LCOV report paths do not find any files

Cosmin_Cazac · May 8, 2023, 11:57am

Hello,

I have a monorepo setup and one SonarCloud project for each app of the monorepo. I want to have the Javascript/Typescript unit test coverage reflected in SonarCloud. Below is my current GitHub actions job:

  SonarCloud:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Download App1 code coverage
        uses: actions/download-artifact@v3
        with:
          name: app1-coverage
          path: app1-coverage # this is stored in ${{ github.workspace }}/app1-coverage
      - name: Debug
        run: find ${{ github.workspace }}/app1-coverage/libs -name "lcov.info"
      - name: SonarCloud App1 Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          projectBaseDir: apps/app1
          args: >
            -Dsonar.organization=my-org
            -Dsonar.projectKey=my-project-key
            -Dsonar.javascript.lcov.reportPaths=${{ github.workspace }}/app1-coverage/libs/**/lcov.info

I have another job which runs before this one and runs all unit tests with coverage and uploads them as an artifact. In this step I download that artifact and I want to feed the files as source for the SonarCloud coverage report. The coverage files are in the proper format (I already use the exact same files in SonarQube without any problems, but now I’m moving to SonarCloud). Also, when running the find command inside the Debug step above I get the correct list of all the files, so they exist at the proper location, but somehow SonarCloud is not capable of finding them.
I also tried the following combinations, without success:

setting -Dsonar.javascript.lcov.reportPaths=**/lcov.info
setting -Dsonar.working.directory=${{ github.workspace }} and -Dsonar.javascript.lcov.reportPaths=./app1-coverage/libs/**/lcov.info
setting the working directory as in attempt 2, and -Dsonar.javascript.lcov.reportPaths=${{ github.workspace }}/app1-coverage/libs/**/lcov.info
removing projectBaseDir: apps/app1
adding one more step before to add permissions for the folder and sub-folders (run: chmod -R +r ${{ github.workspace }}/app1-coverage)
moving the unit tests run from a different job into the same job as SonarCloud, as a different step which gets triggered before the scan step (and combine that with all the configuration changes described above)

Regardless of what I tried, I always get:

INFO: No LCOV files were found using <PATH_TO_LCOV_FILES>
WARN: No coverage information will be saved because all LCOV files cannot be found.

Any idea what could be the issue?

Thanks,
Cosmin

ganncamp · May 9, 2023, 5:54pm

Hi Cosmin,

I notice that you’ve specified

Per the docs, that parameter doesn’t accept wildcards in the paths.

Unless otherwise specified, these properties require values that are relative to the project root. Some properties support the following wildcards in paths. The remarks for properties that support wildcards will mention this fact. If wildcards are not noted for a given property, then they are not supported for that property.

HTH,
Ann

Cosmin_Cazac · May 10, 2023, 7:33am

Hello Ann,

Thanks for pointing that out. I am in the process of moving from SonarQube (where wildcards are supported and working fine for this parameter) to SonarCloud and I was just trying to migrate the configuration by copy-pasting it. I was not expecting that the behaviour is different. Nevertheless, I did the suggested change and concatenated the paths with a comma separator and provided them to the Dsonar.javascript.lcov.reportPaths parameter, and now I get the same message (below) 17 times (because I have 17 LCOV files), with the proper paths for each of these files.

INFO: No LCOV files were found using /home/runner/work/<REPO_NAME>/<REPO_NAME>/app1-coverage/libs/some/proper/lib/path/lcov.info

Below is my GitHub step:

  SonarCloud:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Download app1 code coverage
        uses: actions/download-artifact@v3
        with:
          name: app1-coverage
          path: app1-coverage
      - name: Extract app1 coverage files
        run: app1CoverageFiles=$(find ${{ github.workspace }}/app1-coverage/libs -name "lcov.info" -type f -print | tr '\n' ',')
          echo "APP1_COVERAGE_FILES=$app1CoverageFiles" >> $GITHUB_ENV
      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          projectBaseDir: apps/app1
          args: >
            -Dsonar.organization=my-org
            -Dsonar.projectKey=my-project-key
            -Dsonar.javascript.lcov.reportPaths=${{ env.APP1_COVERAGE_FILES }}

ganncamp · May 10, 2023, 2:36pm

Hi,

Could you provide the full analysis log, please?

