SonarQube not finding C code sources even when correctly configured: Sonarcloud + Github actions

Sonarcloud fails to analyze C code

  • Sonarcloud
  • We are using sonar cloud
  • We are trying to analyze c code
  • we have successfully generated the compilation DB but sonar cannot locate the sources
`09:36:30.593 INFO: ------------------------------------------------------------------------
09:36:30.593 INFO: EXECUTION FAILURE
09:36:30.593 INFO: ------------------------------------------------------------------------
09:36:30.594 INFO: Total time: 24.460s
09:36:30.644 ERROR: Error during SonarScanner execution
09:36:30.644 INFO: Final Memory: 12M/47M
09:36:30.644 INFO: ------------------------------------------------------------------------
java.lang.IllegalStateException: The Compilation Database JSON file was found but 0 C/C++/Objective-C files were analyzed. Please make sure that:
  * you are correctly invoking the scanner with correct configuration
  * your compiler is supported
  * you are providing the path to the correct Compilation Database JSON
  * you are building and analyzing the same source checkout, absolute paths must be identical in build and analysis steps
	at com.sonar.cpp.plugin.CFamilySensor.process(CFamilySensor.java:276)
	at com.sonar.cpp.plugin.CFamilySensor.execute(CFamilySensor.java:158)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:62)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:75)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:51)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:64)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:192)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:188)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:159)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.scanner.bootstrap.ScannerContainer.doAfterStart(ScannerContainer.java:397)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:125)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:57)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:51)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at jdk.proxy1/jdk.proxy1.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
	at org.sonarsource.scanner.cli.Main.main(Main.java:62)

below is my configuration file :

sonar.sources=main
sonar.language=c
sonar.inclusions=main/*.c, main/*.h
sonar.scm.provider=git
sonar.branch.name=main

we are using cicd workflow using github actions :

      - name: Run sonar-scanner
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Put the name of your token here
        run: |
          sonar-scanner -X  --define sonar.cfamily.compile-commands=build/compile_commands.json
            -Dsonar.projectKey=${{ env.SONAR_PROJECT }}
            -Dsonar.organization=${{ env.SONAR_ORG }}
            -Dsonar.host.url=https://sonarcloud.io
            -Dsonar.login=${{ env.SONAR_TOKEN }}
            --define sonar.sources=main
            -Dsonar.inclusions=main/*.c,main/*.h
            -Dsonar.branch.name=*


Hello @simon-stathealth,

Which compiler are you using? And, if it is one of the supported compilers, can you share the compilation database and the complete scanner logs?

If you would rather keep it private, let me know and I can send you a message.

hi thanks for the reply please check the logs here :

