we currently run scans and report to sonarcloud with the “sonar.analysis.mode=preview” option for github pull requests. We tried to move to the new pull request reporting option as outlined here https://blog.sonarsource.com/sonarcloud-loves-your-build-pipeline with the new sonarcloud github app.
We noticed though, that the submodules in our gradle project are not reported any more. The log shows that they are analyzed, but the “code” Tab does not show them and errors we put in there intentionally do not show up.
Any idea why that happens? Do we have to set any extra options to make this work?
ok, i understand but the changed code is within the subproject (the main project is basically empty).
We tested the same PR with the “new” handling and the old one. The old setup did create a github comment with the expected issues. The new setup does not. The sonarcloud check shows up though and we can view the PR in sonarcloud, so it is processed.
thanks for getting back to me. Your summary is correct, we scan the pull request and the subproject code is not showing up in sonarcloud and the issues we created in that branch are not reported.
Regarding your questions:
The analysis is triggered in our circleci job using the gradle plugin. The args are:
./gradlew sonarqube -Dsonar.host.url=https://sonarcloud.io
-Dsonar.organization=orgabc
-Dsonar.login=<>
-Dsonar.projectKey="${CIRCLE_PROJECT_REPONAME}:master"
-Dsonar.pullrequest.key=${CIRCLE_PULL_REQUEST##*/}
-Dsonar.pullrequest.base=master
-Dsonar.pullrequest.provider=GitHub
-Dsonar.pullrequest.branch=${CIRCLE_BRANCH}
-Dsonar.pullrequest.github.repository=$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME"
The sonarcloud github app has been added to our github org, and we see " SonarCloud — Code Quality check passed" in the pull request.
The analysis is running on the PR.
I have generated a debug log, but how can i send it to you privately?
@dmeneses you told me about a bug in circleci that would erase the master branch. Could it be the reason why we are unable to detect changed files here?
@SebMel Having the logs of the scanner would indeed help. I’ve sent you a private message to which you can reply with the logs.
Please try the same workaround discussed in the other topic.
Thanks.
So the only thing we can think of is that the clone of the git repository in circleci has some references that are no longer valid.
Could you please add, to the P/R, the following to the beginning of your build script.