We created a monorepo project in sonarcloud and using a monorepo in github, we want to set a quality gate requirement for each project inside that monorepo.
Each project has it’s own set of tests and using the path github action, we’re able to selectively run the tests and invoke sonarcloud for them, everything works fine until we made the requirement for the sonarcloud gate tests.
If the quality gates would return passing/failing as part of the workflow that initiated them using sonarsource/sonarcloud-github-action@master it would work, because we skip those tests. But sonarcloud creates a new thing in the github actions, which we have no control on skipping.
How do we skip a quality gate for a test that isn’t being tested?
Are you running the analysis for each project on all pull requests, no matter which source files were changed? If you take a look at this sample project then you can see that SonarCloud only adds GitHub checks for analysis that were actually run on the PR. If you skip one project analysis based on which source files have changed (see the workflow definition in the sample project), then SonarCloud is not going to add a GitHub check for this project on the PR.
I use github actions dorny/paths-filter@v2 to only run tests on specific projects. The problem is requirements on sonarcloud action is always present, even if i skip the test, because it’s a requirement.
Unfortunately it looks like a limitation on GitHub side. I found this thread on GitHub, maybe you can find something in there that you could use to work around this problem?
Github skipping a project is not a problem with the paths-filter GH action. It only runs tests on each folder. The problem is the results from sonarcloud are pushed as a new thing on the list. If the sonarcloud tests are returned as part of the workflow that requested them, it wouldn’t be an issue.
If I understood correctly, then you are running the SonarCloud analysis only when there were actual changes, with the help of the GitHub paths-filter. And since this is a monorepo, SonarCloud generates a check for each project that was analyzed on the PR. Now, the problem is that the SonarCloud checks are marked as required, which means that GitHub adds them even though no analysis was performed on your side, correct? For me, this sounds very similar to the GitHub thread I have linked above, which is about a limitation on GitHub side.
Adding a check with the last analysis results for all projects in the monorepo even though no analysis was performed would add a lot of noise to larger monorepos.
I find the reason is that we set all the SonarCloud Code Analysis is required instead of some specific repo like the screenshot.
If we don’t set it as required, it would be checked only involved in the CI.
