I’m trying to figure out best way to setup our product/products for analysis. For the product I’m evaluating SonarCloud for it’s in practice a monorepo, where the majority of files to analyse are C. This product is made up of many separate libraries and programs. All libraries are statically linked, and the programs are packaged into smaller pieces that can be installed separately (except one base package the contains the base of the system). Both the base package and other packages can, are often are, released separately. They do follow the same release branch, but due to maintenance will often be built and released separately.
It’s not clear to me yet, whether setting up a monorepo within SonarCloud is the recommended way. What would be the pros and cons of using a monorepo versus not using one?
Which DevOps platform are you using? I’m asking because if you use GitHub, you have the option to use Automatic Analysis which vastly simplifies the analysis of C/C++ code. Monorepos are not supported in this context.
My current plan is to integrate into our CI pipeline, because we need branch analysis for long-term branches. I have a proof-of-concept up and running using our build system together with Build Wrapper and SonarScanner CLI. That part is working fine.
Okay. In that case, I would recommend you to select a mono repo configuration if:
It’s important for you to have separate reporting for these separate libraries and programs
It’s easier to implement analysis at an individual project level, instead of orchestrating it for the entire repo (which will require a full build of all parts of the codebase for every analysis)
In our case, for now “aggregated” reporting is fine. Besides maintenance releases for specific programs we always do a full build, which makes full analysis easy to do and submit.
We’ll continue with a non-mono repo configuration for now, that may change in the future if our requirements change.