Hello community,
recently I put just another repository from us under observation of SonarQube (v 8.4.2.36762). The repository is built on Github with a GitHub Actions workflow. The project contained in the repo is a Maven project, thus I use this Maven dependency for the analyser:
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.7.0.1746</version>
</plugin>
According to here I checkout my repo during the build with the following Github action:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up JDK 14
uses: actions/setup-java@v1
with:
java-version: '14'
- name: Build with SonarQube PR decoration
run: mvn clean verify sonar:sonar
-Dsonar.projectKey=${{ secrets.MY_PROJECT }}
-Dsonar.projectName=${{ secrets.MY_PROJECT }}
-Dsonar.host.url=${{ secrets.MY_URL }}
-Dsonar.login=${{ secrets.MY_TOKEN }}
-Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
-Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}
-Dsonar.pullrequest.key=${{github.event.pull_request.number}}
But unfortunately I do not see any information regarding the authors of the code. In the head of the project page in SonarQube I do see 2 warnings:
- Shallow clone detected during the analysis. Some files will miss SCM information. This will affect features like auto-assignment of issues. Please configure your build to disable shallow clone.
- Missing blame information for 33 files. This may lead to some features not working correctly. Please check the analysis logs.
How can I achieve this?