    {
        "arguments": [
            "/opt/esp/tools/riscv32-esp-elf/esp-2022r1-11.2.0/riscv32-esp-elf/bin/riscv32-esp-elf-gcc",
            "-c",
            "-march=rv32imc",
            "-fdiagnostics-color=always",
            "-ffunction-sections",
            "-fdata-sections",
            "-Wall",
            "-Werror=all",
            "-Wno-error=unused-function",
            "-Wno-error=unused-variable",
            "-Wno-error=deprecated-declarations",
            "-Wextra",
            "-Wno-unused-parameter",
            "-Wno-sign-compare",
            "-Wno-enum-conversion",
            "-gdwarf-4",
            "-ggdb",
            "-nostartfiles",
            "-Os",
            "-freorder-blocks",
            "-fmacro-prefix-map=/app/Pre-Health/orthostat-base-station=.",
            "-fmacro-prefix-map=/opt/esp/idf=/IDF",
            "-fstrict-volatile-bitfields",
            "-Wno-error=unused-but-set-variable",
            "-fno-jump-tables",
            "-fno-tree-switch-conversion",
            "-std=gnu17",
            "-Wno-old-style-declaration",
            "-Wno-strict-aliasing",
            "-Wno-write-strings",
            "-Wno-format",
            "-Werror",
            "-DCONFIG_CRYPTO_MBEDTLS",
            "-DCONFIG_ECC",
            "-DCONFIG_IEEE80211W",
            "-DCONFIG_NO_RADIUS",
            "-DCONFIG_OWE_STA",
            "-DCONFIG_SHA256",
            "-DCONFIG_WPA3_SAE",
            "-DCONFIG_WPS",
            "-DEAP_MSCHAPv2",
            "-DEAP_PEAP",
            "-DEAP_PEER_METHOD",
            "-DEAP_TLS",
            "-DEAP_TTLS",
            "-DESP32_WORKAROUND",
            "-DESPRESSIF_USE",
            "-DESP_SUPPLICANT",
            "-DIEEE8021X_EAPOL",
            "-DMBEDTLS_CONFIG_FILE=\"mbedtls/esp_config.h\"",
            "-DSOC_MMU_PAGE_SIZE=CONFIG_MMU_PAGE_SIZE",
            "-DUNITY_INCLUDE_CONFIG_H",
            "-DUSE_WPA2_TASK",
            "-DUSE_WPS_TASK",
            "-D__ets__",
            "-I/app/Pre-Health/orthostat-base-station/build/config",
            "-I/opt/esp/idf/components/wpa_supplicant/include",
            "-I/opt/esp/idf/components/wpa_supplicant/port/include",
            "-I/opt/esp/idf/components/wpa_supplicant/esp_supplicant/include",
            "-I/opt/esp/idf/components/wpa_supplicant/src",
            "-I/opt/esp/idf/components/wpa_supplicant/src/utils",
            "-I/opt/esp/idf/components/wpa_supplicant/esp_supplicant/src",
            "-I/opt/esp/idf/components/wpa_supplicant/src/crypto",
            "-I/opt/esp/idf/components/newlib/platform_include",
            "-I/opt/esp/idf/components/freertos/FreeRTOS-Kernel/include",
            "-I/opt/esp/idf/components/freertos/esp_additions/include/freertos",
            "-I/opt/esp/idf/components/freertos/FreeRTOS-Kernel/portable/riscv/include",
            "-I/opt/esp/idf/components/freertos/esp_additions/include",
            "-I/opt/esp/idf/components/esp_hw_support/include",
            "-I/opt/esp/idf/components/esp_hw_support/include/soc",
            "-I/opt/esp/idf/components/esp_hw_support/include/soc/esp32c3",
            "-I/opt/esp/idf/components/esp_hw_support/port/esp32c3/.",
            "-I/opt/esp/idf/components/esp_hw_support/port/esp32c3/private_include",
            "-I/opt/esp/idf/components/heap/include",
            "-I/opt/esp/idf/components/log/include",
            "-I/opt/esp/idf/components/soc/include",
            "-I/opt/esp/idf/components/soc/esp32c3/.",
            "-I/opt/esp/idf/components/soc/esp32c3/include",
            "-I/opt/esp/idf/components/hal/esp32c3/include",
            "-I/opt/esp/idf/components/hal/include",

i am building using espidf action ongithub

        uses: espressif/esp-idf-ci-action@v1
        with:
          esp_idf_version: v5.0.2
          target: esp32c3
          command: |
            apt update && apt install -y bear  && bear idf.py build && find . -name compile_commands.json   
          ```

Can you upload the full log and compilation database as attachments? Maybe you C&P, but it got truncated to just a snippet.

here is an attachment for most of the file
compile-commands.json.txt (2.3 MB)

here is an attachment of the scan logs
scan-logs.txt (2.2 MB)

full actions log file is over 30 MB but here is a download link full-log.txt - Google Drive

Hello again,

From what I can tell, the build directory is "/app/Pre-Health/orthostat-base-station/build"
and one of the sources you are interested in is compiled with the path "../main/app_memfault.c", which resolves to "/app/Pre-Health/orthostat-base-station/main/app_memfault.c".

However, the scanner working dir is /home/runner/work/orthostat-base-station/orthostat-base-station.

This mismatch is causing the CFamily-plugin to be unable to cross-match the entry in the compilation database and the indexed files.

You are building inside docker and analyzing outside, right? That is usually problematic precisely because the environments are supposed to match since

  1. The location has to be the same as when building (or the files will not be cross-matched)
  2. The dependencies installed inside docker will not be available for the scanner, impacting the quality of the scan very negatively (there will be missing includes)

My suggestion would be to preferably run the scanner on the same docker container or on a new container that matches the build container (so the dependencies are available). However, keep in mind that we do not support musl-based distributions.

By the way, since you are already using cmake, you can save the middle step of using bear and straight ask CMake to generate the compilation database (CMAKE_EXPORT_COMPILE_COMMANDS).

Please, let me know if this helps.

1 Like

Hi thanks for this . I’ll try work outside docker and share feedback

hello again thank you very much i ditched the docker container build and instead used the below process

      - name: ESP IDF Setup & Build
        run: |
          sudo apt-get update && sudo apt-get install git wget flex bison gperf python3 python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0
          mkdir -p ~/esp
          cd ~/esp
          git clone -b v5.0.2 --recursive https://github.com/espressif/esp-idf.git
          cd ~/esp/esp-idf
          ./install.sh esp32c3
          cd $GITHUB_WORKSPACE
          pwd
          . $HOME/esp/esp-idf/export.sh
          idf.py build 

followed this documentation Standard Toolchain Setup for Linux and macOS - ESP32 - — ESP-IDF Programming Guide v5.0.2 documentation

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.