Github Monorepo: "master" branch has not been analyzed yet

marcosinig · December 3, 2024, 2:30pm

Hi,
I am using a monorepo and GITHUB.
Here below the workflow ( a simplified version).
It is able to detect the base and head branch:
10:58:03.418 INFO Pull request 855 for merge into master from test
BUT on sonarcloud the “Main Branch” has this error: “master” branch has not been analyzed yet.
Master is the default branch. I do not get it why it is not able to access to it.


permissions:
    contents: read
    pull-requests: write

 steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0 
      - name: SonarCloud Scan
                uses: SonarSource/sonarcloud-github-action@master
                env: 
                  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_FE_WEB }}
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                with:
                  projectBaseDir: frontend/
                  args: >
                    -Dsonar.organization=strategyinaction
                    -Dsonar.projectKey=strategyinaction_modulith_fe
                    -Dsonar.sources=.
                    -Dsonar.exclusions=web/docs,packages/api,packages/icons
                    -Dsonar.test.inclusions=**/*.(spec|test).ts,**/*.(spec|test).tsx
                    -Dsonar.verbose=true

ganncamp · December 4, 2024, 5:08pm

Hi,

Welcome to the community!

master is the default branch… in GitHub?

And have you actually run an analysis of the branch?

Ann

marcosinig · December 5, 2024, 9:17am

Hi Ann,
master is the default branch, exactly.
This is a monorepo and it looks like that there is no way to run the analysis manually.
Am I wrong?

Regards
marco

ganncamp · December 5, 2024, 2:11pm

Hi marco,

How are you analyzing? Are you using CI-based analysis, or relying on automatic analysis?

Ann

marcosinig · December 5, 2024, 2:27pm

Hi Ann,
from what I got on the docs, please correct me if I am wrong, the monorepo can be trigger only by CI.
The code that I posted, is the CI Github that should trigger it.
On mine opinion it is triggering it but there is, indeed, the error
M

ganncamp · December 5, 2024, 4:05pm

Hi,

Fair point. And at the same time, you also said:

But if you have CI-based analysis, then you should be able to just… trigger the job?

Ann

marcosinig · December 6, 2024, 7:02am

Hi Ann,
the issue I think that it is clear:
On sonarcloud the “Main Branch” has this error: “master” branch has not been analysed yet.
Can you tell me how to solve this error?
Googling this error is NOT related on how to trigger the job but a miss configuration somewhere.
Can you please investigate on this?
M

ganncamp · December 6, 2024, 4:41pm

Hi,

Analyse the main / master branch. You would do that by triggering your CI job.

Ann

marcosinig · December 9, 2024, 9:26am

Hi Ann,

Thank you very much for your hit.
I have been doing this since the beginning.
As you can see from my first post, the CI is doing it.
I think that it would be needed a much more technical and deeper analysis.

Regards
M

ganncamp · December 9, 2024, 1:03pm

Hi M,

You’re saying the main branch has been analyzed? And you’re still getting this?

Do the CI logs of that analysis end with success? And if so, where does the URL at the end take you?

Ann

marcosinig · December 9, 2024, 1:47pm

I have never said that “main branch” has been analysed. Those words are describing the sonarcloud UI: please see attached screenshot.

Yea, no errors on the CI logs analysis. Attached log for references.
sonarcloud_log.txt (32.6 KB)

ganncamp · December 9, 2024, 3:55pm

Hi,

That’s an analysis log for a PR.

When you navigate to Branches, what shows up? Do you see your ‘master’ branch there? Or does it not appear anywhere in SonarQube for Cloud?

Ann

marcosinig · December 9, 2024, 4:08pm

There is, see attached

ganncamp · December 9, 2024, 4:18pm

Hi,

Thanks for the screenshot. I’m going to flag this for the team.

Ann

marcosinig · December 13, 2024, 11:16am

Hi,
i really hope that we can an update. It is more than a week that it is open…
Thanks

Zipeng_Wu · December 13, 2024, 1:36pm

Hi @marcosinig ,

We followed the documentation here and we couldn’t reproduce the issue.

It seems the github action workflow configuration that you shared is not complete. Hence, we are not sure that your GitHub action on the master branch has been triggered properly.

