Issue with the PR decorators

tshaji · July 19, 2023, 4:51pm

Hi Team,
The organization that I am working for is running into an issue with the PR decorators. Sonarcloud Analysis is being used on repositories.
We are using CI based analysis and the CI tool used is codefresh. We can see that the Sonarcloud analysis is finished and the Sonarcloud dashboard has been updated after the CI pipeline has finished.
However the SonarCloud Code Analysis check and comment are both not there in Github. The SonarCloud, Code Analysis check and comment are both available in Github when automatic analysis is enabled.
Due to the fact that our project involves various languages, we wish to use the CI-based analysis.

Could you provide the steps for CI based analysis with codefresh to make the SonarCloud Code Analysis check and comment available in Github.

quentin.chevrin · July 21, 2023, 8:12am

Hello Thenu,

Just so I am sure I understand your issue correctly :

You are using github as git repository for your projects
You are using a CI tool called codefresh to run SonarCloud analysis
The analysis works and you get your results in sonarcloud
You want the result of the analysis to be displayed in github as PR decoration
The PR decoration works with autoscan but not with codefresh

Is that correct ?

tshaji · July 21, 2023, 7:59pm

Hi,
Thank you for the response. Please find the requested details below.

* You are using github as git repository for your projects **--correct**
* You are using a CI tool called codefresh to run SonarCloud analysis  **--correct(We have a repo which contains multiple languages and using CI tool codefresh we are analysing only the typescript ones and y**
** es that works)** 
* The analysis works and you get your results in sonarcloud **--correct**
* You want the result of the analysis to be displayed in github as PR decoration **--yes and this is not working**
* The PR decoration works with autoscan but not with codefresh **--yes that is also correct**

In essence, there are two problems:

First issue

Our repository spans several languages. We were attempting to convert it to a monorepo(We referred the documentation on the same).
However, we are passing “sonar.projectKey” and “sonar.projectName” in the file sonar-project.properties. But there are numerous projectKeys in the case of monorepo. Can more than one “sonar.projectKey” be provided in the sonar-project.properties file and retrieved in the codefresh.yml file?

Below is the scanner in codefresh.yml file


  analyze_code:
    stage: analyze
    title: Analyze code
    type: sonar-scanner-cli
    arguments:
      SONAR_HOST_URL: https://sonarcloud.io
      SONAR_LOGIN: ${{SONAR_TOKEN}}
      SONAR_PROJECT_BASE_DIR: ${{CF_REPO_NAME}}
      SONAR_SCANNER_CLI_VERSION: latest
      SONAR_ANALYSIS_PARAMETERS:
        - sonar.branch.name=${{CF_BRANCH}}
        - project.settings=/codefresh/volume/${{CF_REPO_NAME}}/sonar-project.properties

Document provided by codefresh integration with sonarcloud is provided below

Second issue:
The PR decoration works with autoscan but not with codefresh

dmeneses · July 24, 2023, 2:00pm

Hi,
The scanner is being configured as analyzing a branch, not a pull request.
Can you please try configuring it using these properties?

tshaji · July 26, 2023, 3:04pm

We did try these(https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/other-cis/). This is also not working.

dmeneses · July 26, 2023, 8:35pm

Can you confirm in the scanner logs that the PR is correctly configured? If possible, could you please share the scanner logs?

About the other question:

If you’d like to create multiple SonarCloud projects based on the build of the monorepo, you’d have call the sonar-scanner-cli once per project.

tshaji · July 31, 2023, 4:24pm

The logs are shown below. It appears that pull requests are set up properly.

Running plugin analyze_code                                                                                                                                      
Rendering steps for plugin analyze_code...                                                                                                                       
Finished rendering steps for plugin analyze_code                                                                                                                 
Pulling image sonarsource/sonar-scanner-cli:latest                                                                                                               
Digest: sha256:db6c4258d5534f8238b8d0c5b47194b1776f4f0f3f9f318b9d494811926ed701                                                                                  
Status: Image is up to date for sonarsource/sonar-scanner-cli:latest                                                                                             
------------------------------                                                                                                                                   
Executing command: sonar-scanner -Dproject.settings=/codefresh/volume/LaFiducia/sonar-project.properties -Dsonar.pullrequest.base=develop -Dsonar.pullrequest.bra
nch=SMREF-532b -Dsonar.pullrequest.key=5                                                                                                                         
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties                                                                               
INFO: Project root configuration file: /codefresh/volume/LaFiducia/sonar-project.properties                                                                      
INFO: SonarScanner 4.8.0.2856                                                                                                                                    
INFO: Java 11.0.19 Alpine (64-bit)                                                                                                                               
INFO: Linux 5.15.102 amd64                                                                                                                                       
INFO: SONAR_SCANNER_OPTS=-Xmx2048m                                                                                                                               
INFO: User cache: /opt/sonar-scanner/.sonar/cache                                                                                                                
INFO: Analyzing on SonarCloud                                                                                                                                    
INFO: Default locale: "en_US", source code encoding: "UTF-8"                                                                                                     
INFO: Load global settings (done) | time=481ms                                                                                                                   
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu                                                                                                                   
INFO: User cache: /opt/sonar-scanner/.sonar/cache                                                                                                                
INFO: Load/download plugins                                                                                                                                      
INFO: Load plugins index                                                                                                                                         
INFO: Load plugins index (done) | time=442ms                                                                                                                     
INFO: Load/download plugins (done) | time=21623ms                                                                                                                
INFO: Loaded core extensions: developer-scanner