Hi, a couple of days ago I’ve noticed that Sonarcloud stopped posting updates on code analysis for my PRs.
There was a Pull request that took more than 10 days and I could see that commits from 7 days ago had the report updated, but fresh ones from 1-2 days ago don’t.
I had a suspicion that the token expired.
But when I go to the list of checks for the PR it has the report there, which means that that’s not the issue.
I’m not sure where I should be looking anymore
Hey there.
To make sure I understand correctly:
Is that correct?
Yes, that’s correct
Out of curiousity, has the name of your GitHub organization changed recently? This has been reported in the past as having caused the summary comment to stop being posted. We haven’t yet been able to reproduce it.
I’ll also send you a private message for your organization key and a project / PR ID where the summary comment did not get posted.
No, the name didn’t change. At least not that I know of
I’ve just noticed that projects that are being analyzed automatically have the comments posted, but the projects that are being analyzed using github actions don’t
Hi @jtymoschuk
From what I see on our side the last comment pushed was on PR #47, June 9th (Timestamp: 2022-06-09T10:23:19.457+02:00). The last comment on PR #45 was on June 3rd.
Do you know if something changed on your configuration of GitHub Actions around that period, especially in the Action triggers or configuration?
Feel free to post here the configuration of your GitHub action expurged from the private details for further help.
The last change in the actions file was on 24.04.2022 so it’s not this configuration.
Here is the actions configuration
name: 'build-verify-analyze-job'
description: 'build job for feature'
inputs:
PACKAGE_ACCESS_USERNAME:
description: 'Github package credentials: user name'
required: true
PACKAGE_ACCESS_TOKEN:
description: 'Github package credentials: access token'
required: true
SLACK_WEBHOOK_URL:
description: 'slack webhook url'
required: true
SONAR_TOKEN:
description: 'Token for integration with sonarcloud'
required: true
SONAR_PROJECT_KEY:
description: 'Project identifier on sonarcloud'
required: true
JDK_VERSION:
description: 'JDK version'
required: true
outputs:
container_image_tag:
description: "Number of files copied"
value: ${{ steps.container_image_tag.outputs.value }}
runs:
using: 'composite'
steps:
- name: Set up JDK
uses: actions/setup-java@v1
with:
java-version: ${{ inputs.JDK_VERSION }}
- name: Cache SonarCloud packages
uses: actions/cache@v2
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v2
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Test & Code Analysis
if: ${{ always() }}
env:
GITHUB_USERNAME: ${{ inputs.PACKAGE_ACCESS_USERNAME }}
GITHUB_TOKEN: ${{ inputs.PACKAGE_ACCESS_TOKEN }}
SONAR_TOKEN: ${{ inputs.SONAR_TOKEN }}
run: mvn clean install jacoco:report jacoco:report-integration jacoco:report-aggregate org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.dynamicAnalysis=reuseReports -Dsonar.projectKey=${{ inputs.SONAR_PROJECT_KEY }} --quiet --settings .github/settings.xml
shell: bash
- name: Publish Test Report
if: ${{ always() }}
env:
GITHUB_USERNAME: ${{ inputs.PACKAGE_ACCESS_USERNAME }}
GITHUB_TOKEN: ${{ inputs.PACKAGE_ACCESS_TOKEN }}
uses: scacap/action-surefire-report@v1
Thanks for sharing, could you also share what triggers you have defined for this composite action?
name: feature-workflow
on:
push:
branches:
- 'feature/**'
- 'renovate/**'
- 'hotfix/**'
env:
APPLICATION_NAME: my-application-name
jobs:
build:
name: Build & Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: "Checkout pliant github-actions"
uses: actions/checkout@v3
with:
token: ${{ secrets.PAT_GITHUB }}
repository: my-shared-repository
path: ./.github/my-path
- name: Build & Test
id: build
uses: ./.github/my-path/dist/build-and-test-job/
with:
JDK_VERSION: 17
GITHUB_TOKEN: ${{ github.token }}
APPLICATION_NAME: ${{ env.APPLICATION_NAME }}
PACKAGE_ACCESS_USERNAME: ${{ secrets.PACKAGE_ACCESS_USERNAME }}
PACKAGE_ACCESS_TOKEN: ${{ secrets.PACKAGE_ACCESS_TOKEN }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_PROJECT_KEY: infinnity-card_${{ env.APPLICATION_NAME }}
Thanks for sharing.
We recently made a change to our Github Actions configuration. When the scanner runs in the context of a push event, it will always configure a branch analysis instead of a PR analysis.
To get PR analysis working again you should add the
on:
pull_request
to your configuration instead of
on:
push:
branches:
- 'feature/**'
- 'renovate/**'
- 'hotfix/**'
Would that work for you usecase?
You can also make use of the branches parameter of pull_request to stay aligned with your current configuration:
on:
pull_request:
branches:
- 'feature/**'
- 'renovate/**'
- 'hotfix/**'
I don’t think it will work for my use case, we are not strict with when exactly we’re creating a PR and we need to run tests and analysis on every push.
I’ll try to add this trigger to my project. But if it works I’d have to change this config for 15+ projects, which is not ideal.
Is there any reason why it was working but not working anymore?
I’ve just added
pull_request:
branches:
- 'feature/**'
- 'renovate/**'
- 'hotfix/**'
to one of my existing PRs and the comment didn’t get posted anyway.
I closed the existing PR and “created a new one” which reopened existing one, does it have to be a new PR to work? What about new commits into existing PRs?
Hi,
Just to tell you, we had the same problem here on all repos of our open-source project. We tried many things, but in fact the problem got solved by adding on: [pull_request] in our CI. Thanks!
To give you more insights, our problem was
you are right, id does publish sonar report now, but it also runs tests twice 
one for push and one for pull_request.
No ideal
@TomVanBraband is there any other way to fix the issue?
Running tests twice per push (one for push and one for pull_request) is really not working for us.
Unfortunately, the only solution I see is to only use on: pull_request, and to always create a PR when creating a new branch.
GitHub actions does not allow you to easily set-up what you are looking for, see this thread
Can you give a bit more detail about which usecases you create a branch but don’t open a PR for that branch?
Our normal flow is that we create a branch, work on the branch and then publish a PR for code review. We do not require opening a PR immediately.
And one of the points of working on the branch is making sure that we do not create new vulnerabilities and maintain a certain level of test coverage.
My problem is not with github actions 
my problem is that setup that was working previously is not working now without any changes on our side.
The reason why we changed the logic is because it was negatively impacting other users.
The logic we used to have was in case we run on a push event to use the GitHub API to see if the HEAD commit was included in an open PR. If that was the case, we would configure a PR analysis and post the comment to the found PR.
For some customers this was falsely flagging some analysis as PR analysis, when they were expecting a branch analysis. For example in the case where they would push on their main brach, but there was a PR open from the main branch into another branch. In that case they want to have a branch analysis, and not a PR analysis.
Therefore we decided to remove the custom logic and to fully rely on the GitHub actions context. I understand that this is affecting your workflow, but unless other users come with the same problem to the community, it’s not something we would change now.
In my case, using only on: push (NOT on: pull_request), the status check is posted when the project is bound to a github repo. In the same org (also bound to github), for another project which was created differently and not bound to github (although the project is really on github, it’s just an import difference, not sure why), the status check was not posted. Is this expected ?