Thx,
Ann

Cosmin_Cazac · May 10, 2023, 3:26pm

Hi Ann,

The repository is private and contains information which I would not like to make public. Can I maybe send the logs to you somehow privately?

Thanks,
Cosmin

ganncamp · May 10, 2023, 3:33pm

Hi Cosmin,

Feel free to redact the logs as necessary.

Ann

Cosmin_Cazac · May 10, 2023, 3:48pm

Below you can find the logs (I initially tried to set verbose=true and provide the detailed logs, but those were going way above the max. characters limit):

/usr/bin/docker run --name ed866ea3751273351f47a895d7642252ad796a_e9fd38 --label ed866e --workdir /github/workspace --rm -e "APP1app1_COVERAGE_FILES" -e "NX_BASE" -e "NX_HEAD" -e "GITHUB_TOKEN" -e "SONAR_TOKEN" -e "INPUT_PROJECTBASEDIR" -e "INPUT_ARGS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd":"/github/workspace" ed866e:a3751273351f47a895d7642252ad796a -Dsonar.organization=my-org-io -Dsonar.projectKey=app1 -Dsonar.working.directory=/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd -Dsonar.javascript.lcov.reportPaths=/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/apollo/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/shared/environments/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/shared/domain/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/top-up/feature/summary/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/top-up/feature/top-up/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/top-up/domain/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/top-up/shell/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/shell/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/theme/feature/switcher/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/theme/domain/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/test-util/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/footer/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/blockchain-selection-list/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/feedback-card/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/logo/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/util/lcov.info,/home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/util/lcov.info, -Dsonar.test.inclusions=**/*.spec.ts -Dsonar.exclusions=jest.config.ts,decorate-angular-cli.js,**/segment-analytics.js,**/environment.ts,**/environment.prod.ts,**/main.ts,jest.preset.js -Dsonar.coverage.exclusions=**/environment.ts,**/environment.prod.ts,**/main.ts,**/polyfills.ts,**/*.model.ts,jest.config.ts,**/segment-analytics.js,jest.preset.js,**/*.token.ts,**/*.animation.ts,jest.preset.js,**/*.stories.ts,**/*.module.ts,**/*.runner.ts,**/app-config.loader.ts
INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.8.0.2856
INFO: Java 11.0.19 Alpine (64-bit)
INFO: Linux 5.15.0-1037-azure amd64
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Analyzing on SonarCloud
INFO: Default locale: "en_US", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=943ms
INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=907ms
INFO: Load/download plugins (done) | time=29250ms
INFO: Loaded core extensions: developer-scanner
INFO: Found an active CI vendor: 'Github Actions'
INFO: Load project settings for component key: 'app1'
INFO: Load project settings for component key: 'app1' (done) | time=832ms
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=2ms
INFO: Project key: app1
INFO: Base dir: /github/workspace/apps/app1
INFO: Working dir: /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd
INFO: Load project branches
INFO: Load project branches (done) | time=844ms
INFO: Check ALM binding of project 'app1'
INFO: Detected project binding: BOUND
INFO: Check ALM binding of project 'app1' (done) | time=814ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=842ms
INFO: Load branch configuration
INFO: Github event: push
INFO: Auto-configuring branch main
INFO: Load branch configuration (done) | time=11ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=893ms
INFO: Load active rules
INFO: Load active rules (done) | time=9068ms
INFO: Organization key: my-org-io
INFO: Branch name: main, type: long-lived
INFO: Load project repositories
INFO: Load project repositories (done) | time=851ms
INFO: Indexing files...
INFO: Project configuration:
INFO:   Excluded sources: **/build-wrapper-dump.json, jest.config.ts, decorate-angular-cli.js, **/segment-analytics.js, **/environment.ts, **/environment.prod.ts, **/main.ts, jest.preset.js, **/*.spec.ts
INFO:   Included tests: **/*.spec.ts
