -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS}
diff --git a/images/SonarQube-72px.png b/images/SonarQube-72px.png
new file mode 100644
index 0000000..ab7712b
Binary files /dev/null and b/images/SonarQube-72px.png differ
diff --git a/images/SonarQube-analysis-in-Checks.png b/images/SonarQube-analysis-in-Checks.png
new file mode 100644
index 0000000..b566d6e
Binary files /dev/null and b/images/SonarQube-analysis-in-Checks.png differ