SonarCloud Analysis via Codemagic CI/CD Not Detecting Changes in GitHub PRs

Hi,

I’m encountering an issue where SonarCloud analysis, triggered as part of a Codemagic CI/CD pipeline, fails to detect any changed files in GitHub pull requests. This results in PR scans that report “0 files changed,” despite there being actual changes in the PR. Any insights or feedback would be much appreciated.

• ALM: GitHub
• CI system: Codemagic
• Analysis Tool: SonarCloud
• Scanner command used:

          sonar-scanner \
            -Dsonar.projectKey=$SONAR_PROJECT_KEY \
            -Dsonar.organization=$SONAR_ORG_KEY \
            -Dsonar.host.url=https://sonarcloud.io \
            -Dsonar.token=$SONAR_TOKEN \
            -Dsonar.projectVersion=1.0.0 \
            -Dsonar.sources=$BUILD_DIR \
            -Dsonar.exclusions=**/Tests/** \
            -Dsonar.tests=$BUILD_DIR/Tests \
            -Dsonar.cfamily.build-wrapper-output.bypass=true \
            -Dsonar.coverageReportPaths=sonarqube-generic-coverage.xml \
            -Dsonar.c.file.suffixes=- \
            -Dsonar.cpp.file.suffixes=- \
            -Dsonar.objc.file.suffixes=- \
            -Dsonar.verbose=true

• Languages of the repository: Swift

• Error observed: The logs from Codemagic
  generate_and_upload_code_analysis_report.log (65.9 KB)

• Steps to reproduce:

1. Ensure codemagic.yaml in the root folder
2. Add some new files or change existing files in the /mobile subfolder of the monorepo under a new branch
3. Create a new PR to main on GitHub

• Potential workaround: unknown

• Other notes:

1. Branch scan works fine. When I modify the sonar scan command to include a branch field, the new changes are picked up and analyzed. The issue only occurs with PR scans.
2. Setting CM_CLONE_UNSHALLOW=true to ensure that the full git history is available made no difference
3. The “Last Analysis Method” listed on Sonarcloud says “Analyzed by Codemagic”
4. Based on the logs, it looks like the PR details (like the PR number and name) are picked up correctly and the files are indexed correctly too (including the new test files I added “SecondSonarTestFile.swift” and “SonarDuplicateCheck.swift”)

Hi,

This is likely about your checkout. Can you provide your analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Ann

Hi Ann,

Thank you for your response. Your insight regarding the checkout process being a likely culprit was spot on!

The issue turned out to stem from how Codemagic checks out the repository for PR builds. It was checking out the main branch and then merging my PR branch changes into main.

I followed the setup as outlined here and reviewed other Codemagic documentation but didn’t find specifics on customizing the checkout process. So, I updated the codemagic.yaml scripts to include git reset --hard origin/main before running the scanner, and now the PR analysis is successfully picking up all the new changes!

Thank you so much for the quick response and guidance!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.