Analyze Submodules in SonarCloud?

franz-ms-muc · November 29, 2021, 3:08pm

I have a Repo:

the Analysis is working:
https://sonarcloud.io/project/overview?id=Meisterschulen-am-Ostbahnhof-Munchen_TimeDelay

it references a Submodule:

how can i let SonarCloud analyze the Submodule also ?

https://sonarcloud.io/project/configuration?id=Meisterschulen-am-Ostbahnhof-Munchen_PlcLib

seems not to work out of the Box ?

Thanks,
Franz

Colin · December 1, 2021, 9:44am

Hey there.

Let me recommend appending -X to the sonar-scanner command – you should be able to find out if the flies in question are being seen by the scanner, and if they’re excluded – why.

franz-ms-muc · February 17, 2022, 9:02pm

like this:

github.com

Meisterschulen-am-Ostbahnhof-Munchen/TimeDelay/blob/main/.github/workflows/build.yml

name: C/C++ CI 

on:
  push:
    branches:
      - main
      - develop
      - release/*
      - feature/*

# A workflow run is made up of one or more jobs that can run sequentially or in parallel 
jobs:
  build_esp32:
    runs-on: ubuntu-latest
    env:
      SONAR_SCANNER_VERSION: 4.4.0.2170
      SONAR_SERVER_URL: "https://sonarcloud.io"
      BUILD_WRAPPER_OUT_DIR: $HOME/build_wrapper_output_directory # Directory where build-wrapper output will be placed
    steps:
    - uses: actions/cache@master

This file has been truncated. show original

franz-ms-muc · February 17, 2022, 9:24pm

this run should show it now …

franz-ms-muc · February 17, 2022, 9:25pm

does this something ?

Shallow clone detected, no blame information will be provided. You can convert to non-shallow with ‘git fetch --unshallow’.

and

Missing blame information for the following files: …

franz-ms-muc · February 17, 2022, 9:32pm

      fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis

does this help ? it is in your Sample !

franz-ms-muc · February 17, 2022, 9:42pm

franz-ms-muc · February 17, 2022, 9:44pm

i dont see why the Submodule GitHub - Meisterschulen-am-Ostbahnhof-Munchen/PlcLib: PLC Lib with IEC 61131 alike functions. is not also analyzed ?

can anybody help me ?

Colin · February 24, 2022, 11:04am

Hey @franz-ms-muc

Looking at the logs, it seems files in the submodule are being ignored by scm ignore settings (exclusions meant to be inferred from files like a .gitignore file)

21:34:46.755 DEBUG: File '/home/runner/work/TimeDelay/TimeDelay/TestTimeDelay/components/PlcLib/TimeLib.h' is excluded by the scm ignore settings.

I’m not sure why that is – as at a glance your .gitignore file wouldn’t try and exclude these files.

You can set -Dsonar.scm.exclusions.disabled=true in your scanner command

sonar-scanner --define sonar.host.url=“${{ env.SONAR_SERVER_URL }}” --define sonar.cfamily.build-wrapper-output=“${{ env.BUILD_WRAPPER_OUT_DIR }}” --define sonar.scm.exclusions.disabled=true

I’ll ping internally to see if I can get some eyes on why this exclusion happens.

franz-ms-muc · February 25, 2022, 11:05am

Thanks for look into this.

I will test it now…

franz-ms-muc · February 27, 2022, 10:35am

Hi,

did test the Setting you recommended,
now it analyze more Files, but it ignores the gitignore of the Build folder.

so the “build” dir is now also analyzed.
i have now added the ignore to the top level gitignore.
maybe that helps.

franz-ms-muc · February 27, 2022, 10:35am

TimeDelay/TimeDelay/TestTimeDelay/components/PlcLib/TimeLib.h is analyzed now. that is good.

franz-ms-muc · February 27, 2022, 12:34pm

can i use

Source File Exclusions

Patterns used to exclude some source files from analysis.
Key: sonar.exclusions

how to do ?

**/build/

or

**/build/.

how to exclude all build folders ?

Colin · February 28, 2022, 8:54am

Hey there.

You can use Source File Exclusions to exclude the /build/ directory, with an exclusion such as **/build/**/*.