INFO:   Excluded sources for coverage: **/environment.ts, **/environment.prod.ts, **/main.ts, **/polyfills.ts, **/*.model.ts, jest.config.ts, **/segment-analytics.js, jest.preset.js, **/*.token.ts, **/*.animation.ts, jest.preset.js, **/*.stories.ts, **/*.module.ts, **/*.runner.ts, **/app-config.loader.ts
INFO: 11 files indexed
INFO: 2 files ignored because of inclusion/exclusion patterns
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for json: Sonar way
INFO: Quality profile for ts: Sonar way
INFO: Quality profile for web: Sonar way
INFO: ------------- Run sensors on module app1
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=827ms
INFO: Sensor cache enabled
INFO: Load sensor cache
INFO: Load sensor cache (3 KB) | time=1631ms
INFO: Sensor IaC CloudFormation Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC CloudFormation Sensor [iac] (done) | time=26ms
INFO: Sensor IaC Kubernetes Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Kubernetes Sensor [iac] (done) | time=9ms
INFO: Sensor C# Project Type Information [csharp]
INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
INFO: Sensor C# Analysis Log [csharp]
INFO: Sensor C# Analysis Log [csharp] (done) | time=18ms
INFO: Sensor C# Properties [csharp]
INFO: Sensor C# Properties [csharp] (done) | time=1ms
INFO: Sensor HTML [web]
INFO: Sensor HTML [web] (done) | time=66ms
INFO: Sensor TextAndSecretsSensor [text]
INFO: 11 source files to be analyzed
INFO: 11/11 source files have been analyzed
INFO: Sensor TextAndSecretsSensor [text] (done) | time=60ms
INFO: Sensor VB.NET Project Type Information [vbnet]
INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
INFO: Sensor VB.NET Analysis Log [vbnet]
INFO: Sensor VB.NET Analysis Log [vbnet] (done) | time=22ms
INFO: Sensor VB.NET Properties [vbnet]
INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
INFO: Sensor JaCoCo XML Report Importer [jacoco]
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
INFO: Sensor TypeScript analysis [javascript]
INFO: Found 1 tsconfig.json file(s): [/github/workspace/apps/app1/tsconfig.json]
INFO: Creating TypeScript program
INFO: TypeScript configuration file /github/workspace/apps/app1/tsconfig.json
INFO: 4 source files to be analyzed
INFO: Creating TypeScript program (done) | time=94ms
INFO: Starting analysis with current program
INFO: Analyzed 0 file(s) with current program
INFO: Creating TypeScript program
INFO: TypeScript configuration file /github/workspace/apps/app1/tsconfig.app.json
INFO: Creating TypeScript program (done) | time=3395ms
INFO: Starting analysis with current program
INFO: Analyzed 3 file(s) with current program
INFO: Creating TypeScript program
INFO: TypeScript configuration file /github/workspace/apps/app1/tsconfig.spec.json
INFO: Creating TypeScript program (done) | time=751ms
INFO: Starting analysis with current program
INFO: Analyzed 1 file(s) with current program
INFO: Creating TypeScript program
INFO: TypeScript configuration file /github/workspace/apps/app1/tsconfig.editor.json
INFO: Creating TypeScript program (done) | time=1534ms
INFO: Starting analysis with current program
INFO: Analyzed 0 file(s) with current program
INFO: 4/4 source files have been analyzed
INFO: Hit the cache for 0 out of 4
INFO: Miss the cache for 4 out of 4: ANALYSIS_MODE_INELIGIBLE [4/4]
INFO: Sensor TypeScript analysis [javascript] (done) | time=15960ms
INFO: Sensor JavaScript inside HTML analysis [javascript]
INFO: 2 source files to be analyzed
INFO: 2/2 source files have been analyzed
INFO: Hit the cache for 0 out of 2
INFO: Miss the cache for 2 out of 2: ANALYSIS_MODE_INELIGIBLE [2/2]
INFO: Sensor JavaScript inside HTML analysis [javascript] (done) | time=52ms
INFO: Sensor CSS Rules [javascript]
INFO: 2 source files to be analyzed
INFO: 2/2 source files have been analyzed
INFO: Hit the cache for 0 out of 0
INFO: Miss the cache for 0 out of 0
INFO: Sensor CSS Rules [javascript] (done) | time=229ms
INFO: Sensor JavaScript/TypeScript Coverage [javascript]
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/logo/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/shared/domain/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/top-up/domain/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/feedback-card/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/blockchain-selection-list/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/top-up/feature/summary/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/top-up/shell/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/test-util/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/footer/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/shell/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/ui/util/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/apollo/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/top-up/feature/top-up/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/theme/domain/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/util/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/shared/theme/feature/switcher/lcov.info