Could you make sure that you have included the “on” section in the configuration? If you still encounter the problem, could you share with us the complete Github workflow configuration?

marcosinig · December 16, 2024, 4:32pm

Hi Zipeng,

this is the updated runner which is still NOT working:

name: Pull request checks for fe web
on:
    pull_request:
      branches:
        - master

defaults:
  run:
    working-directory: frontend/apps/web

jobs:
  pull_request_checks_web:
    name: Pull request checks for web
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Fetch all history for all branches and tags

      - name: Install Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: 'frontend/.node-version'
      - name: Install pnpm
        run: npm install -g  $(cat package.json | jq -r '.packageManager')
        working-directory: frontend
      - name: Install dependencies
        run: pnpm install
      - name: SonarCloud Scan
        uses: SonarSource/sonarqube-scan-action@v4
        env: 
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_FE_WEB }}
        with:
          projectBaseDir: frontend/apps/web
          args: >
            -Dsonar.organization=strategyinaction
            -Dsonar.projectKey=strategyinaction_modulith_web_fe
            -Dsonar.sources=.
            -Dsonar.pullrequest.branch=${{github.head_ref}}
            -Dsonar.pullrequest.base=${{github.base_ref}}
            -Dsonar.pullrequest.key=${{github.event.pull_request.number}}

The problem is not on the ‘on’ for sure.

I am appending the log of the runner. As you can see, it is kicked correctly and there are NO errors. Anyway, there is still the error: “master” branch has not been analyzed yet.
See attached image.

