Reporting test coverage with GitHub App

I have an OSS project on GitHub. I used the GitHub App for SonarCloud integration (thanks for providing that for free!) I don’t get any test coverage reporting during builds.

I have a GH action that runs vitest run --coverage but that coverage is not relayed to SC. I have a separate step that pushes the coverage to Coveralls, but that works because it’s an action step.

Is the only way to get SC coverage is if I manually setup a step in the action instead of the automatic scanning?


Welcome to the community!

We don’t pick up coverage reports automatically; you have to configure analysis to read them. Doing so is fairly simple though; just add the correct parameter with a path to the report(s) to be read.

That said, it doesn’t look like we support vitest, so you would need a pre-step to convert it to a supported format.


I have this set in the project settings on SonarCloud.

The action pipeline runs with coverage with these reporters:

reporter: ['text', 'json', 'html', 'lcovonly'],

Locally, this creates a folder called coverage and includes the file.


vitest is very similar to jest by the way.

This folder doesn’t get checked in but should still be part of the local files when the action is run.


Could you check your Project Administration → Background Tasks → [row dots menu] → Show SonarScanner Context and make sure sonar.javascript.lcov.reportPaths=./coverage/ shows up there?

Can you post or point to your analysis log?


That is set.

Project Analysis
SonarCloud plugins:
  - IaC Code Quality and Security (iac)
  - PL/SQL Code Quality and Security (plsql)
  - Scala Code Quality and Security (sonarscala)
  - C# Code Quality and Security (csharp)
  - Vulnerability Analysis (security)
  - Java Code Quality and Security (java)
  - HTML Code Quality and Security (web)
  - Flex Code Quality and Security (flex)
  - XML Code Quality and Security (xml)
  - Text Code Quality and Security (text)
  - VB.NET Code Quality and Security (vbnet)
  - Swift Code Quality and Security (swift)
  - CFamily Code Quality and Security (cpp)
  - Python Code Quality and Security (python)
  - Dataflow Bug Detection Rules for Python (dbdpythonfrontend)
  - Dataflow Bug Detection (dbd)
  - Go Code Quality and Security (go)
  - JaCoCo (jacoco)
  - Kotlin Code Quality and Security (kotlin)
  - Dataflow Bug Detection Rules for Java (dbdjavafrontend)
  - T-SQL Code Quality and Security (tsql)
  - Apex Code Quality and Security (sonarapex)
  - JavaScript/TypeScript/CSS Code Quality and Security (javascript)
  - Ruby Code Quality and Security (ruby)
  - Vulnerability Rules for C# (securitycsharpfrontend)
  - Vulnerability Rules for Java (securityjavafrontend)
  - License for SonarLint (license)
  - Vulnerability Rules for JS (securityjsfrontend)
  - COBOL Code Quality (cobol)
  - Vulnerability Rules for Python (securitypythonfrontend)
  - PHP Code Quality and Security (php)
  - ABAP Code Quality and Security (abap)
  - Configuration detection fot Code Quality and Security (config)
  - Vulnerability Rules for PHP (securityphpfrontend)
Global server settings:
  - delete_old_projects_deployment_date=1671634414000
  - delete_old_projects_excluded_project_kees=brave_brave-core,simgrid_simgrid,apache_struts,microsoft_vscode-python,mediawiki-core,jhipster-sample-application,JMeter,typo3,org.xwiki.platform:xwiki-platform,apache_ofbiz-framework,org.nuxeo:nuxeo-ecm,monica,sonarlint-visualstudio
  - email.fromName=SonarCloud
  - email.prefix=[SonarCloud]
  - sonar.auth.bitbucket.enabled=true
  - sonar.core.serverBaseURL=
  - sonar.core.startTime=2023-04-20T16:02:05+0200
  - sonar.dbcleaner.weeksBeforeDeletingAllSnapshots=260
  - sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByMonth=4
  - sonar.dbcleaner.weeksBeforeKeepingOnlyOneSnapshotByWeek=1
  - sonar.lf.enableGravatar=true
  - sonar.lf.logoWidthPx=105
  - sonar.maintenance_mode.message=Results of analyses performed prior to 6:15am CET may not be available yet and will be progressively provided throughout coming hours. Results of analysis performed after 8:00am CET are available.
  - sonar.maintenance_mode.start_date=2022-03-26T23:00:00.000+01:00
  - sonar.organizations.anyoneCanCreate=true
  - sonar.organizations.createPersonalOrg=true
  - sonar.plsql.file.suffixes=sql,tab,pkb
  - sonar.sensor.cache.baseUrl=
  - sonar.tsql.file.suffixes=.tsql
Project server settings:
  - sonar.autoscan.enabled=true
  - sonar.coverage.exclusions=dist/\*\*/*,coverage/**/*,test/**/*
  - **sonar.javascript.lcov.reportPaths=./coverage/**
Project scanner properties:
  - sonar.analysisUuid=AYeptfrQVcCJyDUN8kdz
  - sonar.c.file.suffixes=-
  - sonar.coverage.exclusions=**/*
  - sonar.cpp.file.suffixes=-
  - sonar.exclusions=**/*.java,**/*.jav,**/*.cs,**/*.vb,**/*.c,**/*.h,**/*.cc,**/*.cpp,**/*.cxx,**/*.c++,**/*.hh,**/*.hpp,**/*.hxx,**/*.h++,**/*.ipp,**/*.m,**/*.sql,**/*.tab,**/*.pkb
  - sonar.login=
  - sonar.objc.file.suffixes=-
  - sonar.organization=
  - sonar.password=
  - sonar.projectBaseDir=/tmp/clone1990371123053526118
  - sonar.projectKey=
  - sonar.scanner.appVersion=
  - sonar.scm.provider=git
  - sonar.sourceEncoding=UTF-8
  - sonar.sources=.
  - sonar.test.exclusions=**/*.java,**/*.jav,**/*.cs,**/*.vb,**/*.c,**/*.h,**/*.cc,**/*.cpp,**/*.cxx,**/*.c++,**/*.hh,**/*.hpp,**/*.hxx,**/*.h++,**/*.ipp,**/*.m,**/*.sql,**/*.tab,**/*.pkb


Thanks for the context. Can you also provide your analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.


The linked article doesn’t really help me. I’m using the GitHub App in a TypeScript project.

Do I just need to drop the app and set up the GH Action instead?


I’m looking for your GH Action logs, then.


I’m not using GH Actions. I’m using the GH App integration.


There are no logs here. I don’t see logs in GH or on SonarCloud for this run.


Where is analysis running?


There’s a link to the GH pull request above if that’s what you mean.

Otherwise, I’m not sure what you mean.


Are you using automatic analysis? We don’t support the import of coverage reports in that case. You’ll need to switch to a CI / GH Actions analysis for that.