SonarCloud with GitHub actions

I use GitHub actions to automate build process for simple Kotlin Repo, and when build and tests are finished, I trigger SonarCloud analysis. I use maven for my project. The problem is, SCM id disabled in my project settings on SonarCloud, but when I push a new change to the Repo, SCM runs and gives me warning, here it is:

[INFO] SCM Publisher SCM provider for this project is: git
[INFO] SCM Publisher 3 source files to be analyzed
[WARNING] Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
[INFO] SCM Publisher 0/3 source files have been analyzed (done) | time=1ms
[WARNING] Missing blame information for the following files:
[WARNING]   * src/test/kotlin/main/MainTest.kt
[WARNING]   * pom.xml
[WARNING]   * src/main/kotlin/main/Main.kt
[WARNING] This may lead to missing/broken features in SonarCloud

It gives me a warning and it’s annoying for me. I used Travis CI before and it didn’t have this problem.
my workaround was to disable SCM explicitly when trigger SonarCloud from workflow, here it is:

name: build

    branches: [ master ]
    branches: [ master ]


    runs-on: ubuntu-latest

    - uses: actions/checkout@v2
    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
        java-version: 1.8
    - name: Build with Maven
      run: >
          ./mvnw clean verify

        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
        SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}

Is it a bug or am I missing something?

Hello @amrsamii,

This is not a bug. The actions/checkout step uses a fetch-depth of 1 by default. This means that not all blame information is present, this means that some features like automatically assigning bugs won’t work. You can get rid of this warning by using

- uses: actions/checkout@v2
    fetch-depth: 0

This will fetch the whole history of the project (and might thus be quite a bit slower). You can find the documentation here.

Hope that helps,

1 Like

Thanks for your reply. but what about my solution, is it correct?

It is correct, you won’t get the warning you mentioned again but you will be missing all blame information for new issues on SonarCloud, so they won’t automatically be assigned anymore.
If you are fine with that then your solution will work fine.

1 Like

For reference, defines a few project samples that correctly disable shallow clones.