To be super clear – bumping tends to have the opposite effect in this community (making it less likely to get attention than more). It can take time for the right team to take a look, and this doesn’t appear to be blocking your pull requests from merging.
GitHub itself is decorating your PRs with these issues – not SonarCloud. The way that C# analysis works on SonarCloud is that Roslyn analyzers are executed during your build – and whenever the analyzer finds an issue, it’s emitted as a warning. These warnings are then imported to SonarCloud when you run the final step of analysis, and only then filtered for what issues have already been marked as false-positive (or files excluded, etc.).
So there’s nothing that we can really do here – it looks like this feature is in Beta on GitHub’s side based on the screenshots you’ve shared. Maybe this is feedback worth sharing to them.
The way that C# analysis works on SonarCloud is that Roslyn analyzers are executed during your build – and whenever the analyzer finds an issue, it’s emitted as a warning. These warnings are then imported to SonarCloud when you run the final step of analysis, and only then filtered for what issues have already been marked as false-positive (or files excluded, etc.).
Thanks for clarification. That’s what I guessed.
GitHub itself is decorating your PRs with these issues – not SonarCloud.
This part confuses me to be honest. The annotations are added by the “check” action called “SonarCloud Code Analysis”.
If I do not run the “sonarscanner /end” step, there is no “check step” in the GitHub Actions and no annotations as well.
I’m currently evaluating SonarCloud for a much bigger project and what we expect is that the Sonar warnings (not the Roslyn ones) are not displayed if we previously marked them as e.g. “won’t fix”.
The wrong annotations are all Sonar warnings and no inbuild Roslyn ones. Some of the Sonar warnings are not showing up, others are still visible.
Couldn’t it be the case that we are facing a bug in the internal filtering?
Are you sure? That’s not what I see in the screenshot you shared.
There would be no “SonarCloud Code Analysis” check (because the results never hit the server, and therefore the PR isn’t decorated). And I would understand if removing both the begin and end step caused this, but not just removing theend. Do you have a specific PR where you see this behavior?
I want to emphasize that in-line issue annotations aren’t a feature of SonarCloud. It annoys quite a few users and it’s an item on our roadmap, but as far as I can tell this is all coming from GitHub picking up the warnings from the build step.
Do you have a specific PR where you see this behavior?
I will try to reproduce this again and come back to you with a link
I want to emphasize that in-line issue annotations aren’t a feature of SonarCloud. It annoys quite a few users and it’s an item on our roadmap, but as far as I can tell this is all coming from GitHub picking up the warnings from the build step.
Mhh okay I see. I thought the Sonar check was actively calling some kind of GitHub API that adds these annotations. They are super useful and I would love to see such feature being implemented in Sonar. I will do some research if- and how GitHub might implicitly grab warnings from the build output.
Took me a while to figure this out as well. Thanks for the hint in the right direction!
For anybody trying to disable the .NET error matcher after using the setup-dotnet action, just add another step to your workflow (after the dotnet setup) and run the following command in the shell:
