Sonar reports "No Coverage information" when run from workflow_run in Github Actions

januson · June 22, 2023, 9:44am

Gradle version: 8.1.1
Sonar plugin: 4.2.1.3168
Sonar: sonarcloud.io

I am trying to setup a Github Actions Workflow that runs Sonar analysis for each PR. I have one job that runs unit tests and uploads the test reports. Second job then downloads the reports and runs the analysis. This works fine for my PRs. But workflows triggered by PR from forked repos do not have access to secrets so the sonar is not working there.

I tried to solve this by splitting the workflow in two where sonar part is triggered by workflow_run of the PR. The problem is that no matter what I do, the sonar ignores the test coverage reports and marks PR with “No Coverage information”.

Here is the workflow definition I am using.

on:
  workflow_run:
    workflows:
      - Pull request verification
    types:
      - completed
env:
  JAVA_DISTRIBUTION: 'temurin'
  JAVA_VERSION: '17'

jobs:
  pr_sonar_analysis:
    name: PR sonar analysis
    runs-on: ubuntu-latest
    container:
      image: fedora:38
    steps:
      - name: Install dependencies
        shell: bash
        run: dnf --setopt install_weak_deps=False install -y gettext jss unzip tree git

      - name: Check out repository
        uses: actions/checkout@v3

      - name: Download test reports
        uses: actions/github-script@v6
        with:
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
               repo: context.repo.repo,
               run_id: context.payload.workflow_run.id,
            });
            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
              return artifact.name == "unit_test_reports"
            })[0];
            let download = await github.rest.actions.downloadArtifact({
               owner: context.repo.owner,
               repo: context.repo.repo,
               artifact_id: matchArtifact.id,
               archive_format: 'zip',
            });
            let fs = require('fs');
            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/unit_test_reports.zip`, Buffer.from(download.data));

      - name: 'Unzip artifact'
        run: unzip unit_test_reports.zip

      - name: Set up Java
        uses: actions/setup-java@v3
        with:
          distribution: ${{ env.JAVA_DISTRIBUTION }}
          java-version: ${{ env.JAVA_VERSION }}

      - name: Run sonar
        uses: gradle/gradle-build-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          arguments: sonar -x coverage
            -Dsonar.scm.provider=git
            -Dsonar.pullrequest.key=${{ github.event.workflow_run.pull_requests[0].number }}
            -Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}
            -Dsonar.pullrequest.branch=${{ github.event.workflow_run.pull_requests[0].head.ref }}
            -Dorg.gradle.jvmargs=-Xmx1g

I tried:

Uploading just the coverage report
Uploading just jacoco.exec and generating report in sonar job
Uploading everything in build folder
Redefining paths where jacoco generates reports and from where sonar reads them
Running both unit tests and sonar in workflow_run. Even in this case sonar reports “No Coverage information”

Is there something to force sonar to use the coverage I am providing?

Colin · June 23, 2023, 10:13am

Hey there.

What do the logs say about the code coverage import?

januson · June 29, 2023, 12:33pm

Hello Colin,

Logs are not giving much. I tried adding -Dsonar.log.level=DEBUG and -Dsonar.verbose=true, but that didn’t help. When I was copying artifacts it was at least complaining that coverage reports are missing when given wrong path. Here it prints nothing.

Here is the GH workflow I set up on a random playground project. Sonar analysis for pull requests · Januson/linky@459fd25 · GitHub

Colin · June 30, 2023, 7:48am

Hey there.

sonar.log.level won’t be the most important here since it’s being executed by Gradle. As noted in the guide…

How to find logs about importing code coverage

Scanner Command Debug Flag Notes

SonarScanner for Gradle gradle sonarqube/sonar --debug Almost no logs are included without --info or --debug

januson · June 30, 2023, 8:29am

Thanks. I rerun with --debug. There is a message that xml report is missing, but it should be present as both tests and jacoco already ran. Sonar analysis for pull requests · Januson/linky@f67f16d · GitHub

Colin · June 30, 2023, 8:48am

I’m not seeing anything related to the generation of the coverage report other than this line:

Task :coverage UP-TO-DATE

Are you sure the coverage report gets generated in the expected location? Maybe you can try and cat it in your Github pipeline.

januson · June 30, 2023, 9:28am

Added a couple output steps. Coverage reports are there. Sonar analysis for pull requests · Januson/linky@7d40237 · GitHub

Colin · June 30, 2023, 1:19pm

Okay. It looks like coverage reports are being read – so that’s not the problem.

Looking at this pull request – it’s rather odd. The commit referenced is one that’s on master, not one that’s part of the pull request. And with no code represented as new in the Code tab… there’s nothing to report coverage on (except the estimated after merge figure).

And – before going further, this PR doesn’t look like it has the message you’re describing.

Does this PR accurately reflect the problem you’re trying to solve?

januson · June 30, 2023, 3:55pm

I see the problem now. The workflow checkouts the wrong branch. Thanks for your help.