sonar-scanner -Dsonar.projectBaseDir=frontend/apps/web -Dsonar.organization=strategyinaction -Dsonar.projectKey=strategyinaction_modulith_web_fe -Dsonar.sources=. -Dsonar.pullrequest.branch=ENG-3115-sonar-5 -Dsonar.pullrequest.base=master -Dsonar.pullrequest.key=982
16:24:04.037 INFO  Scanner configuration file: /home/runner/work/_temp/sonar-scanner-cli-6.2.1.4610-Linux-X64/conf/sonar-scanner.properties
16:24:04.043 INFO  Project root configuration file: NONE
16:24:04.073 INFO  SonarScanner CLI 6.2.1.4610
16:24:04.077 INFO  Java 17.0.12 Eclipse Adoptium (64-bit)
16:24:04.079 INFO  Linux 6.5.0-1025-azure amd64
16:24:04.112 INFO  User cache: /home/runner/.sonar/cache
16:24:04.857 INFO  JRE provisioning: os[linux], arch[x86_64]
16:24:08.776 INFO  Communicating with SonarCloud
16:24:09.088 INFO  Starting SonarScanner Engine...
16:24:09.089 INFO  Java 17.0.11 Eclipse Adoptium (64-bit)
16:24:09.986 INFO  Load global settings
16:24:10.738 INFO  Load global settings (done) | time=753ms
16:24:10.744 INFO  Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
16:24:10.928 INFO  Loading required plugins
16:24:10.928 INFO  Load plugins index
16:24:11.108 INFO  Load plugins index (done) | time=178ms
16:24:11.109 INFO  Load/download plugins
16:24:12.091 INFO  Load/download plugins (done) | time=981ms
16:24:12.555 INFO  Found an active CI vendor: 'Github Actions'
16:24:12.557 INFO  Load project settings for component key: 'strategyinaction_modulith_web_fe'
16:24:12.740 INFO  Load project settings for component key: 'strategyinaction_modulith_web_fe' (done) | time=182ms
16:24:12.745 INFO  Process project properties
16:24:12.752 INFO  Project key: strategyinaction_modulith_web_fe
16:24:12.753 INFO  Base dir: /home/runner/work/modulith/modulith/frontend/apps/web
16:24:12.753 INFO  Working dir: /home/runner/work/modulith/modulith/frontend/apps/web/.scannerwork
16:24:12.758 INFO  Load project branches
16:24:12.987 INFO  Load project branches (done) | time=230ms
16:24:12.990 INFO  Check ALM binding of project 'strategyinaction_modulith_web_fe'
16:24:13.160 INFO  Detected project binding: BOUND
16:24:13.160 INFO  Check ALM binding of project 'strategyinaction_modulith_web_fe' (done) | time=170ms
16:24:13.161 INFO  Load project pull requests
16:24:13.326 INFO  Load project pull requests (done) | time=164ms
16:24:13.328 INFO  Load branch configuration
16:24:14.283 INFO  Load branch configuration (done) | time=956ms
16:24:14.292 INFO  Load quality profiles
16:24:14.561 INFO  Load quality profiles (done) | time=269ms
16:24:14.568 INFO  Load active rules
16:24:23.651 INFO  Load active rules (done) | time=9085ms
16:24:23.843 INFO  Organization key: strategyinaction
16:24:23.843 INFO  Pull request 982 for merge into master from ENG-3115-sonar-5
16:24:23.862 INFO  Preprocessing files...
16:24:25.222 INFO  5 languages detected in 549 preprocessed files
16:24:25.223 INFO  0 files ignored because of inclusion/exclusion patterns
16:24:25.224 INFO  23410 files ignored because of scm ignore settings
16:24:25.250 INFO  Loading plugins for detected languages
16:24:25.252 INFO  Load/download plugins
16:24:27.032 INFO  Load/download plugins (done) | time=1781ms
16:24:27.213 INFO  Load project repositories
16:24:27.395 INFO  Load project repositories (done) | time=182ms
16:24:27.396 INFO  SCM collecting changed files in the branch
16:24:27.544 INFO  SCM collecting changed files in the branch (done) | time=148ms
16:24:27.551 INFO  Indexing files...
16:24:27.558 INFO  Project configuration:
16:24:27.560 INFO    Excluded sources: **/build-wrapper-dump.json
16:24:28.239 INFO  546 files indexed
16:24:28.252 INFO  Quality profile for css: Sonar way
16:24:28.255 INFO  Quality profile for js: Sonar way
16:24:28.256 INFO  Quality profile for json: Sonar way
16:24:28.258 INFO  Quality profile for ts: Sonar way
16:24:28.259 INFO  Quality profile for web: Sonar way
16:24:28.261 INFO  ------------- Run sensors on module strategyinaction_modulith_web_fe
16:24:28.346 INFO  Load metrics repository
16:24:28.514 INFO  Load metrics repository (done) | time=168ms
16:24:28.524 INFO  Sensor cache enabled
16:24:28.763 INFO  Load sensor cache
16:24:29.782 INFO  Load sensor cache (404) | time=1020ms
16:24:30.557 INFO  Sensor HTML [web]
16:24:30.558 INFO  Sensor HTML is restricted to changed files only
16:24:30.566 INFO  Sensor HTML [web] (done) | time=9ms
16:24:30.568 INFO  Sensor JaCoCo XML Report Importer [jacoco]
16:24:30.571 INFO  'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
16:24:30.573 INFO  No report imported, no coverage information will be imported by JaCoCo XML Report Importer
16:24:30.573 INFO  Sensor JaCoCo XML Report Importer [jacoco] (done) | time=5ms
16:24:30.574 INFO  Sensor IaC CloudFormation Sensor [iac]
16:24:30.593 INFO  0 source files to be analyzed
