I’m using sonarcloud + github on a private repo, mainly a python project. analysis worked well enough, but I wanted to get coverage too so I’ve switched to the sonar-scanner-cli … (after trying the action and having a number of issues).
But I can’t get pull request analysis to correctly detect changes:
sonar-project.properties looks like this
sonar.projectKey=XXXXX
sonar.organization=XXXX
sonar.host.url=https://sonarcloud.io
sonar.python.version=3.9
sonar.exclusions=scripts/**/*,docker/locust/**/*,**/*_tests.py
sonar.test.inclusions=**/*_tests.py,**/test_*.py,features/*.feature
sonar.cpd.exclusions=**/*_tests.py,features/**/*,**/conftest.py
sonar.testExecutionReportPaths=sonar/tests.xml
sonar.python.coverage.reportPaths=sonar/coverage.xml
sonar.coverage.exclusions=./scripts/**
sonar.python.file.suffixes=.py
running sonar with sonar-scanner -X -Dsonar.projectBaseDir=${GITHUB_WORKSPACE}
here’s some key info from the debug logs for a recent build
switching to ‘pull/554/merge’.
git branch:
*(HEAD detached at pull/554/merge)
develop
git log --oneline -n 3
deb8b944 Merge 87a990b0d11f26a40384330487af1605dddfe4a5 into 94ba4dfd5c1cfbade5ef7a16837dde89c4afd5df
87a990b0 mesh-663: sound-proofing
94ba4dfd Merge pull request #543
so 94ba4dfd5c1cfbade5ef7a16837dde89c4afd5df is the base/target branch SHA
there are 62 modified files in the change …
but …
in the scanner logs I see:
21:10:27.503 INFO: Load branch configuration
21:10:27.504 INFO: Github event: pull_request
21:10:27.522 INFO: Auto-configuring pull request 554
and then
21:10:51.885 DEBUG: Merge base sha1: 87a990b0d11f26a40384330487af1605dddfe4a5
21:10:51.888 DEBUG: SCM reported changed lines for 0 files in the branch
21:10:51.888 INFO: SCM writing changed lines (done) | time=21ms
21:10:53.830 INFO: Analysis report generated in 2115ms, dir size=219 KB
21:10:53.980 INFO: Analysis report compressed in 149ms, zip size=92 KB
I’ve also tried running the scanner with specific params:
sonar-scanner -X -Dsonar.projectBaseDir=${GITHUB_WORKSPACE} -Dsonar.pullrequest.branch=${GITHUB_HEAD_REF} -Dsonar.pullrequest.base=${GITHUB_BASE_REF} -Dsonar.pullrequest.key=${{ github.event.number }}
but still I see ‘no changes’ coverage / or affected files in the PR analysis
additionally, given the prerequisites in Pull Request Analysis | SonarQube Docs
Before analyzing your Pull Requests, make sure that:
- The Pull Request source branch is checked out in the local repository.
- The branch being targeted by the Pull Request is fetched and present in the local repository.
I’ve also tried an explicit checkout to the two branches … e.g.
git checkout "${GITHUB_BASE_REF}"
git checkout "${GITHUB_HEAD_REF}"
sonar-scanner -X