SonarQube project fails to be created on GitHub Actions push event

SonarQube
,
1

I’m writing a GitHub Actions workflow and utilizing the SonarScanner for Gradle in order to scan my Gradle project and then report the results to a project in SonarQube. When running this workflow on a project that is not already in SonarQube through a push event, the project fails to be created in SonarQube. However, running the exact same workflow on a workflow_dispatch event (which is manually started in the Actions tab), the project is created successfully in SonarQube. Below is an example of the workflow that is kicked off on a push event to the master branch.

on:
  push:
    branches:    
      - master

jobs:
  dependencies:
    runs-on: Linux
    name: Build
    steps:
      - name: Setup Java
        uses: actions/setup-java@v1
        with:
          java-version: 8
      - name: Checkout Repo
        uses: actions/checkout@v2
      - name: Run Gradle Build
        env:
          JAVA_OPTS: "-Dsonar.host.url=**** -Dsonar.login=**** -Dsonar.links.scm=**** -Dsonar.projectKey=****"  
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - this is needed for SonarQube 
        run: ./gradlew ciSonarBuild

Here’s an example of the log output of a run of this workflow:

2021-01-04T17:28:58.7813774Z 17:28:58.611 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]   Init module 'bai-log4j2-config-copy'
2021-01-04T17:28:58.7814427Z 17:28:58.612 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]     Base dir: /var/lib/github/work/bai-log4j2-config-copy/bai-log4j2-config-copy
2021-01-04T17:28:58.7815220Z 17:28:58.612 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]     Working dir: /var/lib/github/work/bai-log4j2-config-copy/bai-log4j2-config-copy/build/sonar
2021-01-04T17:28:58.7826666Z 17:28:58.612 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]     Module global encoding: UTF-8, default locale: en_US
2021-01-04T17:28:59.0286718Z 17:28:58.973 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project settings for component key: 'com.securian.bai:bai-log4j2-config-copy'
2021-01-04T17:28:59.0396653Z 17:28:59.016 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 404 https://****/api/settings/values.protobuf?component=com.securian.bai%3Abai-log4j2-config-copy | time=42ms
2021-01-04T17:28:59.1281951Z 17:28:59.086 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project branches
2021-01-04T17:28:59.2285017Z 17:28:59.129 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 404 https://****/api/project_branches/list?project=com.securian.bai%3Abai-log4j2-config-copy | time=42ms
2021-01-04T17:28:59.2286217Z 17:28:59.129 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Could not process project branches - continuing without it
2021-01-04T17:28:59.2286735Z 17:28:59.129 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project branches (done) | time=43ms
2021-01-04T17:28:59.2287175Z 17:28:59.130 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project pull requests
2021-01-04T17:28:59.2288078Z 17:28:59.170 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 404 https://****/api/project_pull_requests/list?project=com.securian.bai%3Abai-log4j2-config-copy | time=40ms
2021-01-04T17:28:59.2289112Z 17:28:59.171 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Could not process project pull requests - continuing without it
2021-01-04T17:28:59.2289592Z 17:28:59.171 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project pull requests (done) | time=42ms
2021-01-04T17:28:59.2290006Z 17:28:59.171 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load branch configuration
2021-01-04T17:28:59.2290420Z 17:28:59.172 [INFO] [org.sonarqube.gradle.SonarQubeTask] Github event: push
2021-01-04T17:28:59.3354210Z 17:28:59.300 [INFO] [org.sonarqube.gradle.SonarQubeTask] Detected GitHub Actions
2021-01-04T17:28:59.3355017Z 17:28:59.300 [INFO] [org.sonarqube.gradle.SonarQubeTask] Auto-configuring branch master
2021-01-04T17:28:59.3356089Z 17:28:59.306 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Execute run for :sonarqube'
2021-01-04T17:28:59.3356980Z 17:28:59.306 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Build operation 'Execute run for :sonarqube' completed
2021-01-04T17:28:59.3357544Z 17:28:59.307 [DEBUG] [org.gradle.api.internal.tasks.execution.ResolveTaskExecutionModeExecuter] Removed task artifact state for {} from context.
2021-01-04T17:28:59.3358449Z 17:28:59.307 [DEBUG] [org.gradle.internal.operations.DefaultBuildOperationExecutor] Completing Build operation 'Task :sonarqube'
2021-01-04T17:28:59.3358970Z 17:28:59.227 [LIFECYCLE] [class org.gradle.internal.buildevents.TaskExecutionLogger] 
2021-01-04T17:28:59.3359491Z 17:28:59.227 [LIFECYCLE] [class org.gradle.internal.buildevents.TaskExecutionLogger] > Task :sonarqube FAILED

