Great to see Dart support added to SonarCloud!
We use Melos to manage the packages of our app and unfortunately the dart analyzer by itself can’t make sense of the dependencies before melos bootstrap
has been executed, naturally this leads to a ton of issues reported in SonarCloud.
I can imagine the decision to skip Melos support for an early access release so I’d like to know if Melos support is already on your backlog for the full release before I start making feature requests
Hello,
Thanks for the feedback. I move your post into a dedicated thread; it should be easier.
We haven’t identified Melos as a package manager to support, so I can’t guarantee we will be able to support it for the full release. We will definitely have a look and evaluate what it costs to support it.
Thanks
Alex
Hello @meelisd,
Technically this shouldn’t be an issue and analyzer should be able to see the dependencies, if the melos bootstrap
was executed before.
However, I will need to look at your project to see why packages aren’t resolved. Maybe we need something else for Melos. Could you please share a link or reproducer?
Let me know if the project a private and you need a private conversation.
Best,
Margarita
The project I’m working on is private, what options do you have for a private conversation?
Oh, and the sonar scanner step is after the Melos bootstrapping, this is what happens in our github workflow job:
- checkout the code with fetch-depth 0
- install Java
- Fetch some secrets from an Azure keyvault
- Install Flutter with GitHub - subosito/flutter-action: Flutter environment for use in GitHub Actions. It works on Linux, Windows, and macOS.
- Install Melos with melos-action/action.yml at main · bluefireteam/melos-action · GitHub
- Bootstrap melos
- Generate some code with build_runner
- Check formatting with melos cli
- Analyze with melos cli
- Run all tests with coverage
- SonarCloud scan
- Build an app
- Build another app
- upload artifacts
SonarCloud then reports about 1.8K issues that resemble issues I get when running flutter analyze
after a melos clean
.
Code coverage of the dart code is working properly.
I’m using Sonar modules in my sonar-project.properties, one for each package/app in my Melos workspace.
Am I right you’re using this Sonar GitHub Action: GitHub - SonarSource/sonarqube-scan-action?
We’re currently investigating a potential issue with it when analyzing Dart or Flutter projects. Could you please try replacing it with simple bash:
- name: SonarCloud Scan
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
export SONAR_SCANNER_VERSION=6.1.0.4477
export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux-x64
curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux-x64.zip
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
export PATH=$SONAR_SCANNER_HOME/bin:$PATH
export SONAR_SCANNER_OPTS="-server"
sonar-scanner \
-Dsonar.organization=your_org \
-Dsonar.projectKey=your_project_key\
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarcloud.io
And get back to us with the results.
Yes, that’s what we use. I will try you snippet right away
It looks like your snippet fixes it! Can you link whatever changed in that build to my specific issue? Oh, and do you have an estimate of when these updates are expected to land in GitHub - SonarSource/sonarqube-scan-action?
Nice to hear, that it fixes the issue.
The snippet I suggested is actually a simple bash script that does almost the same as Sonarqube Github Action (downloads scanner and runs analysis). You can even extract it into a separate .sh
script to make your build script more concise.
The current problem of Sonar GitHub Action is that it runs in Docker (an isolated environment) and doesn’t have access to the dependencies that were downloaded during flutter pub get
(or any similar comment). At the moment we’re still investigating what would be the best way to deal with this issue.
Meanwhile, please do not use the Sonarqube Github action but rely on the script I provided. We’ll probably update our docs soon.
Sorry for the inconvenience and thanks a lot for your feedback.
Best,
Margarita
Ah, that makes sense. I’ll keep using this for our flutter project in the meantime.
Thank you very much for the awesome support!
Regards,
Dennis
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.