16:24:30.600 INFO  0/0 source files have been analyzed
16:24:30.607 INFO  Sensor IaC CloudFormation Sensor [iac] (done) | time=26ms
16:24:30.607 INFO  Sensor IaC AzureResourceManager Sensor [iac]
16:24:30.607 INFO  Sensor IaC AzureResourceManager Sensor is restricted to changed files only
16:24:30.708 INFO  0 source files to be analyzed
16:24:30.708 INFO  0/0 source files have been analyzed
16:24:30.715 INFO  Sensor IaC AzureResourceManager Sensor [iac] (done) | time=109ms
16:24:30.715 INFO  Sensor Java Config Sensor [iac]
16:24:30.726 INFO  0 source files to be analyzed
16:24:30.727 INFO  0/0 source files have been analyzed
16:24:30.732 INFO  Sensor Java Config Sensor [iac] (done) | time=18ms
16:24:30.732 INFO  Sensor JavaScript/TypeScript analysis [javascript]
16:24:30.914 INFO  Detected os: Linux arch: amd64 alpine: false. Platform: LINUX_X64
16:24:30.915 INFO  Deploy location /home/runner/.sonar/js/node-runtime, tagetRuntime: /home/runner/.sonar/js/node-runtime/node,  version: /home/runner/.sonar/js/node-runtime/version.txt
16:24:34.036 INFO  Using embedded Node.js runtime.
16:24:34.036 INFO  Using Node.js executable: '/home/runner/.sonar/js/node-runtime/node'.
16:24:35.502 INFO  Memory configuration: OS (7929 MB), Node.js (2096 MB).
16:24:37.185 WARN  Access to the multi-values/property set property 'sonar.javascript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
16:24:37.191 WARN  Access to the multi-values/property set property 'sonar.typescript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
16:24:37.218 INFO  Found 1 tsconfig.json file(s): [/home/runner/work/modulith/modulith/frontend/apps/web/tsconfig.json]
16:24:37.223 INFO  Creating TypeScript program
16:24:37.223 INFO  TypeScript configuration file /home/runner/work/modulith/modulith/frontend/apps/web/tsconfig.json
16:24:37.231 INFO  529 source files to be analyzed
16:24:42.193 INFO  Starting analysis with current program
16:24:47.232 INFO  78/529 files analyzed, current file: src/features/Versions/ui/ListView/VersionDataTable.tsx
16:24:57.233 INFO  458/529 files analyzed, current file: src/features/Okr/ui/EditImpactMeasurePanel/ImpactMeasureProgressReportsModal.spec.tsx
16:24:59.263 INFO  Analyzed 527 file(s) with current program
16:24:59.267 INFO  Found 2 file(s) not part of any tsconfig.json: they will be analyzed without type information
16:24:59.301 INFO  529/529 source files have been analyzed
16:24:59.302 INFO  Hit the cache for 0 out of 529
16:24:59.303 INFO  Miss the cache for 529 out of 529: FILE_CHANGED [529/529]
16:24:59.303 INFO  Sensor JavaScript/TypeScript analysis [javascript] (done) | time=28574ms
16:24:59.303 INFO  Sensor JavaScript inside HTML analysis [javascript]
16:24:59.306 INFO  1 source file to be analyzed
16:24:59.329 INFO  1/1 source file has been analyzed
16:24:59.329 INFO  Hit the cache for 0 out of 1
16:24:59.329 INFO  Miss the cache for 1 out of 1: FILE_CHANGED [1/1]
16:24:59.329 INFO  Sensor JavaScript inside HTML analysis [javascript] (done) | time=24ms
16:24:59.329 INFO  Sensor CSS Rules [javascript]
16:24:59.330 INFO  Sensor CSS Rules is restricted to changed files only
16:24:59.335 INFO  No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
16:24:59.335 INFO  Sensor CSS Rules [javascript] (done) | time=4ms
16:24:59.335 INFO  Sensor CSS Metrics [javascript]
16:24:59.335 INFO  Sensor CSS Metrics is restricted to changed files only
16:24:59.336 INFO  Sensor CSS Metrics [javascript] (done) | time=1ms
16:24:59.336 INFO  Sensor IaC Docker Sensor [iac]
16:24:59.336 INFO  Sensor IaC Docker Sensor is restricted to changed files only
16:24:59.407 INFO  0 source files to be analyzed
16:24:59.408 INFO  0/0 source files have been analyzed
16:24:59.412 INFO  Sensor IaC Docker Sensor [iac] (done) | time=75ms
16:24:59.412 INFO  Sensor Serverless configuration file sensor [security]
16:24:59.412 INFO  0 Serverless function entries were found in the project
16:24:59.418 INFO  0 Serverless function handlers were kept as entrypoints
16:24:59.420 INFO  Sensor Serverless configuration file sensor [security] (done) | time=7ms
16:24:59.420 INFO  Sensor AWS SAM template file sensor [security]
16:24:59.420 INFO  Sensor AWS SAM template file sensor [security] (done) | time=1ms
16:24:59.420 INFO  Sensor AWS SAM Inline template file sensor [security]
16:24:59.423 INFO  Sensor AWS SAM Inline template file sensor [security] (done) | time=5ms
16:24:59.425 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise]
16:24:59.427 INFO  Sensor EnterpriseTextAndSecretsSensor is restricted to changed files only
16:24:59.428 INFO  Available processors: 2
16:24:59.428 INFO  Using 2 threads for analysis.
16:25:00.084 INFO  The property "sonar.tests" is not set. To improve the analysis accuracy, we categorize a file as a test file if any of the following is true:
