Does the running the GitHub action SonarSource/sonarqube-scan-actio creates a report-task.txt file?

SonarQube Cloud
1

I looked at the official documentation at:

But could not find any reference about getting the result of the scan.

From examples else where I saw that when the scanner is run using the command line it creates a file .scannerwork/.report-task.txt and in that file there’s a line ceTaskUrl=URL and you can use this URL to do a GET request (along with Authorization header) and get the task status until the analysis is over.
Then you can get the analysis results using a request to /api/qualitygates/project_status?analysisId=$analysisId.

Is this file created when using the official GitHub action too or is there some other way to get the analysis result in a GitHub workflow?

Thank you, Sela

3

Hi Sela,

Welcome to the community!

The docs should help.

 
Ann

1 Like
5

You can also use sonar.qualitygate.wait=true to poll for the QG result and fail the build if the QG has failed.

1 Like
6

Hi Colin, thank you.

Turning on this flag seems to save me doing the polling myself.

Do I need to put it in a file sonar-project.properties at the root of the scanned the folder (the folder set with projectBaseDir):

sonarqubeScan1:
    name: SonarQubeScan1
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0  
      - name: SonarQube Scan
        uses: SonarSource/sonarqube-scan-action@v4
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          projectBaseDir: repo1/

Or is there some GitHub workflow way to do that? Setting an environment variable maybe? A GitHub action variable?

Thank you, Sela

7

You can set it in the action itself.

- uses: sonarsource/sonarcloud-github-action@4
  with:
    projectBaseDir: repo1/
    args: >
      -Dsonar.qualitygate.wait=true

But you can also store this in a sonar-project.properties file.

1 Like
8

When I set this flag, I get this error:

13:16:38.288 INFO ------------- Upload SCA dependency files
13:16:39.150 INFO Sensor cache published successfully
13:16:39.153 INFO ------------- Check Quality Gate status
13:16:39.153 INFO Waiting for the analysis report to be processed (max 300s)
13:16:44.702 ERROR Project not found. Please check the 'sonar.projectKey' and 'sonar.organization' properties, the 'SONAR_TOKEN' environment variable, or contact the project administrator to check the permissions of the user the token belongs to
13:16:45.040 INFO EXECUTION FAILURE

Could it be that the token that is good enough to run analysis is not allowed to check the analysis status?

9

It seems the problem was that the analysis wasn’t started at all because it was a branch that wasn’t configured to run the analysis.

Seems like a bug to me. Either the waiting for the analysis should be skipped in such a case or give a clear error message that there’s no analysis to wait for at all