INFO: No LCOV files were found using /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/app1-coverage/libs/app1/shared/environments/lcov.info
WARN: No coverage information will be saved because all LCOV files cannot be found.
INFO: Sensor JavaScript/TypeScript Coverage [javascript] (done) | time=28ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
INFO: Sensor IaC Docker Sensor [iac]
INFO: 0 source files to be analyzed
INFO: 0/0 source files have been analyzed
INFO: Sensor IaC Docker Sensor [iac] (done) | time=206ms
INFO: Sensor Serverless configuration file sensor [security]
INFO: 0 Serverless function entries were found in the project
INFO: 0 Serverless function handlers were kept as entrypoints
INFO: Sensor Serverless configuration file sensor [security] (done) | time=5ms
INFO: Sensor AWS SAM template file sensor [security]
INFO: Sensor AWS SAM template file sensor [security] (done) | time=1ms
INFO: Sensor AWS SAM Inline template file sensor [security]
INFO: Sensor AWS SAM Inline template file sensor [security] (done) | time=1ms
INFO: Sensor javabugs [dbd]
INFO: Reading IR files from: /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/ir/java
INFO: No IR files have been included for analysis.
INFO: Sensor javabugs [dbd] (done) | time=3ms
INFO: Sensor pythonbugs [dbd]
INFO: Reading IR files from: /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/ir/python
INFO: No IR files have been included for analysis.
INFO: Sensor pythonbugs [dbd] (done) | time=2ms
INFO: Sensor JavaSecuritySensor [security]
INFO: Reading type hierarchy from: /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/ucfg2/java
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor JavaSecuritySensor [security] (done) | time=6ms
INFO: Sensor CSharpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/runner/work/temp-frontend-clients-fo-cicd/ucfg_cs2
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor CSharpSecuritySensor [security] (done) | time=2ms
INFO: Sensor PhpSecuritySensor [security]
INFO: Reading type hierarchy from: /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/ucfg2/php
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PhpSecuritySensor [security] (done) | time=2ms
INFO: Sensor PythonSecuritySensor [security]
INFO: Reading type hierarchy from: /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/ucfg2/python
INFO: Read 0 type definitions
INFO: No UCFGs have been included for analysis.
INFO: Sensor PythonSecuritySensor [security] (done) | time=2ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/ucfg2/js
INFO: Read 0 type definitions
INFO: Reading UCFGs from: /home/runner/work/temp-frontend-clients-fo-cicd/temp-frontend-clients-fo-cicd/ucfg2/js
INFO: 07:46:11.491319 Building Runtime Type propagation graph
INFO: 07:46:11.497992 Running Tarjan on 32 nodes
INFO: 07:46:11.503855 Tarjan found 32 components
INFO: 07:46:11.510466 Variable type analysis: done
INFO: 07:46:11.511377 Building Runtime Type propagation graph
INFO: 07:46:11.513583 Running Tarjan on 32 nodes
INFO: 07:46:11.514287 Tarjan found 32 components
INFO: 07:46:11.514994 Variable type analysis: done
INFO: Analyzing 6 ucfgs to detect vulnerabilities.
INFO: Taint analysis starting. Entrypoints: 5
INFO: Running symbolic analysis for 'JS'
INFO: Taint analysis: done.
INFO: Sensor JsSecuritySensor [security] (done) | time=2296ms
INFO: ------------- Run sensors on project
INFO: Sensor Analysis Warnings import [csharp]
INFO: Sensor Analysis Warnings import [csharp] (done) | time=2ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=2ms
INFO: CPD Executor 5 files had no CPD blocks
INFO: CPD Executor Calculating CPD for 1 file
INFO: CPD Executor CPD calculation finished (done) | time=9ms
INFO: Analysis report generated in 212ms, dir size=225 KB
INFO: Analysis report compressed in 44ms, zip size=53 KB
INFO: Analysis report uploaded in 1367ms
INFO: ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=app1&branch=main
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=HIDDEN
INFO: Sensor cache published successfully
INFO: Time spent writing ucfgs 18ms
INFO: Analysis total time: 50.855 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 1:29.128s
INFO: Final Memory: 71M/159M
INFO: ------------------------------------------------------------------------

