We use SonarCloud and GitHub on a private project, part of the PR requirements is to run Sonar and block the PR if the Sonar check fails. This works very well and is helping us keep high quality standards.
Once in a while, I would say several times a week in our case, Sonarcloud bot will post the status on the GitHub PR but the SonarCloud Code Analysis check will still be pending. We do see the same issue with some of the other checks we mandate for our PRs.
We do suspect this is an issue with the GitHub API receiving the confirmation that the check completed but with that API either failing outright or dropping the message and never reflecting the result in the PR.
Could you check with your SonarCloud server side logs if such notifications are getting errors from the GitHub API and maybe implement an option to force notify the PR when a user comes to check the dashboard for the PR on sonarcloud.io.
Right now we are forced to re-run the PR pipelines when this happens and that’s a waist of time for our development team.
I can’t share urls here since we are on a private project but can share more details if you PM me.
It is similar to this report GitHub check "SonarCloud Code Analysis" never clears but not as severe.
Sorry for taking the time. I confirm that I see in our server side logs that during the decoration of a PR you shared, there was an error trying to call the GitHub API, which explains the lost check.
We use SonarCloud for our development but don’t recall a missing check even once. But this is not the first time I hear about users intermittently missing the check, it might be time to start considering to make our decoration more resilient to failing external API calls. Thanks for the feedback!
Since this problem is with the GitHub API I suggest you could retry with backoff logic, but when GitHub has more serious outages that last for hours, like on May 22nd, you could move the task to a retry queue that would retry until the GitHub API is healthy again, or until the notification is no longer relevant.
If you could quickly implement an option to manually re-trigger the notification that would be great.
Alternatively if there is a way for us to ‘fake’ the notification from our side, we could probably write a script that would be given a PR number and notify GitHub that Sonar had completed the analysis. We can retrieve the analysis url from the SonarRunner output and follow breadcrumbs I guess.
GutHub support asks me for more details from your server logs. Could you provide a few examples of the calls you are making that show errors. Preferably with timestamps, the url being called and what exact response you are receiving.
The URLs where the call failed must have been one of these:
Timestamp in UTC:
After the first call succeeds we make the second call. I cannot tell if the failure happened to the first or the second. It’s worth noting that right before the above API call(s), a
https://api.github.com/app/installations/:installation_id/access_tokens was successful. That call generates the access token that is used by the others.
Unfortunately I don’t have the exact response we received, the library we use threw an
IOException and we don’t have access to level of detail about the failure.