SonarCloud always show no bugs, no test coverage on PRs (Github + Bitrise + Android)

  • ALM used (GitHub)
  • CI system used (Bitrise)
  • Scanner command used: Bitrise SonarQube Scanner step with configuration:

sonar.login=$SONAR_LOGIN_KEY
sonar.projectKey=$PROJECT-KEY
sonar.organization=$ORGANIZATION
sonar.host.url=https://sonarcloud.io
sonar.java.coveragePlugin=jacoco
sonar.coverage.jacoco.xmlReportPaths=/build/reports/jacoco/talabatDebug/jacoco.xml
sonar.pullrequest.branch=$BITRISE_GIT_BRANCH
sonar.pullrequest.base=$BITRISEIO_GIT_BRANCH_DEST
sonar.pullrequest.key=$BITRISE_PULL_REQUEST
sonar.sources", “src/main”
sonar.pullrequest.provider=GitHub
sonar.pullrequest.github.repository=$REPO
sonar.java.binaries=
/build/intermediates/javac/talabatDebug/classes
sonar.coverage.exclusions=/test/,/androidTest/,/R.class,/BuildConfig.,**/Manifest.,**/Test.,/com/example/databinding/*,/com/example/generated/callback/,**/Dto.,/android/databinding/*,/androidx/databinding/,**/di/module/,/MapperImpl.*,/BuildConfig.,**/Component.,/BR.*,/Manifest*.,**/Companion.,/Module.,/Dagger.,**/MembersInjector.,/Extensions.*,/InputMethodManagerLeaks.,**/_Factory*.,**/_ProvideFactory.*

  • Languages of the repository: Java, Kotlin (Android)

  • Error observed: PR decoration always show no bugs and no code coverage details

1 Like

I need your help please. Thank you.

Hello @heshambakr,

Apologies for the late reply. Did you check the logs of the scanner command? They should include some pointers as to why your code is not correctly scanned. If you can’t find anything useful feel free to share them and I’ll have a look.

Please also note that the Bitrise SonarQube Scanner is not developed by us, so we won’t be able to assist with the internals of this integration.

Many thanks Tom. I got approval from my company to make android minimum version 17 instead of 16. this was a blocker to use sonar cloud gradle plugin as it requires 17.

I will try again in coming days to drop bitrise step as it is not developed by you. I will use sonar gradle plugin.

I will update you if issue is solved

1 Like

Hi @TomVanBraband I am still facing the issue even after using gradle plugin. I really need your help as we have sonarcloud but we are not benefitting from it because of this issue. I will add more information to help debug the issue. Thank you

Our project is multi module android project with both kotlin and java

in main gradle file, I added:

subprojects {
    afterEvaluate { project ->
        if (project.hasProperty('android')) {
            android {
                //other details removed for simplicity. also used x for company details

                sonarqube {
                    androidVariant "xDebug"
                    properties {
                        property "sonar.projectKey", "x"
                        property "sonar.organization", "x"
                        property "sonar.host.url", "https://sonarcloud.io/"
                        property "sonar.organization", "x"
                        property "sonar.projectKey", "x"
                        property "sonar.java.coveragePlugin", "jacoco"
                        property "sonar.coverage.jacoco.xmlReportPaths", "$projectDir/build/reports/jacoco/xDebug/jacoco.xml"
                        property "sonar.sources", "src/main"
                        property "sonar.java.binaries", "$projectDir/build/intermediates/javac/talabatDebug/classes"
                        property "sonar.coverage.exclusions", "**/test/**,**/androidTest/**,**/R.class,**/BuildConfig.*,**/Manifest*.*,**/*Test*.*,**/com/example/databinding/*,**/com/example/generated/callback/*,**/*Dto*.*,**/android/databinding/*,**/androidx/databinding/*,**/di/module/*,**/*MapperImpl*.*,**/BuildConfig.*,**/*Component*.*,**/*BR*.*,**/Manifest*.*,**/*Companion*.*,**/*Module.*,**/*Dagger*.*,**/*MembersInjector*.*,**/*Extensions*.*,**/InputMethodManagerLeaks.*,**/*_Factory*.*,**/*_Provide*Factory*.*"
                    }
                }

            }
        }
    }
}

in CI, we run

./gradlew clean jacocoTestReportXDebug jacocoTestReportMerged mergeJacocoReports

then we run

sonarqube -Dsonar.pullrequest.branch=$BITRISE_GIT_BRANCH -Dsonar.pullrequest.base=develop -Dsonar.pullrequest.key=$BITRISE_PULL_REQUEST -Dsonar.organization=x -Dsonar.login=$SONAR_LOGIN_KEY -Dsonar.organization=x -Dsonar.projectKey=x -Dsonar.host.url=https://sonarcloud.io/

Ci succeed and in sonar cloud, you find PR. but everything is 0 and no test coverage. and in “Code” tab, there is no files

CI Log attachedsonar-ci_log.txt (136.6 KB)

Appreciate your support. Thank you

Hello @heshambakr,

From the logs you shared it seems that the scanner is not executing. Also on the screenshots you shared it seems that the latest analysis was done on October 21.

