Unable to get sonarcloud working on C++ project

I’m trying to setup sonarcloud for a on C++ cmake github through github actions. I’ve tried both the build wrapper and a compilation database but neither seem to be working as they aren’t identifying issues in my project that are reported locally with the vscode sonarlint extension.

How can I debug this? I’m probably making some basic silly mistake.

One thing I noticed in the --debug output from sonar-scanner is Plugins not loaded because they are optional: [cpp, kotlin], but I’m not sure if this is relevant. I am using the sonarsource/sonarcloud-github-c-cpp@v2 action.

Ok, I figured out the issue of the plugin not being loaded and files not being checked. There was a configuration issue on the sonarcloud.io page.

It still seems that sonarcloud isn’t reporting any issues though, however locally I’m seeing issues. As far as I can tell I’ve followed the example projects essentially verbatim so I’m not sure what I could be doing wrong.

The log is showing 16 files being analyzed but even things like lines of code don’t seem properly reported.

I’m attaching the log from github CI here log.txt (81.7 KB), the most relevant part I think is

2023-10-04T14:14:58.4674087Z INFO: Sensor CFamily [cpp]
2023-10-04T14:14:58.5020036Z INFO: CFamily plugin version: 6.49.0.62722
2023-10-04T14:14:58.5024756Z INFO: Using compile commands: /home/runner/work/cpptrace/cpptrace/build/compile_commands.json
2023-10-04T14:14:58.5050306Z INFO: Available processors: 2
2023-10-04T14:14:58.5051766Z INFO: Using 2 threads for analysis.
2023-10-04T14:15:01.3410285Z INFO: Loading cache from: server
2023-10-04T14:15:01.3424859Z INFO: Existing cache invalidated and deleted, change detected in quality profile
2023-10-04T14:15:01.3964479Z INFO: [pool-5-thread-1] /home/runner/work/cpptrace/cpptrace/src/cpptrace.cpp
2023-10-04T14:15:01.4038241Z INFO: [pool-5-thread-2] /home/runner/work/cpptrace/cpptrace/src/demangle/demangle_with_cxxabi.cpp
2023-10-04T14:15:02.0590417Z INFO: [pool-5-thread-2] /home/runner/work/cpptrace/cpptrace/src/demangle/demangle_with_winapi.cpp
2023-10-04T14:15:02.0804168Z INFO: [pool-5-thread-2] /home/runner/work/cpptrace/cpptrace/src/demangle/demangle_with_nothing.cpp
2023-10-04T14:15:02.1175368Z INFO: [pool-5-thread-2] /home/runner/work/cpptrace/cpptrace/src/symbols/symbols_with_addr2line.cpp
2023-10-04T14:15:02.1449469Z INFO: [pool-5-thread-2] /home/runner/work/cpptrace/cpptrace/src/symbols/symbols_with_dbghelp.cpp
2023-10-04T14:15:02.1637394Z INFO: [pool-5-thread-2] /home/runner/work/cpptrace/cpptrace/src/symbols/symbols_with_dl.cpp
2023-10-04T14:15:02.1860858Z INFO: [pool-5-thread-2] /home/runner/work/cpptrace/cpptrace/src/symbols/symbols_with_libbacktrace.cpp
2023-10-04T14:15:02.2070278Z INFO: [pool-5-thread-2] /home/runner/work/cpptrace/cpptrace/src/symbols/symbols_with_libdwarf.cpp
2023-10-04T14:15:21.8313454Z INFO: [pool-5-thread-1] /home/runner/work/cpptrace/cpptrace/src/symbols/symbols_with_nothing.cpp
2023-10-04T14:15:21.8568497Z INFO: [pool-5-thread-1] /home/runner/work/cpptrace/cpptrace/src/symbols/symbols_core.cpp
2023-10-04T14:15:23.5114299Z INFO: [pool-5-thread-1] /home/runner/work/cpptrace/cpptrace/src/unwind/unwind_with_execinfo.cpp
2023-10-04T14:15:23.5497826Z INFO: [pool-5-thread-1] /home/runner/work/cpptrace/cpptrace/src/unwind/unwind_with_nothing.cpp
2023-10-04T14:15:23.5674765Z INFO: [pool-5-thread-1] /home/runner/work/cpptrace/cpptrace/src/unwind/unwind_with_unwind.cpp
2023-10-04T14:15:24.6357817Z INFO: [pool-5-thread-1] /home/runner/work/cpptrace/cpptrace/src/unwind/unwind_with_winapi.cpp
2023-10-04T14:15:24.6526906Z INFO: [pool-5-thread-1] /home/runner/work/cpptrace/cpptrace/src/unwind/unwind_with_dbghelp.cpp
2023-10-04T14:15:30.1186876Z INFO: PCH: unique=0 use=0 (forceInclude=0,throughHeader=0,firstInclude=0) out of 16 (forceInclude=0,throughHeader=0)
2023-10-04T14:15:30.1187794Z INFO: Z3 refutation rate: 68 out of 69
2023-10-04T14:15:30.1188305Z INFO: SE: 16 out of 16
2023-10-04T14:15:30.1313779Z INFO: Subprocess(es) done in 28789ms
2023-10-04T14:15:30.1449517Z INFO: 3/29 files marked as unchanged
2023-10-04T14:15:30.1461552Z INFO: Cache: 0/16 hits, 78593 bytes
2023-10-04T14:15:30.1463566Z INFO: 16 compilation units analyzed
2023-10-04T14:15:30.1479139Z INFO: Sensor CFamily [cpp] (done) | time=31679ms

