Detekt issues are not imported to SonarCloud

Importing /home/runner/work/fskx_validator/fskx_validator/build/reports/detekt/main.xml
Sensor Import of detekt issues [kotlin] (done) | time=42ms

These is from lines 995 and 996 in the log.

The issues are generated and listed with detektMain. Check in log.

  • Steps to reproduce: detekt report is generated via Gradle in a GitHub action with ./gradlew build detektMain jacocoTestReport sonarqube --info. Link to GitHub action.

Finally, did I do something wrong with the Detekt report? I tested it locally and the report seems fine and I can see all the issues. The SonarQube plugin is not complaining of this report either. Do I need to configure something in the SonarQube plugin?

Lots of thanks,
Miguel

Hello @miguelalba,

Thanks for your message. I had a brief look at the SonarCloud link with your project and your logs. The interesting and at the same time strange thing is that I see no source files in the code section of your static_anaysis branch. While I see that in logs the 2 files where found.

Could you please clarify whether the log you’ve provided is related to the analysis result is SonarCloud? The other question have you tried running sonarqube analysis locally, using gradle sonarqube command. And could you please try to specify sonar.sources property, to enforce sources root directory.

After trying all these suggestions, could you please get back to us with logs and analysis results?

Kind regards,
Margarita

Hi Margarita,

I am testing SonarCloud on the static_analysis branch where the sources are in the src folder. These sources are configured in build.gradle with the other sonarqube properties:

sonarqube {
    properties {
        property "sonar.projectKey", "RakipInitiative_fskx_validator"
        property "sonar.organization", "rakipinitiative"
        property "sonar.host.url", "https://sonarcloud.io"
        property("sonar.coverage.jacoco.xmlReportPaths", "${project.buildDir}/reports/jacoco/test/jacocoTestReport.xml")
        property("sonar.kotlin.detekt.reportPaths", "${project.buildDir}/reports/detekt/main.xml")
        property("sonar.sources", "src")
        property("sonar.tests", "test")
    }
}

at fskx_validator/build.gradle at 022b987984e733b51683f884d2eb4d99064fb8b1 · RakipInitiative/fskx_validator · GitHub

The log I provided is from the GitHub action building, analysing and sending the reports to SonarCloud. This is the job started the 21st May at 23:57 that updates the SonarCloud report https://sonarcloud.io/dashboard?branch=static_analysis&id=RakipInitiative_fskx_validator at 23:58.

I could execute gradlew sonarqube locally and publish the results with the same command as in my pipeline ./gradlew build detektMain jacocoTestReport sonarqube --info. I did not change anything in the project, only set up temporarily the SONAR_TOKEN in my computer. The results are now available in SonarCloud on the main branch https://sonarcloud.io/dashboard?id=RakipInitiative_fskx_validator. I do not know why it did not work with the GitHub action. Is it because other branch than main/master?

In case it helps I am attaching the log of the local build.
manual_build.log (16.3 KB)

Thanks,
Miguel

The GitHub action detects that static_analysis is not the main branch, and it does a short-living branch analysis. When analyzing a feature branch, as opposed to the main branch of a project, in the typical use case you are looking for new issues introduced in the new commits of that branch. As such, the analysis results will report only about the files changed in that branch. Effectively these files:

$ git diff origin/main...origin/static_analysis --name-only
.github/workflows/basic.yml
build.gradle

When you merge the static_analysis branch into main, you will see all the issues in main. If for some reason you want to see all the issues in the static_analysis branch, then you can get it analyzed as a long-lived branch, which has the behavior of including all the issues of the branch, independent from history with other branches. The long-lived branches are defined by a pattern on the Branches page on SonarCloud. The default pattern is (branch|release)-.*, you could change that to (branch|release)-.*|static_analysis.