I have been doing a bunch of work on SonarQube Enterprise Edition
Version 9.9. My current project contains around 100k lines of code to be analyzed. It contains a variety of languages (Java, Python, Terraform, etc.). There are a number of Java micro-services that each require a separate build. The Python code, on the other hand, can all be built at the same time.
In GitHub actions, I have a workflow that runs on every PR open, modification, and merge.
I recently was able to run a full-scan of the main branch of the repository (pulling in all microservices, all Python, building those things, calculating coverage, then passing everything to the Sonar Scanner GitHub action in the workflow). This worked correctly, and it populated all of the coverage reports for all of the microservices and languages.
However, I am running into an issue. I noticed yesterday and this morning that a PR was merged in that contained only Java code changes (therefore only some Java code was built with corresponding code coverage for the changes in the workflow and no Python code – I have conditional builds to save time in the PR process). After this happened, all of the Python code coverage calculations disappeared in the SonarQube UI in “Overall Code”. Also, the number of lines of code in “Overall Code” changed by around 2k lines. If I run the full-branch analysis again, the number will return to normal, but I cannot be doing this every day or every PR merge due to resource-constraints.
(Additional Note: I had a PR that I merged in that only changed a YAML file. Therefore, there were no Python or Java builds or coverage reports generated. The coverage %'s were removed for all code, Java and Python, in the repository. Additionally, the number of Code Smells and lines of code in “Overall Code” changed as well. Errors such as “no java binaries found” or “no coverage reports found” show up in the logs despite there being no Java code to analyze in the PR as well as messages like “Did not optimize analysis for any files, performed a full analysis for all 622 files.”.)
What is happening here? How do I ensure stable results in the SonarQube UI?
Here are the arguments I am passing to the Sonar Scanner GitHub action on PR open, modification, and close:
-Dsonar.projectName=proj_name
-Dsonar.projectKey=proj_key
-Dsonar.token=token
-Dsonar.projectVersion=project_version_label
-Dsonar.projectBaseDir=.
-Dsonar.test.inclusions=${{ env.JAVA_TEST_INCLUSIONS }}
-Dsonar.java.source=11
-Dsonar.java.target=11
-Dsonar.java.binaries=${{ env.SONAR_JAVA_BINARIES }}
-Dsonar.java.test.binaries=${{ env.SONAR_JAVA_TEST_BINARIES }}
-Dsonar.java.libraries=${{ env.SONAR_JAVA_LIBRARIES }}
-Dsonar.java.coveragePlugin=jacoco
-Dsonar.coverage.jacoco.xmlReportPaths=coverage-reports/**/*.xml
-Dsonar.python.coverage.reportPaths=scripts/coverage.xml
-Dsonar.python.version=Y
-Dsonar.terraform.provider.aws.version=X
-Dsonar.sourceEncoding=UTF-8
-Dsonar.c.file.suffixes=-
-Dsonar.cpp.file.suffixes=-
-Dsonar.objc.file.suffixes=-
Here are the arguments I am passing to the Sonar Scanner when I run a full-branch scan:
-Dsonar.projectName=proj_name
-Dsonar.projectKey=proj_key
-Dsonar.token=token
-Dsonar.branch.name=main
-Dsonar.projectBaseDir=.
-Dsonar.test.inclusions=${{ env.JAVA_TEST_INCLUSIONS }}
-Dsonar.java.source=11
-Dsonar.java.target=11
-Dsonar.java.binaries=${{ env.SONAR_JAVA_BINARIES }}
-Dsonar.java.test.binaries=${{ env.SONAR_JAVA_TEST_BINARIES }}
-Dsonar.java.libraries=${{ env.SONAR_JAVA_LIBRARIES }}
-Dsonar.java.coveragePlugin=jacoco
-Dsonar.coverage.jacoco.xmlReportPaths=coverage-reports/**/*.xml
-Dsonar.python.coverage.reportPaths=scripts/coverage.xml
-Dsonar.python.version=Y
-Dsonar.terraform.provider.aws.version=X
-Dsonar.sourceEncoding=UTF-8
-Dsonar.analysis.cache.enabled=false
-Dsonar.c.file.suffixes=-
-Dsonar.cpp.file.suffixes=-
-Dsonar.objc.file.suffixes=-
Could a workaround be to have variables determining whether Java or Python was modified, and then conditionally include / exclude inputs like -Dsonar.python.coverage.reportPaths or -Dsonar.java.binaries? Is the issue that I am specifying these files even when I am not building the microservices or scripts (and could the solution be as easy as not mentioning them when I don’t need to)?
For whatever reason, all of my code is being scanned on every PR merge and pulling in blank coverage files when that language / microservice is not compiled. The coverage is being overwritten every time a PR is merged unforunately.
Thank you in advance for your time and help with this. It is greatly appreciated.