ganncamp · May 10, 2023, 4:10pm

Hi,

Here are a few excerpts from your log:

So there are two entirely different directories - with two different roots - in play.

Analysis is finding files in /github/workspace/...

It is not finding files in /home/runner/work...

Looking back at the analysis command, I see you’ve specified

Cross-referencing to the docs, I see that that property lets you

Set the working directory for an analysis … The path must be relative, and unique for each project.
Warning: the specified folder is deleted before each analysis.

So the “working directory” is basically the analysis’ scratch pad. Presumably the files you put there before you invoke analysis are already gone by the time analysis tries to read them.

Instead, report files need to be found/findable in the analysis base directory.

Regarding the patterns for specifying paths to the reports, it likely does work to use **, just like it did for SonarQube. The underlying analysis engines are the same. I was going off the docs because there’s too much to keep in my head at one time. And I apologize for the confusion & unneeded extra test run.

HTH,
Ann

Cosmin_Cazac · May 11, 2023, 8:22am

I also tried to run the analysis without setting the working directory, with same results. So the coverage files are not located inside /github/workspace/apps/app1, but the problem is that I cannot move my artifacts (the coverage files) into /github/workspace/apps/app1, as I am told that I don’t have enough permissions: mkdir: cannot create directory ‘/github’: Permission denied. I tried providing more permissions via chmod -R 755 /github/workspace without success. How can someone then trigger the analysis if the tests (and coverage files) where triggered as part of a different job? I don’t think this is an exotic scenario, as a regular workflow consists of the following jobs: Lint → Test → Build → Deploy (maybe) → Run SonarCloud. But even if I run the unit tests in the same job as the SonarCloud analysis, based on the monorepo setup that I have, the folder structure is as following:

apps
  |-- app1
  |-- app2
libs
  |-- app1
  |     |-- lib1
  |-- app2
  |     |-- lib2
coverage
  |-- apps
  |     |-- app1
  |     |-- app2
  |-- libs
  |     |-- app1
  |     |      |-- lib1
  |     |-- app2
  |            |-- lib2

so, since the coverage folder is at the same level as the apps folder and I set the baseDir as apps/app1 the coverage files will never be findable inside the baseDir, unless I move them there somehow. But since moving them there gives me the “Permission denied” error mentioned above, how can I make this configuration work?

ganncamp · May 11, 2023, 7:50pm

Hi,

The reports need to be somewhere under project root. I.e. under /github/workspace/apps/app1. Otherwise analysis is going to have a hard time finding them. (I’m not sure it’s possible at all, but I’ve been surprised before.)

In our experience it is. Build → Test → SonarCloud → Deploy IFF SQ Quality Gate passes.

One way to approach this might be to trigger analysis from the directory above apps, and set sonar.sources to the correct subdirectory.

Maybe have a “persuasive talk” with your sysadmins?

HTH,
Ann