GitHub actions: analyse both module and git submodule

Hi All, We are trying to setup new GitHub actions for our java project repository. We are using gradle with another repository as git submodule. How to analyse both module and submodule ?. Or how to exclude sub module from main module and analyze sub module seperately?.

Hi,

Welcome to the community!

I’ve split your post into a separate thread since the one you posted on originally had some age on it.

It’s not clear to me what the heart of your question is. Is this about how to analyze or is this related specifically to GitHub actions & getting the correct status on both the module and submodule?

 
Ann

Hi Ann,

Thanks for your reply. I want either or below options. I tried both options but in 2nd option there is one open issue in github to checkout private repo. So if you help me to resolve 1st option (skip the sub module) that would be great help. Thanks.

Option 1: skip the submodule from sonarcloud analysis at the time of pull request (using github actions) of project1(main module or root project).

Option 2: analyze both root module and submodule in sonarcloud at the time of pull request (using github actions)

Tech stack : Java 8, gradle 4.7, GitHub, SonarCloud

We are having two private repositories in github as below.

Repo1 (rootproject : project1)
Repo2 (submodule: project2) - this is common submodule for different root projects

.gitmodules file content as below

[submodule "project2"]
	path = project2
	url = git@github.com:my-orgranization/project2.git

settings.gradle file content as below

rootProject.name = 'project1
include 'project2'

in project1 build.gradle file, I added below entries to analyze only root project1 and to skip the submodule project2

plugins {
    id "org.sonarqube" version "3.0"
}

sonarqube {
	properties {
		property "sonar.projectKey", "myorganization_project1"
		property "sonar.organization", "myorganization"
		property "sonar.host.url", "https://sonarcloud.io"
		property "sonar.sourceEncoding", "UTF-8"
		property "sonar.sources", "src/main/java"
		property "sonar.tests", "src/test/java"
		property "sonar.scm.disabled", "true"
	}
}

project(":project2") {
	sonarqube {
		skipProject = true
	}
}

Below is my ./github/workflows/build.yml file.

name: Build
on:
  push:
    branches:
      - master
  pull_request:
    types: [opened, synchronize, reopened]
jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: Set up JDK 8
        uses: actions/setup-java@v1
        with:
          java-version: 8
      - name: Cache SonarCloud packages
        uses: actions/cache@v1
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar
      - name: Cache Gradle packages
        uses: actions/cache@v1
        with:
          path: ~/.gradle/caches
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
          restore-keys: ${{ runner.os }}-gradle
      - name: Build and analyze
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: sudo ./gradlew sonarqube --info

While executing sudo ./gradlew sonarqube --info command in pull request github actions getting below build error.

Starting Build
Compiling settings file '/home/runner/work/project1/project1/settings.gradle' using SubsetScriptTransformer.
Compiling settings file '/home/runner/work/project1/project1/settings.gradle' using BuildScriptTransformer.
Settings evaluated using settings file '/home/runner/work/project1/project1/settings.gradle'.
Projects loaded. Root project using build file '/home/runner/work/project1/project1/build.gradle'.
Included projects: [root project 'project1', project ':project2']

> Configure project :project2
Evaluating project ':project2' using build file '/home/runner/work/project1/project1/project2/build.gradle'.
All projects evaluated.
Selected primary task 'sonarqube' from project :

.......

FAILURE: Build failed with an exception.

* What went wrong:
Could not determine the dependencies of task ':compileTestJava'.
> Could not resolve all task dependencies for configuration ':testCompileClasspath'.
   > Could not resolve project :project2.
     Required by:
         project :
      > Unable to find a matching configuration of project :project2: None of the consumable configurations have attributes.

* Try:
Run with --stacktrace option to get the stack trace. Run with --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 24s
##[error]Process completed with exit code 1.

Hi @ganncamp,

Can you please update me on this ?. Is there any workaround for this ?.

Regards,
Raj Mohamad S.

Hi @ganncamp,

Any updates on this please ?.

Your setup looks ok. Using the configuration elements you highlighted, I get exactly your desired behavior: project2 excluded from analysis.

In the posted output this looks very strange:

Notice that the error message is about :compileTestJava. This appears to be a dependency of the sonarqube task. This task is expected to work in a Java project, and it’s strange it doesn’t work in yours. I think you need to fix this first, it’s a requirement for the sonarqube task.

Have you tried to run an analysis from your PC, instead of GitHub Actions? I suggest to try to reproduce the problem like that first. Once you figure out making it work locally, you will probably get some clues about what’s different on GitHub Actions.

I have some other recommendations, unrelated to this issue:

• Probably no need to run Gradle with sudo. That’s a bad practice to avoid whenver you can.
• I’m a bit surprised to see the sonar.sources and sonar.tests properties. Normally, in a Gradle+Java project, you can omit such explicit settings, the scanner will know where to find the sources and tests directly from Gradle.
• Why do you use the property sonar.scm.disabled = true? Is it because of the Git submodule?

Hi @janos,

Thanks for your reply and recommendations.

Have you tried to run an analysis from your PC, instead of GitHub Actions? - Yes, Locally i am able to run the analysis successfully.

Please suggest some other alternative options to work on github actions with submodules.

Please refer the below url. This is exact same problem i am facing, only difference for us is we are using submodule also private repository.

Hi @ganncamp and @janos,

Issue resolved. Added submodule_token ssh key in project1 and project2 secrets. Thanks for your help.

- uses: actions/checkout@v2
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: Checkout submodules
        env:
          SSH_kEY: ${{ secrets.SUBMODULE_TOKEN }}
        shell: bash
        run: |
          mkdir $HOME/.ssh && echo "$SSH_kEY" > $HOME/.ssh/id_rsa && chmod 600 $HOME/.ssh/id_rsa && git submodule update --init --recursive

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.