Sonarcloud.io branch analysis

scanner
sonarcloud

(Raphaël Ducom) #1

Hi,

Since yesterday, sonarcloud.io stopped reporting analysis on Github pull requests.

There’s no warning on CI build logs. No error.
There’s nothing special on our sonarcloud.io account about such an error.
Github reports having working status API.
Others tools are reporting withour problem on the Github status API.

Here’s our ‘dotnet-sonarscanner’ (version ‘4.4.2’) parameters for pull request analysis :

/d:“sonar.analysis.mode=preview”
/d:“sonar.host.url=https://sonarcloud.io”
/d:“sonar.organization=xxxxxxx”
/d:“sonar.login=%SONAR_TOKEN%”
/d:“sonar.github.pullRequest=%APPVEYOR_PULL_REQUEST_NUMBER%”
/d:“sonar.github.repository=xxxxxxx”
/d:“sonar.github.oauth=%GITHUB_ACCESS_TOKEN%”

I have no idea about what have changed since yesterday on your side.

Is pull request mode analysis have been replaced by short/long lived branch analysis, please can you point me to the required dotnet-sonarscanner parameters ?

Thanks in advance for your help !


(Raphaël Ducom) #2

Ok, so it seems sonarcloud switched to 7.4 yesterday, and the standard deprecated but free branch analysis feature is now completely removed. (to be replaced by a similar expensive feature for on-premise)

Switching to short/long lived branch analysis resolved the issue.

The ONLY consistent information I found to setup it is here : https://sonarcloud.io/documentation/integrations/github/

For futur readers: In addition to sonar scanner parameters, the owner of the github organisation need to install the github SonarCloud Application (No idea how this works for on premise…).

I’m really disappointed :

  • I lost hours trying to figure out what was broken with branch analysis
  • No error message in CLI logs helped to understand the feature is now removed
  • No clear documentation available about it on the standard pages except the linked one.

And after resolving a “test code smell”, the sonar message does NOT refresh and still show “Code Smells : 1” besides now there’s no more code smell… :
image

I should have miss something somewhere, because I really have the impression to be forced to BETA test a feature by force…With no option to keep the previous STABLE equivalent feature.


(Olivier Gaudin) #3

Hello Raphaël,

Sorry about this, I understand the pain. The PR analysis and decoration was actually added to SonarCloud about 6 months ago: https://blog.sonarsource.com/sonarcloud-loves-your-build-pipeline. We actually removed the older feature and did communicate about it, please accept our apologies about this.

Olivier


(Raphaël Ducom) #4

No need to apology :slight_smile: I was aware of the legacy analysis deprecation, and the new PR analysis feature, but I have found no information about sonarcloud version update (except searching in all messages here and reading some expectations about 7.4, so by deduction I have understood the problem)… I have seen the SonarCloud tweet about your link, but this week, there was no information at all on this twitter account about “the switch is NOW”… That’s why I’ve been lost…

What is REALLY missing here, for a good developer experience, is at least an error message in the sonar runner execution if parameters are used for the legacy analysis… And break the build, not just do nothing… (and why not include a link to the blog ?!) All our opensource PR builds were just waiting for sonarcloud to push github status… So really confusing…

Now, and once more, (sorry about that in advance), let me express my concerns about this new feature replacing the legacy but free PR analysis… I understand your are searching to increase sonarsource conversion rate, but IMO :

  • for small companies with large code base, the pricing step is far too expensive imo (6k€+++/yr in our case depending on what we want to cover). So honestly, we will stop upgrades on 7.3.
  • As far as I know, this is the first time I see an opensource project removing a free feature, and including it in the paid plan… I’m aware the new PR analysis is much more than the legacy one, and the long lived branch analysis is a nice step forward. But I’m convinced you should have at least kept the short lived “PR analysis” free, as it have always been, because this is the major (and maybe the only one) reason I have had the opportunity to introduce a sonar instance in all my previous projects / jobs.

Once sonar is in a customer CI pipeline, in free version, developers are happy of it : it’s visible in each PR, and it become a real game-changer. And then, only when devs are happy of it because they see it in action, it’s really more easy to convince direction to upgrade to paid plan.
Now, there’s no way, in free version, to give dev team this “whaouu” effect, no way to make sonar visible each day on PR. Sonar in free edition becomes just an app “you can go take a look at is you want”… Or you can double your local compilation time locally with SonarLint…

I hope my words aren’t too rude. I just wanted to you give my opinion about this choice, which makes me really sad (and I’m not the only one…). I hope you’ll hear my feedback.

Have a good weekend !
And thanks for your message Olivier !
Raph


(Fabrice Bellingard) #5

When you say “after resolving”, do you mean fixing in the code or manually resolving the issue in the SonarCloud web UI?


(Raphaël Ducom) #6

Hi @Fabrice_Bellingard !

When I say “after resolving”, here’s the workflow :

  • I push a commit with a code smell
  • Sonar push a review noticing 1 code smell
  • I fix the code smell with another commit
  • The SonarBot’s “review comment” of the code smell disappear (that’s ok)
  • But then there’s still the recap saying “1 code smell” :
    image

(Fabrice Bellingard) #7

Hi Raphael,

OK, I see. This is a known bug, that’s coming from a change done by GitHub on the way they manage reviews. We are currently working on using the new GitHub Check API (MMF-1305) - which will solve this bug.