We use SonarCloud - Github with Github Actions.
Our repository is a monorepo: PHP, Laravel, JS.
We have been not getting failed PR for 6 days and our Quality Gate status for new code of main branch was “success” for 6 days. However, 5 hours ago, it returned to “failed”. All the PRs Today are passed from the Quality Gate. How can we have failed Quality Gate for main branch in this circumstance?
Now, Quality Gate is “failed” with 2 bugs on a JS file.
There are 2 issues:
As an administrator and have all rights on the permission page, I cannot display the details of these bugs. I get this message “Due to security settings, no source code can be displayed.”. Why am I not able to display the details of the bugs? How can I display them?
The bugs belong to a file that was updated 3 years ago recently. How can we have a bug for that kind of file?
It’s possible for changes in a PR to raise an issue in old code. Unfortunately that wouldn’t be visible in PR analysis. How could a new issue issue be raised on unchanged code? Well, the quintessential example is the removal of the sole use of a variable. You haven’t touched the variable declaration, but suddenly, it becomes unused and an issue would be raised on that. You wouldn’t see that issue until the full analysis after the merge
Coverage conditions aren’t always enforced on PRs.
“What?!” I can hear you saying. “Why would you not enforce this all the time?”. We don’t enforce coverage conditions when there are fewer than 20 changed lines. Our own experiences with this led us to the conclusion that when there are so few lines, it can sometimes be impossible to write meaningful tests that cover the changes. So we give developers a pass for small changes.
Do you explicitly have Browse rights on the project in question? It’s possible to be an administrator and still not be able to see project details. Although as an admin you can always grant yourself those rights.
Note that we try to keep it to one question per thread. Otherwise things get messy, fast. So if you have followup questions, please choose one topic to address here and create a new thread for the other.
We were able to figure out the issues in our private thread.
The first issue about not being able to access a specific file was due to one of our firewall rule that was triggered because of the file name. We are gonna update this rule soon to make sure it’s not preventing to access such files anymore. This was unrelated to the permission of the user.
About the second issue, regarding having some new bugs raised on the new code while the PRs were green. There are multiple ways this could happen. The first thing that comes to mind is that we continuously improve our analyzer and on SonarCloud we always update to the latest version as soon as they are out. In these improvements, there can be new rules or better detection for some older rules.
So it could happen that the PR is green, it’s merged, then we update our analyzers and some new issues are detected on this code. And depending on the new code period settings, it could still be considered as new code and break the QG.