Did you make sure to include the org.sonarsource.scanner.gradle:sonarqube-gradle-plugin as a dependency?

I would also advise to seperate the properties that don’t change depending on the submodule with those that do. For example:

apply plugin: 'org.sonarqube'
sonarqube {
  properties {
    property 'sonar.projectKey', 'x'
    property "sonar.host.url", "https://sonarcloud.io/"
    property 'sonar.organization', 'x'
    property "sonar.java.coveragePlugin", "jacoco"
    property "sonar.sources", "src/main"
    property "sonar.coverage.exclusions", "**/test/**,**/androidTest/**,**/R.class,**/BuildConfig.*,**/Manifest*.*,**/*Test*.*,**/com/example/databinding/*,**/com/example/generated/callback/*,**/*Dto*.*,**/android/databinding/*,**/androidx/databinding/*,**/di/module/*,**/*MapperImpl*.*,**/BuildConfig.*,**/*Component*.*,**/*BR*.*,**/Manifest*.*,**/*Companion*.*,**/*Module.*,**/*Dagger*.*,**/*MembersInjector*.*,**/*Extensions*.*,**/InputMethodManagerLeaks.*,**/*_Factory*.*,**/*_Provide*Factory*.*"
  }
}

subprojects {
  sonarqube {
    properties {
      property 'sonar.moduleKey', project.group + ':' + project.name
      property "sonar.java.binaries", "$projectDir/build/intermediates/javac/talabatDebug/classes"
      property "sonar.coverage.jacoco.xmlReportPaths", "$projectDir/build/reports/jacoco/xDebug/jacoco.xml"
    }
  }

Note that you define the sonar.projectKey twice in your build.gradle file.

You can also simplify this command by setting it to:

./gradlew sonarqube -Dsonar.pullrequest.key=$BITRISE_PULL_REQUEST -Dsonar.login=$SONAR_LOGIN_KEY

No need to repeat the properties that are already set in the build.gradle file.

@TomVanBraband yes I depend on plugin
classpath “org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7.1”

and it is working on develop (screenshot attached) see the date. also I attached a screenshot of new pr (see date) .

the command I use in case of branch with PR (eg develop):
./gradlew sonarqube -Dsonar.branch.name=$BITRISE_GIT_BRANCH -Dsonar.organization=talabat-dhme -Dsonar.login=$SONAR_LOGIN_KEY -Dsonar.organization=talabat-dhme -Dsonar.projectKey=talabat-dhme_TalabatAndroid -Dsonar.host.url=https://sonarcloud.io/

What I don’t understand, how it works with develop but doesnt work with PR. also sonarcloud knows adds PR to dashboard. but doesn’t see files

@TomVanBraband These are the CI logs for branch (develop) pipeline that works and PR pipeline that has the issue

sonar_branch_develop_log.txt (139.6 KB) sonar_pr_log.txt (140.0 KB)

@TomVanBraband appreciate your support. You know how hard to have sonar-cloud for long time without being able to use it. I am sure it is related to the arguments passed to the plugin as removing pr related arguments reports develop branch without issues.

Is there a way we can have quick call so I can show you the problem. or may be logs I shared is enough for you know the issue

Hello @heshambakr,

Sorry for the delay in getting back to you. Could you share the log output of ./gradlew sonarqube ... --info for both a branch and PR analysis? That should give more useful information.

Hi @TomVanBraband
Here are develop branch log, one of features branch log and its PR log

Hi @heshambakr,

Everything looks fine in those logs.

However for PRs we only show results on code that was changed in the PR, we don’t show all results like we do for your default branch. This is to allow developers to focus on improving the new code they add to a project and to not be overwhelmed by results on older code.

Could this be the case for you? Could it be that you didn’t any new code in the PR you are scanning (or that the new code you added is excluded from analysis by the sonar.exclusions parameter)?

@TomVanBraband no. I gave misleading PR. All PRs give 0.
I created another branch and its pr with violations in both kotlin and java including un tested code and removed sonar.exclusions parameter from configuration

in this post: branch log, screenshots

as you see, although sonar knows that code is not covered with test, it doesn’t show code coverage info in overview.

PR log. screenshots:
As you see, no info at all and no files

I wish this time we find the issue.

If you wish, please lets have a quick call: hesham.bakr@talabat.com

Thank you

@TomVanBraband did you observe any issue in logs ?