2021-01-04T17:28:59.4390457Z 17:28:59.330 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] * What went wrong:
2021-01-04T17:28:59.4391672Z 17:28:59.330 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Execution failed for task ':sonarqube'.
2021-01-04T17:28:59.4394257Z 17:28:59.330 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] > Unable to load component class org.sonar.scanner.scan.filesystem.InputComponentStore
2021-01-04T17:28:59.4397272Z 17:28:59.330 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] * Exception is:
2021-01-04T17:28:59.4397922Z 17:28:59.331 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':sonarqube'.
.
.
.
2021-01-04T17:28:59.4563771Z 17:28:59.346 [ERROR] [org.gradle.internal.buildevents.BuildExceptionReporter] Caused by: Project was never analyzed. A regular analysis is required before a branch analysis

When I change the workflow to be run manually through the workflow_dispatch event, e.g.:

on:
  workflow_dispatch:
    inputs:
      comment:
        description: 'An optional comment'
        required: false

The SonarQube project is successfully created:

2021-01-04T16:33:17.9331665Z 16:33:17.622 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]   Init module 'bai-log4j2-config-copy'
2021-01-04T16:33:17.9332656Z 16:33:17.622 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]     Base dir: /var/lib/github/work/bai-log4j2-config-copy/bai-log4j2-config-copy
2021-01-04T16:33:17.9333727Z 16:33:17.622 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]     Working dir: /var/lib/github/work/bai-log4j2-config-copy/bai-log4j2-config-copy/build/sonar
2021-01-04T16:33:17.9334640Z 16:33:17.622 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]     Module global encoding: UTF-8, default locale: en_US
2021-01-04T16:33:17.9834231Z 16:33:17.968 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project settings for component key: 'com.securian.bai:bai-log4j2-config-copy'
2021-01-04T16:33:18.0880090Z 16:33:18.010 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 404 https://****/api/settings/values.protobuf?component=com.securian.bai%3Abai-log4j2-config-copy | time=42ms
2021-01-04T16:33:18.1877393Z 16:33:18.084 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project branches
2021-01-04T16:33:18.1879379Z 16:33:18.126 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 404 https://****/api/project_branches/list?project=com.securian.bai%3Abai-log4j2-config-copy | time=42ms
2021-01-04T16:33:18.1880852Z 16:33:18.126 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Could not process project branches - continuing without it
2021-01-04T16:33:18.1881784Z 16:33:18.126 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project branches (done) | time=42ms
2021-01-04T16:33:18.1882598Z 16:33:18.127 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project pull requests
2021-01-04T16:33:18.1884119Z 16:33:18.168 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 404 https://****/api/project_pull_requests/list?project=com.securian.bai%3Abai-log4j2-config-copy | time=41ms
2021-01-04T16:33:18.1885613Z 16:33:18.168 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Could not process project pull requests - continuing without it
2021-01-04T16:33:18.1886458Z 16:33:18.168 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project pull requests (done) | time=41ms
2021-01-04T16:33:18.1887127Z 16:33:18.168 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load branch configuration
2021-01-04T16:33:18.1887787Z 16:33:18.169 [INFO] [org.sonarqube.gradle.SonarQubeTask] Github event: workflow_dispatch
2021-01-04T16:33:18.1888387Z 16:33:18.169 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load branch configuration (done) | time=2ms
2021-01-04T16:33:18.2832436Z 16:33:18.181 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Available languages:
2021-01-04T16:33:18.2833392Z 16:33:18.181 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]   * Python => "py"
2021-01-04T16:33:18.2834051Z 16:33:18.181 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]   * Java => "java"
2021-01-04T16:33:18.2834557Z 16:33:18.181 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]   * CSS => "css"
2021-01-04T16:33:18.2834979Z 16:33:18.181 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]   * HTML => "web"
