Gradle version: 8.1.1
Sonar plugin: 4.2.1.3168
Sonar: sonarcloud.io
I am trying to setup a Github Actions Workflow that runs Sonar analysis for each PR. I have one job that runs unit tests and uploads the test reports. Second job then downloads the reports and runs the analysis. This works fine for my PRs. But workflows triggered by PR from forked repos do not have access to secrets so the sonar is not working there.
I tried to solve this by splitting the workflow in two where sonar part is triggered by workflow_run
of the PR. The problem is that no matter what I do, the sonar ignores the test coverage reports and marks PR with “No Coverage information”.
Here is the workflow definition I am using.
on:
workflow_run:
workflows:
- Pull request verification
types:
- completed
env:
JAVA_DISTRIBUTION: 'temurin'
JAVA_VERSION: '17'
jobs:
pr_sonar_analysis:
name: PR sonar analysis
runs-on: ubuntu-latest
container:
image: fedora:38
steps:
- name: Install dependencies
shell: bash
run: dnf --setopt install_weak_deps=False install -y gettext jss unzip tree git
- name: Check out repository
uses: actions/checkout@v3
- name: Download test reports
uses: actions/github-script@v6
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "unit_test_reports"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/unit_test_reports.zip`, Buffer.from(download.data));
- name: 'Unzip artifact'
run: unzip unit_test_reports.zip
- name: Set up Java
uses: actions/setup-java@v3
with:
distribution: ${{ env.JAVA_DISTRIBUTION }}
java-version: ${{ env.JAVA_VERSION }}
- name: Run sonar
uses: gradle/gradle-build-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
arguments: sonar -x coverage
-Dsonar.scm.provider=git
-Dsonar.pullrequest.key=${{ github.event.workflow_run.pull_requests[0].number }}
-Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}
-Dsonar.pullrequest.branch=${{ github.event.workflow_run.pull_requests[0].head.ref }}
-Dorg.gradle.jvmargs=-Xmx1g
I tried:
- Uploading just the coverage report
- Uploading just
jacoco.exec
and generating report in sonar job - Uploading everything in build folder
- Redefining paths where jacoco generates reports and from where sonar reads them
- Running both unit tests and sonar in workflow_run. Even in this case sonar reports “No Coverage information”
Is there something to force sonar to use the coverage I am providing?