Some code smells in the first file, cpptrace.cpp, that are detected locally but not here:

165: Refactor this function to reduce its Cognitive Complexity from 37 to the 25 allowed. [+17 locations]sonarlint(cpp:S3776)
182: Extract the assignment from this expression.sonarlint(cpp:S1121)
316: Global variables should be const.sonarlint(cpp:S5421)
317: Global variables should be const.sonarlint(cpp:S5421)

Hi @jeremy-rifkin and welcome to the community.

The logs you are sharing don’t look suspicious to me. I am going to focus on the expected but missing S3776 report on cpptrace.cpp in my analysis below. I took note of the following, please let me know if any of my conclusions sound incorrect to you:

• The issue report exists on SC, but is now marked as fixed. This usually means that the issue was detected in one analysis and a subsequent analysis didn’t report the issue. This normally happens when the code is fixed, but could also be the case when the rule is turned off, or the file is excluded from analysis.
• The logs you shared have INFO: Quality profile for cpp: Sonar way: You are using the default Sonar way, which means that S3776 is not disabled.
• INFO: 29 files indexed along with INFO: [pool-5-thread-1] /home/runner/work/cpptrace/cpptrace/src/cpptrace.cpp prove that the file cpptrace.cpp has been analyzed in the run you are sharing.
• By looking at the analyses listed under “Latest activity”, I could see that there is one analysis that ran with inclusion/exclusion patterns that don’t match any files. You can see in the logs there:

  INFO: 0 files indexed
  INFO: 30 files ignored because of inclusion/exclusion patterns
  

• My guess is that this somehow broke the results on the main branch because no issues were reported for main using the mentioned configuration. This subsequently affects the detected issues on the PR.

If the above explanation seems plausible, I would suggest re-creating the whole project on SonarCloud (if you haven’t done a lot of customization there) and re-running analysis using your current PR to re-trigger main branch analysis on the fresh SonarCloud project.

Another approach, if you don’t want to re-do the customization on your SonarCloud project, I think it might be possible to fix the analysis on the project by sending a correct analysis on the main branch. This can be done easily by just merging your current PR, and letting the analysis run once on main.

Also, you mentioned at some point:

Ok, I figured out the issue of the plugin not being loaded and files not being checked. There was a configuration issue on the sonarcloud.io page.

Could you share what the configuration issue you found was? Maybe this could be a related hint? or something that we can improve on our end?

Best regards,
Michael

Hello, thank you so much for the reply!

Could you share what the configuration issue you found was? Maybe this could be a related hint? or something that we can improve on our end?

I think it was due to incorrect source file inclusion/exclusion settings on sonarcloud.io that were causing files to not be indexed and analysis to not run.

Your explanation seems plausible to me. I might try merging my pr both to see if an analysis there fixes things and also to eliminate a source of problems if I recreate the project on sonarcloud.

This seems to be working perfectly now, thank you so much!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.