2021-01-04T16:33:18.2835369Z 16:33:18.181 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]   * JSP => "jsp"
2021-01-04T16:33:18.2835662Z 16:33:18.181 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]   * JavaScript => "js"
2021-01-04T16:33:18.2835945Z 16:33:18.181 [DEBUG] [org.sonarqube.gradle.SonarQubeTask]   * TypeScript => "ts"
2021-01-04T16:33:18.2836361Z 16:33:18.185 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load quality profiles
2021-01-04T16:33:18.2837226Z 16:33:18.228 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 404 https://****/api/qualityprofiles/search.protobuf?projectKey=com.securian.bai%3Abai-log4j2-config-copy | time=43ms
2021-01-04T16:33:18.3833729Z 16:33:18.292 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 https://****/api/qualityprofiles/search.protobuf?defaults=true | time=63ms
2021-01-04T16:33:18.3834575Z 16:33:18.303 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load quality profiles (done) | time=117ms
2021-01-04T16:33:18.3835397Z 16:33:18.310 [INFO] [org.sonarqube.gradle.SonarQubeTask] Detected Github Actions
2021-01-04T16:33:18.3836037Z 16:33:18.313 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load active rules
2021-01-04T16:33:18.3837277Z 16:33:18.370 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 https://****/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt&activation=true&qprofile=AWt2tkIyShLWHwRiMOIh&ps=500&p=1 | time=57ms
2021-01-04T16:33:18.8833897Z 16:33:18.837 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 https://****/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt&activation=true&qprofile=AWufZOjf_MVrDfK11NHz&ps=500&p=1 | time=410ms
2021-01-04T16:33:19.0832827Z 16:33:19.010 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 https://****/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt&activation=true&qprofile=AWt2tkQmShLWHwRiMOUN&ps=500&p=1 | time=57ms
2021-01-04T16:33:19.0834122Z 16:33:19.055 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 https://****/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt&activation=true&qprofile=AWt2tkRnShLWHwRiMOUh&ps=500&p=1 | time=43ms
2021-01-04T16:33:19.1832472Z 16:33:19.113 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 https://****/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt&activation=true&qprofile=AWt2tkUxShLWHwRiMOWj&ps=500&p=1 | time=57ms
2021-01-04T16:33:19.2846801Z 16:33:19.189 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 https://****/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt&activation=true&qprofile=AWt2tkZaShLWHwRiMOb0&ps=500&p=1 | time=61ms
2021-01-04T16:33:19.2848429Z 16:33:19.248 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 https://****/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives,createdAt,updatedAt&activation=true&qprofile=AW3QHzzJnrgacbOrjy1e&ps=500&p=1 | time=51ms
2021-01-04T16:33:19.2849343Z 16:33:19.272 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load active rules (done) | time=959ms
.
.

This appears to be a bug with how GitHub Actions is detected and what metadata is passed. I am curious if the SonarQube logic is thinking that ‘master’ is a PR branch (hence the “Auto-configuring branch master” log) and therefore failing on the " Project was never analyzed. A regular analysis is required before a branch analysis" error.

Any insight into this issue would be helpful!

versions:

  • SonarQube: 7.9.4
  • GitHub Enterprise Server: 2.22.5
  • sonarqube plugin: 3.0
2

Hi,

We’ve done a lot of work in this area since 7.9.*. Can you test this on the latest version?

 
Ann

3

Sorry for the very delayed response, but we were finally able to upgrade to SonarQube 8.9. As a workaround before (on SonarQube 7.9), we had logic in our GitHub Actions workflows that determined if the workflow was running on a PR or a branch, and passed in the additional PR args if it was running on a PR. For new SonarQube projects, we had to manually run a workflow on the default branch of the repo so that the project was created in SonarQube. After upgrading to 8.9, it appears that a SonarQube project can be created from a PR scan without having a scan on master first, and the additional PR args are no longer needed to be passed in on PR scans. Thanks!

1 Like