  * The filename starts with "test"
  * The filename contains "test." or "tests."
  * Any directory in the file path is named: "doc", "docs", "test" or "tests"
  * Any directory in the file path has a name ending in "test" or "tests"
16:25:00.118 INFO  Using git CLI to retrieve untracked files
16:25:00.323 INFO  Analyzing language associated files and files included via "sonar.text.inclusions" that are tracked by git
16:25:00.336 INFO  Sensor EnterpriseTextAndSecretsSensor [textenterprise] (done) | time=911ms
16:25:00.338 INFO  Sensor JavaSecuritySensor [security]
16:25:00.341 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S5883, S6096, S6173, S6287, S6350, S6384, S6390, S6398, S6399, S6547, S6549, S7044
16:25:00.343 INFO  Load type hierarchy and UCFGs: Starting
16:25:00.344 INFO  Load type hierarchy: Starting
16:25:00.344 INFO  Reading type hierarchy from: /home/runner/work/modulith/modulith/frontend/apps/web/.scannerwork/ucfg2/java
16:25:00.345 INFO  Read 0 type definitions
16:25:00.347 INFO  Load type hierarchy: Time spent was 00:00:00.003
16:25:00.349 INFO  Load UCFGs: Starting
16:25:00.350 INFO  Load UCFGs: Time spent was 00:00:00.001
16:25:00.351 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.007
16:25:00.352 INFO  No UCFGs have been included for analysis.
16:25:00.361 INFO  java security sensor: Time spent was 00:00:00.020
16:25:00.362 INFO  java security sensor: Begin: 2024-12-16T16:25:00.340772163Z, End: 2024-12-16T16:25:00.361480853Z, Duration: 00:00:00.020
  Load type hierarchy and UCFGs: Begin: 2024-12-16T16:25:00.343278675Z, End: 2024-12-16T16:25:00.351004435Z, Duration: 00:00:00.007
    Load type hierarchy: Begin: 2024-12-16T16:25:00.344040839Z, End: 2024-12-16T16:25:00.347173596Z, Duration: 00:00:00.003
    Load UCFGs: Begin: 2024-12-16T16:25:00.348903266Z, End: 2024-12-16T16:25:00.350134876Z, Duration: 00:00:00.001
16:25:00.363 INFO  java security sensor peak memory: 223 MB
16:25:00.367 INFO  Sensor JavaSecuritySensor [security] (done) | time=25ms
16:25:00.367 INFO  Sensor CSharpSecuritySensor [security]
16:25:00.367 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5883, S6096, S6173, S6287, S6350, S6399, S6547, S6549, S6639, S6641, S6680, S6776, S7044
16:25:00.367 INFO  Load type hierarchy and UCFGs: Starting
16:25:00.367 INFO  Load type hierarchy: Starting
16:25:00.368 INFO  Reading type hierarchy from: /home/runner/work/modulith/modulith/frontend/apps/web/ucfg2/cs
16:25:00.368 INFO  Read 0 type definitions
16:25:00.368 INFO  Load type hierarchy: Time spent was 00:00:00.000
16:25:00.368 INFO  Load UCFGs: Starting
16:25:00.368 INFO  Load UCFGs: Time spent was 00:00:00.000
16:25:00.368 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.000
16:25:00.368 INFO  No UCFGs have been included for analysis.
16:25:00.368 INFO  csharp security sensor: Time spent was 00:00:00.001
16:25:00.369 INFO  csharp security sensor: Begin: 2024-12-16T16:25:00.364062799Z, End: 2024-12-16T16:25:00.365123543Z, Duration: 00:00:00.001
  Load type hierarchy and UCFGs: Begin: 2024-12-16T16:25:00.364311945Z, End: 2024-12-16T16:25:00.364784055Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2024-12-16T16:25:00.364333726Z, End: 2024-12-16T16:25:00.364530231Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2024-12-16T16:25:00.364642515Z, End: 2024-12-16T16:25:00.364680167Z, Duration: 00:00:00.000
16:25:00.369 INFO  csharp security sensor peak memory: 223 MB
16:25:00.369 INFO  Sensor CSharpSecuritySensor [security] (done) | time=2ms
16:25:00.369 INFO  Sensor PhpSecuritySensor [security]
16:25:00.369 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5334, S5335, S5883, S6173, S6287, S6350, S7044
16:25:00.369 INFO  Load type hierarchy and UCFGs: Starting
16:25:00.370 INFO  Load type hierarchy: Starting
16:25:00.370 INFO  Reading type hierarchy from: /home/runner/work/modulith/modulith/frontend/apps/web/.scannerwork/ucfg2/php
16:25:00.370 INFO  Read 0 type definitions
16:25:00.370 INFO  Load type hierarchy: Time spent was 00:00:00.000
16:25:00.370 INFO  Load UCFGs: Starting
16:25:00.370 INFO  Load UCFGs: Time spent was 00:00:00.000
16:25:00.370 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.000
16:25:00.370 INFO  No UCFGs have been included for analysis.
16:25:00.383 INFO  php security sensor: Time spent was 00:00:00.000
16:25:00.384 INFO  php security sensor: Begin: 2024-12-16T16:25:00.365925563Z, End: 2024-12-16T16:25:00.366709809Z, Duration: 00:00:00.000
  Load type hierarchy and UCFGs: Begin: 2024-12-16T16:25:00.366039049Z, End: 2024-12-16T16:25:00.366398154Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2024-12-16T16:25:00.366059569Z, End: 2024-12-16T16:25:00.366169188Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2024-12-16T16:25:00.366275340Z, End: 2024-12-16T16:25:00.366306550Z, Duration: 00:00:00.000
