Reporting test coverage with GitHub App

Eonasdan · April 20, 2023, 4:10pm

ALM used: GitHub
CI system used: GitHub Actions
Scanner command: GitHub app integration
Languages of the repository: TS
Project URL: GitHub - Eonasdan/tempus-dominus: A powerful Date/time picker widget.

I have an OSS project on GitHub. I used the GitHub App for SonarCloud integration (thanks for providing that for free!) I don’t get any test coverage reporting during builds.

I have a GH action that runs vitest run --coverage but that coverage is not relayed to SC. I have a separate step that pushes the coverage to Coveralls, but that works because it’s an action step.

Is the only way to get SC coverage is if I manually setup a step in the action instead of the automatic scanning?

ganncamp · April 21, 2023, 3:48pm

Hi,

Welcome to the community!

We don’t pick up coverage reports automatically; you have to configure analysis to read them. Doing so is fairly simple though; just add the correct parameter with a path to the report(s) to be read.

That said, it doesn’t look like we support vitest, so you would need a pre-step to convert it to a supported format.

HTH,
Ann

Eonasdan · April 24, 2023, 1:30pm

I have this set in the project settings on SonarCloud.

The action pipeline runs with coverage with these reporters:

reporter: ['text', 'json', 'html', 'lcovonly'],

Locally, this creates a folder called coverage and includes the lcov.info file.

vitest is very similar to jest by the way.

This folder doesn’t get checked in but should still be part of the local files when the action is run.

ganncamp · April 24, 2023, 2:28pm

Hi,

Could you check your Project Administration → Background Tasks → [row dots menu] → Show SonarScanner Context and make sure sonar.javascript.lcov.reportPaths=./coverage/lcov.info shows up there?

Can you post or point to your analysis log?

Ann

Eonasdan · April 26, 2023, 12:44pm

That is set.

