Gradle Subprojects not reported to Sonarcloud for Github Pull Requests

gradle
sonarcloud
modules

(Seb) #1

Hi,

we currently run scans and report to sonarcloud with the “sonar.analysis.mode=preview” option for github pull requests. We tried to move to the new pull request reporting option as outlined here https://blog.sonarsource.com/sonarcloud-loves-your-build-pipeline with the new sonarcloud github app.
We noticed though, that the submodules in our gradle project are not reported any more. The log shows that they are analyzed, but the “code” Tab does not show them and errors we put in there intentionally do not show up.
Any idea why that happens? Do we have to set any extra options to make this work?

Regards,
Sebastian


(Simon Brandhof) #2

Hi Sebastian,

This is the expected behavior. Analysis report is only about the changed code on pull requests, even if technically all the source code is analysed.
Here is an example : https://sonarcloud.io/code?id=org.sonarsource.dotnet%3Asonar-csharp&pullRequest=1452. Only some tests have been touched.

Regards


(Seb) #3

Hi Simon,

ok, i understand but the changed code is within the subproject (the main project is basically empty).
We tested the same PR with the “new” handling and the old one. The old setup did create a github comment with the expected issues. The new setup does not. The sonarcloud check shows up though and we can view the PR in sonarcloud, so it is processed.

Regards,
Sebastian


(Seb) #4

Hi,

is there a hint on what we could try here? We would really like to use the new github features :slight_smile:

Regards,
Sebastian


(Julien Henry) #5

Hi @SebMel

Sorry for the late reply. I would like to find the issue with you, since we are not expecting any difference here compared to the previous mechanism.

Let me sum up:

  • you have a Gradle project, with some subprojects
  • this project master branch is analyzed on SonarCloud
  • you change a file in one subproject, so that an issue should be created, and you push this to a branch
  • you open a pull request on GitHub and the pull request appears in SonarCloud, but it is empty (no files in the code viewer)

Am I correct?

Few questions:

  • how is your analysis triggered? Are you using the travis addon for example? If not, what are the parameters you pass for the pullrequest decoration?
  • is the PR analysis triggered on the Git branch you created, or on the merge commit created by GitHub?
  • can you share with me the scanner logs, with verbose mode enabled (--debug with Gradle). Feel free to send them to me privately

(Seb) #6

Hi Julien,

thanks for getting back to me. Your summary is correct, we scan the pull request and the subproject code is not showing up in sonarcloud and the issues we created in that branch are not reported.

Regarding your questions:

  • The analysis is triggered in our circleci job using the gradle plugin. The args are:
    ./gradlew sonarqube -Dsonar.host.url=https://sonarcloud.io
    -Dsonar.organization=orgabc
    -Dsonar.login=<>
    -Dsonar.projectKey="${CIRCLE_PROJECT_REPONAME}:master"
    -Dsonar.pullrequest.key=${CIRCLE_PULL_REQUEST##*/}
    -Dsonar.pullrequest.base=master
    -Dsonar.pullrequest.provider=GitHub
    -Dsonar.pullrequest.branch=${CIRCLE_BRANCH}
    -Dsonar.pullrequest.github.repository=$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME"
    The sonarcloud github app has been added to our github org, and we see " SonarCloud — Code Quality check passed" in the pull request.
    The analysis is running on the PR.
    I have generated a debug log, but how can i send it to you privately?

Regards,
Sebastian


(Seb) #7

Hi @Julien_HENRY would be great if you could get in touch!


(Julien Henry) #8

@dmeneses you told me about a bug in circleci that would erase the master branch. Could it be the reason why we are unable to detect changed files here?


(Duarte Meneses) #9

It could be.
Here is the ticket open in circle ci: https://discuss.circleci.com/t/git-checkout-of-a-branch-destroys-local-reference-to-master/23781
And the other user reporting empty P/R: Code is empty on Pull Request reviews

@SebMel Having the logs of the scanner would indeed help. I’ve sent you a private message to which you can reply with the logs.

Please try the same workaround discussed in the other topic.

Thanks.
So the only thing we can think of is that the clone of the git repository in circleci has some references that are no longer valid.
Could you please add, to the P/R, the following to the beginning of your build script.

git fetch --all
git branch -D master
git rev-parse origin/master

This will update all remote references, delete local master branch (if exists) and print the current remote reference to master.


(Seb) #10

Thanks, i added the logs to the private message and i will try the workaround you mentioned tomorrow :smile:


(Seb) #11

The issue is fixed with this workaround! We can now see the correct reports in sonarcloud. Thanks!