16:25:00.384 INFO  php security sensor peak memory: 223 MB
16:25:00.384 INFO  Sensor PhpSecuritySensor [security] (done) | time=2ms
16:25:00.384 INFO  Sensor PythonSecuritySensor [security]
16:25:00.384 INFO  Enabled taint analysis rules: S2076, S2078, S2083, S2091, S2631, S3649, S5131, S5135, S5144, S5145, S5146, S5147, S5334, S5496, S6287, S6350, S6639, S6680, S6776, S6839, S7044
16:25:00.384 INFO  Load type hierarchy and UCFGs: Starting
16:25:00.384 INFO  Load type hierarchy: Starting
16:25:00.385 INFO  Reading type hierarchy from: /home/runner/work/modulith/modulith/frontend/apps/web/.scannerwork/ucfg2/python
16:25:00.385 INFO  Read 0 type definitions
16:25:00.385 INFO  Load type hierarchy: Time spent was 00:00:00.000
16:25:00.385 INFO  Load UCFGs: Starting
16:25:00.385 INFO  Load UCFGs: Time spent was 00:00:00.000
16:25:00.385 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:00.000
16:25:00.385 INFO  No UCFGs have been included for analysis.
16:25:00.385 INFO  python security sensor: Time spent was 00:00:00.000
16:25:00.386 INFO  python security sensor: Begin: 2024-12-16T16:25:00.367683597Z, End: 2024-12-16T16:25:00.368608131Z, Duration: 00:00:00.000
  Load type hierarchy and UCFGs: Begin: 2024-12-16T16:25:00.367828183Z, End: 2024-12-16T16:25:00.368241802Z, Duration: 00:00:00.000
    Load type hierarchy: Begin: 2024-12-16T16:25:00.367853561Z, End: 2024-12-16T16:25:00.367985072Z, Duration: 00:00:00.000
    Load UCFGs: Begin: 2024-12-16T16:25:00.368103558Z, End: 2024-12-16T16:25:00.368134437Z, Duration: 00:00:00.000
16:25:00.386 INFO  python security sensor peak memory: 223 MB
16:25:00.386 INFO  Sensor PythonSecuritySensor [security] (done) | time=2ms
16:25:00.386 INFO  Sensor JsSecuritySensor [security]
16:25:00.386 INFO  Enabled taint analysis rules: S2076, S5696, S6105, S3649, S5334, S5131, S6350, S2083, S6287, S2631, S5146, S5147, S6096, S5883, S5144
16:25:00.386 INFO  Load type hierarchy and UCFGs: Starting
16:25:00.386 INFO  Load type hierarchy: Starting
16:25:00.394 INFO  Reading type hierarchy from: /home/runner/work/modulith/modulith/frontend/apps/web/.scannerwork/ucfg2/js
16:25:00.395 INFO  Read 0 type definitions
16:25:00.395 INFO  Load type hierarchy: Time spent was 00:00:00.006
16:25:00.395 INFO  Load UCFGs: Starting
16:25:00.395 INFO  Reading UCFGs from: /home/runner/work/modulith/modulith/frontend/apps/web/.scannerwork/ucfg2/js
16:25:02.211 INFO  Load UCFGs: Time spent was 00:00:01.834
16:25:02.212 INFO  Load type hierarchy and UCFGs: Time spent was 00:00:01.842
16:25:02.212 INFO  Analyzing 4096 UCFGs to detect vulnerabilities.
16:25:02.212 INFO  Check cache: Starting
16:25:02.213 INFO  Load cache: Starting
16:25:02.213 INFO  Load cache: Time spent was 00:00:00.000
16:25:02.214 INFO  Check cache: Time spent was 00:00:00.001
16:25:02.214 INFO  Create runtime call graph: Starting
16:25:02.215 INFO  Variable Type Analysis #1: Starting
16:25:02.216 INFO  Create runtime type propagation graph: Starting
16:25:02.504 INFO  Create runtime type propagation graph: Time spent was 00:00:00.286
16:25:02.504 INFO  Run SCC (Tarjan) on 26354 nodes: Starting
16:25:02.542 INFO  Run SCC (Tarjan) on 26354 nodes: Time spent was 00:00:00.037
16:25:02.542 INFO  Tarjan found 26354 strongly connected components
16:25:02.543 INFO  Propagate runtime types to strongly connected components: Starting
16:25:02.625 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.082
16:25:02.626 INFO  Variable Type Analysis #1: Time spent was 00:00:00.410
16:25:02.627 INFO  Variable Type Analysis #2: Starting
16:25:02.628 INFO  Create runtime type propagation graph: Starting
16:25:03.075 INFO  Create runtime type propagation graph: Time spent was 00:00:00.446
16:25:03.075 INFO  Run SCC (Tarjan) on 26354 nodes: Starting
16:25:03.109 INFO  Run SCC (Tarjan) on 26354 nodes: Time spent was 00:00:00.033
16:25:03.109 INFO  Tarjan found 26354 strongly connected components
16:25:03.109 INFO  Propagate runtime types to strongly connected components: Starting
16:25:03.168 INFO  Propagate runtime types to strongly connected components: Time spent was 00:00:00.058
16:25:03.168 INFO  Variable Type Analysis #2: Time spent was 00:00:00.539
16:25:03.182 INFO  Create runtime call graph: Time spent was 00:00:00.967
16:25:03.182 INFO  Load config: Starting
16:25:03.295 INFO  Load config: Time spent was 00:00:00.112
16:25:03.295 INFO  Compute entry points: Starting
16:25:04.452 INFO  Compute entry points: Time spent was 00:00:01.156
16:25:04.453 INFO  All rules entry points : 528
16:25:04.453 INFO  Slice call graph: Starting
16:25:04.453 INFO  Slice call graph: Time spent was 00:00:00.000
16:25:04.454 INFO  Live variable analysis: Starting
16:25:05.429 INFO  Live variable analysis: Time spent was 00:00:00.976
16:25:05.430 INFO  Taint analysis for js: Starting