Project Analysis

SonarCloud plugins:
  - IaC Code Quality and Security 1.16.0.3845 (iac)
  - PL/SQL Code Quality and Security 3.8.0.4948 (plsql)
  - Scala Code Quality and Security 1.12.0.4259 (sonarscala)
  - C# Code Quality and Security 8.56.0.67649 (csharp)
  - Vulnerability Analysis 10.0.0.20234 (security)
  - Java Code Quality and Security 7.18.0.31443 (java)
  - HTML Code Quality and Security 3.7.1.3306 (web)
  - Flex Code Quality and Security 2.8.0.3166 (flex)
  - XML Code Quality and Security 2.7.0.3820 (xml)
  - Text Code Quality and Security 2.0.2.1090 (text)
  - VB.NET Code Quality and Security 8.56.0.67649 (vbnet)
  - Swift Code Quality and Security 4.8.0.5759 (swift)
  - CFamily Code Quality and Security 6.44.0.61773 (cpp)
  - Python Code Quality and Security 4.2.0.11487 (python)
  - Dataflow Bug Detection Rules for Python 1.13.0.3408 (dbdpythonfrontend)
  - Dataflow Bug Detection 1.13.0.3408 (dbd)
  - Go Code Quality and Security 1.12.0.4259 (go)
  - JaCoCo 1.3.0.1538 (jacoco)
  - Kotlin Code Quality and Security 2.14.0.2352 (kotlin)
  - Dataflow Bug Detection Rules for Java 1.13.0.3408 (dbdjavafrontend)
  - T-SQL Code Quality and Security 1.8.0.5601 (tsql)
  - Apex Code Quality and Security 1.12.0.4259 (sonarapex)
  - JavaScript/TypeScript/CSS Code Quality and Security 10.1.0.21143 (javascript)
  - Ruby Code Quality and Security 1.12.0.4259 (ruby)
  - Vulnerability Rules for C# 10.0.0.20234 (securitycsharpfrontend)
  - Vulnerability Rules for Java 10.0.0.20234 (securityjavafrontend)
  - License for SonarLint 8.0.0.40165 (license)
  - Vulnerability Rules for JS 10.0.0.20234 (securityjsfrontend)
  - COBOL Code Quality 5.2.0.5949 (cobol)
  - Vulnerability Rules for Python 10.0.0.20234 (securitypythonfrontend)
  - PHP Code Quality and Security 3.28.0.9490 (php)
  - ABAP Code Quality and Security 3.11.0.4030 (abap)
  - Configuration detection fot Code Quality and Security 1.2.0.267 (config)
  - Vulnerability Rules for PHP 10.0.0.20234 (securityphpfrontend)
Global server settings:
  - delete_old_projects_deployment_date=1671634414000
  - delete_old_projects_excluded_project_kees=brave_brave-core,simgrid_simgrid,apache_struts,microsoft_vscode-python,mediawiki-core,jhipster-sample-application,JMeter,typo3,org.xwiki.platform:xwiki-platform,apache_ofbiz-framework,org.nuxeo:nuxeo-ecm,monica,sonarlint-visualstudio
  - email.from=noreply@sonarcloud.io
  - email.fromName=SonarCloud
  - email.prefix=[SonarCloud]
  - sonar.auth.bitbucket.enabled=true
  - sonar.auth.microsoft.enabled=true
  - sonar.core.id=1BD809FA-AWHW8ct9-T_TB3XqouNu
  - sonar.core.serverBaseURL=https://sonarcloud.io
  - sonar.core.startTime=2023-04-20T16:02:05+0200
  - sonar.dbcleaner.weeksBeforeDeletingAllSnapshots=260
  - sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByMonth=4
  - sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByWeek=1
  - sonar.global.exclusions=**/build-wrapper-dump.json
  - sonar.lf.enableGravatar=true
  - sonar.lf.logoWidthPx=105
  - sonar.maintenance_mode.link=https://sonarcloud.statuspage.io/incidents/66vlr4dc3jwy
  - sonar.maintenance_mode.message=Results of analyses performed prior to 6:15am CET may not be available yet and will be progressively provided throughout coming hours. Results of analysis performed after 8:00am CET are available.
  - sonar.maintenance_mode.start_date=2022-03-26T23:00:00.000+01:00
  - sonar.organizations.anyoneCanCreate=true
  - sonar.organizations.createPersonalOrg=true
  - sonar.plsql.file.suffixes=sql,tab,pkb
  - sonar.sensor.cache.baseUrl=https://ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com/current
  - sonar.tsql.file.suffixes=.tsql
Project server settings:
  - sonar.autoscan.enabled=true
  - sonar.coverage.exclusions=dist/\*\*/*,coverage/**/*,test/**/*
  - **sonar.javascript.lcov.reportPaths=./coverage/lcov.info**
Project scanner properties:
  - sonar.analysisUuid=AYeptfrQVcCJyDUN8kdz
  - sonar.c.file.suffixes=-
  - sonar.coverage.exclusions=**/*
  - sonar.cpp.file.suffixes=-
  - sonar.exclusions=**/*.java,**/*.jav,**/*.cs,**/*.vb,**/*.c,**/*.h,**/*.cc,**/*.cpp,**/*.cxx,**/*.c++,**/*.hh,**/*.hpp,**/*.hxx,**/*.h++,**/*.ipp,**/*.m,**/*.sql,**/*.tab,**/*.pkb
  - sonar.host.url=https://sonarcloud.io/
  - sonar.login=
  - sonar.objc.file.suffixes=-
  - sonar.organization=
  - sonar.password=
  - sonar.projectBaseDir=/tmp/clone1990371123053526118
  - sonar.projectKey=
  - sonar.scanner.app=ScannerCLI
  - sonar.scanner.appVersion=4.8.0.2856
  - sonar.scm.provider=git
  - sonar.sourceEncoding=UTF-8
  - sonar.sources=.
  - sonar.test.exclusions=**/*.java,**/*.jav,**/*.cs,**/*.vb,**/*.c,**/*.h,**/*.cc,**/*.cpp,**/*.cxx,**/*.c++,**/*.hh,**/*.hpp,**/*.hxx,**/*.h++,**/*.ipp,**/*.m,**/*.sql,**/*.tab,**/*.pkb
  - sonar.working.directory=/tmp/clone1990371123053526118/.scannerwork

ganncamp · April 26, 2023, 4:16pm

Hi,

Thanks for the context. Can you also provide your analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

Ann

Eonasdan · April 27, 2023, 1:44pm

The linked article doesn’t really help me. I’m using the GitHub App in a TypeScript project.

Do I just need to drop the app and set up the GH Action instead?

ganncamp · April 27, 2023, 3:09pm

Hi,

I’m looking for your GH Action logs, then.

Ann

Eonasdan · April 28, 2023, 1:06pm

I’m not using GH Actions. I’m using the GH App integration.

There are no logs here. I don’t see logs in GH or on SonarCloud for this run.

ganncamp · April 28, 2023, 1:26pm

Hi,

Where is analysis running?

Ann

Eonasdan · May 1, 2023, 1:17pm

There’s a link to the GH pull request above if that’s what you mean.

Otherwise, I’m not sure what you mean.

ganncamp · May 1, 2023, 2:38pm

Hi,

Are you using automatic analysis? We don’t support the import of coverage reports in that case. You’ll need to switch to a CI / GH Actions analysis for that.

Ann