Receiving "shallow clone" warning although no .git/shallow files are present

SonarQube Cloud
1

My setup:

  • ALM: GitHub
  • Languages of the repository: mainly Java
  • Error observed: “Shallow clone detected during the analysis. Some files will miss SCM information. This will affect features like auto-assignment of issues. Please configure your build to disable shallow clone.”
  • Steps to reproduce: Push to the repository, wait for Sonar workflow to complete
  • Potential workaround: None

I am getting the above warning in the SonarQube Cloud web UI although my repositories (I check out two repositories in the same workflow) are not checked out “shallow”:

git rev-parse --is-shallow-repository

false

I also check for the presence of any .git/shallow files; none are found.

To my understanding, the presence of .git/shallow files is the only thing that should matter according to some Sonar code snippets (e.g.: sonarqube/sonar-scanner-engine/src/main/java/org/sonar/scm/git/CompositeBlameCommand.java at master · SonarSource/sonarqube) I have seen.

I am beginning to think that I am running into a SonarQube Cloud bug here. Anything else I could look out for?

Unfortunately SonarQube Cloud does not give any insights into its checks here; in particular there is no visible information on why the build is considered shallow. So it’s just a guessing game unfortunately.

Thanks!

2

Hi,

Welcome to the community!

Tell me about your checkout.

And can you share that full analysis log, starting from the analysis command itself and redacted as necessary?

 
Thx,
Ann

3

Hi Ann,

It seems like the warning has disappeared once I merged the fetch-depth: 0 stuff to the target branch, which seems counterintuitive to me as I care about the code to be merged (i.e. the source branch) after all when performing PR analysis.

Could you elaborate on why a missing fetch-depth: 0 on the target branch (before merge) might be to blame? I don’t need any further help on top of that at the moment as the issue is resolved, at least for now.

Thanks.

4

Hi,

My understanding is that many CIs default to shallow clones for efficiency. As to target branch vs your PR branch… are you saying that fetch-depth:0 existed in your feature branch? Whether or not it was, this CI behavior isn’t something I’m really qualified to opine on.

 
Ann

5

Yes, exactly, it existed on the feature branch and only there. I thought that was was mattered, but no, the message only went away once that line had arrived on the target branch.