16:25:06.282 INFO  0 / 4096 UCFGs simulated, memory usage: 273 MB
16:25:07.205 INFO  172 / 4096 UCFGs simulated, memory usage: 167 MB
16:25:07.603 INFO  363 / 4096 UCFGs simulated, memory usage: 300 MB
16:25:08.064 INFO  542 / 4096 UCFGs simulated, memory usage: 230 MB
16:25:08.065 INFO  Taint analysis for js: Time spent was 00:00:02.635
16:25:08.065 INFO  Report issues: Starting
16:25:08.069 INFO  Report issues: Time spent was 00:00:00.003
16:25:08.070 INFO  Store cache: Starting
16:25:08.071 INFO  Store cache: Time spent was 00:00:00.000
16:25:08.073 INFO  js security sensor: Time spent was 00:00:07.703
16:25:08.075 INFO  js security sensor: Begin: 2024-12-16T16:25:00.369521874Z, End: 2024-12-16T16:25:08.072996220Z, Duration: 00:00:07.703
  Load type hierarchy and UCFGs: Begin: 2024-12-16T16:25:00.369720443Z, End: 2024-12-16T16:25:02.211911936Z, Duration: 00:00:01.842
    Load type hierarchy: Begin: 2024-12-16T16:25:00.369746012Z, End: 2024-12-16T16:25:00.376126946Z, Duration: 00:00:00.006
    Load UCFGs: Begin: 2024-12-16T16:25:00.376230223Z, End: 2024-12-16T16:25:02.211025497Z, Duration: 00:00:01.834
  Check cache: Begin: 2024-12-16T16:25:02.212668281Z, End: 2024-12-16T16:25:02.214086254Z, Duration: 00:00:00.001
    Load cache: Begin: 2024-12-16T16:25:02.212944057Z, End: 2024-12-16T16:25:02.213415569Z, Duration: 00:00:00.000
  Create runtime call graph: Begin: 2024-12-16T16:25:02.214702196Z, End: 2024-12-16T16:25:03.181860546Z, Duration: 00:00:00.967
    Variable Type Analysis #1: Begin: 2024-12-16T16:25:02.215528272Z, End: 2024-12-16T16:25:02.625856740Z, Duration: 00:00:00.410
      Create runtime type propagation graph: Begin: 2024-12-16T16:25:02.216526079Z, End: 2024-12-16T16:25:02.503523460Z, Duration: 00:00:00.286
      Run SCC (Tarjan) on 26354 nodes: Begin: 2024-12-16T16:25:02.504103325Z, End: 2024-12-16T16:25:02.542071582Z, Duration: 00:00:00.037
      Propagate runtime types to strongly connected components: Begin: 2024-12-16T16:25:02.542394756Z, End: 2024-12-16T16:25:02.625111356Z, Duration: 00:00:00.082
    Variable Type Analysis #2: Begin: 2024-12-16T16:25:02.627779167Z, End: 2024-12-16T16:25:03.167675246Z, Duration: 00:00:00.539
      Create runtime type propagation graph: Begin: 2024-12-16T16:25:02.628088646Z, End: 2024-12-16T16:25:03.074682002Z, Duration: 00:00:00.446
      Run SCC (Tarjan) on 26354 nodes: Begin: 2024-12-16T16:25:03.074939714Z, End: 2024-12-16T16:25:03.108692373Z, Duration: 00:00:00.033
      Propagate runtime types to strongly connected components: Begin: 2024-12-16T16:25:03.109014455Z, End: 2024-12-16T16:25:03.167387327Z, Duration: 00:00:00.058
  Load config: Begin: 2024-12-16T16:25:03.182098030Z, End: 2024-12-16T16:25:03.294753553Z, Duration: 00:00:00.112
  Compute entry points: Begin: 2024-12-16T16:25:03.295537590Z, End: 2024-12-16T16:25:04.452249502Z, Duration: 00:00:01.156
  Slice call graph: Begin: 2024-12-16T16:25:04.452551006Z, End: 2024-12-16T16:25:04.452576294Z, Duration: 00:00:00.000
  Live variable analysis: Begin: 2024-12-16T16:25:04.452685127Z, End: 2024-12-16T16:25:05.429003176Z, Duration: 00:00:00.976
  Taint analysis for js: Begin: 2024-12-16T16:25:05.429446385Z, End: 2024-12-16T16:25:08.065154910Z, Duration: 00:00:02.635
  Report issues: Begin: 2024-12-16T16:25:08.065781596Z, End: 2024-12-16T16:25:08.069060115Z, Duration: 00:00:00.003
  Store cache: Begin: 2024-12-16T16:25:08.070565580Z, End: 2024-12-16T16:25:08.071450419Z, Duration: 00:00:00.000
16:25:08.077 INFO  js security sensor peak memory: 461 MB
16:25:08.077 INFO  Sensor JsSecuritySensor [security] (done) | time=7708ms
16:25:08.085 INFO  ------------- Run sensors on project
16:25:08.381 INFO  Sensor Zero Coverage Sensor
16:25:08.580 INFO  Sensor Zero Coverage Sensor (done) | time=184ms
16:25:08.661 INFO  CPD Executor 40 files had no CPD blocks
16:25:08.664 INFO  CPD Executor Calculating CPD for 489 files
16:25:08.923 INFO  CPD Executor CPD calculation finished (done) | time=258ms
16:25:09.053 INFO  SCM writing changed lines
16:25:09.060 INFO  SCM writing changed lines (done) | time=8ms
16:25:09.796 INFO  Analysis report generated in 845ms, dir size=728 KB
16:25:10.402 INFO  Analysis report compressed in 606ms, zip size=542 KB
16:25:12.073 INFO  Analysis report uploaded in 1670ms
16:25:12.074 INFO  ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=strategyinaction_modulith_web_fe&pullRequest=982
16:25:12.074 INFO  Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
16:25:12.074 INFO  More about the report processing at https://sonarcloud.io/api/ce/task?id=AZPQSbXKiDwFasvmjpZh
16:25:12.091 INFO  Time spent writing ucfgs 1248ms
16:25:12.311 INFO  Analysis total time: 59.994 s
16:25:12.313 INFO  SonarScanner Engine completed successfully
16:25:12.649 INFO  EXECUTION SUCCESS
16:25:12.650 INFO  Total time: 1:08.616s

marcosinig · December 19, 2024, 8:49am

Is there any chance that we can get an update?

Colin · December 19, 2024, 1:19pm

Hey @marcosinig

Let me see if I can clear this one up.

When you run an analysis, you either run an analysis on a branch (the main branch, or some other branch), or a pull request.

If you run an analysis in the conext of a pull request analysis, you get an analysis of that pull request and not the main branch.

So far, all the logs that you’ve shared have been of a pull request analysis.

This makes sense given the GitHub Actions Workflows that you’ve shared.

name: Pull request checks for fe web
on:
    pull_request:
      branches:
        - master

As documented by GitHub, this is going to run your job when you open a pull request targeting master. This will not run a job on your master branch.

If you want your main branch analyzed after every commit (the branch analysis I spoke about first), you would want your triggers to look like this:

name: Build
on:
  push:
    branches:
      - master
  pull_request:
    types: [opened, synchronize, reopened]

You’ll also want to remove this from your action:

Marcosinig:

            -Dsonar.pullrequest.branch=${{github.head_ref}}
            -Dsonar.pullrequest.base=${{github.base_ref}}
            -Dsonar.pullrequest.key=${{github.event.pull_request.number}}

This configuration is automatically picked up by the scan when relevant.

Colin · December 19, 2024, 1:20pm

So to be super clear, change the on section of your workflow to look like this:

  push:
    branches:
      - master
  pull_request:
    types: [opened, synchronize, reopened]

Remove this

marcosinig:

            -Dsonar.pullrequest.branch=${{github.head_ref}}
            -Dsonar.pullrequest.base=${{github.base_ref}}
            -Dsonar.pullrequest.key=${{github.event.pull_request.number}}

And merge those changes into your main branch. This should kick off a scan of your main branch.