Unable to setup build-wrapper + sonar-scanner with GitHub Actions

Hello,

I’m trying to setup build-wrapper and sonar-scanner for a CMake C project on GitHub using GitHub Actions.

Actually my strategy to do it is the following (but you can tell me it’s a shit if required):

  • In the GitHub workflow file, create a docker in which I execute a script called “sonar.sh”;
  • In the GitHub project, SONAR_TOKEN is added to the Secret confuguration;
  • The script “sonar.sh” fetch build-wrapper and sonar-scanner, extract the ZIP files and try to execute build-wrapper and sonar-scanner.

My project : https://github.com/joelguittet/c-amp
Workflow file : https://github.com/joelguittet/c-amp/blob/master/.github/workflows/sonar.yml
Script : https://github.com/joelguittet/c-amp/blob/master/.github/workflows/sonar.sh

The result is visible in GitHub Action menu (https://github.com/joelguittet/c-amp/runs/1658643454?check_suite_focus=true) and is simply:

/work/.github/workflows/sonar.sh: line 24: /work/.sonar/build-wrapper-linux-x86/build-wrapper-linux-x86-64: not found

Calling “ls -l /work/.sonar/build-wrapper-linux-x86/build-wrapper-linux-x86-64” command on the path returns:

-rwxr-xr-x    1 root     root       1935176 Jan  6 20:04 /work/.sonar/build-wrapper-linux-x86/build-wrapper-linux-x86-64

So I don’t understand why it’s “not found”.

After several hours on this topic, I have no more idea and decided to ask here.

I’m open to alternative solutions too to do the same job.

At the beginning I was also thinking to some code coverage analysis, but not look at this subject yet. I’m open also to some interesting information on this subject.

Thanks for your advice and help,
Joel

Hi @joelguittet,

you should wrap the existing build and run the analysis as part of that existing job, why do you want to do it as part of a different workflow?

https://github.com/joelguittet/c-amp/blob/e5f7ec91d2daca1d65e840e924210d8292bda064/.github/workflows/cmake.yml#L38-L49 should become something like:

    - name: Build
      shell: bash
      run: |
        curl -L -O https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
        unzip -o build-wrapper-linux-x86.zip
        build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir cfamily-output cmake --build build --config $BUILD_TYPE

    - name: Test
      working-directory: ${{runner.workspace}}/build
      shell: bash
      # Execute tests defined by the CMake configuration.  
      # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
      run: ctest -C $BUILD_TYPE

    - name: SonarCloud
      shell: bash
      run: |
        curl -L -O https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.4.0.2170-linux.zip
        unzip sonar-scanner-cli-4.4.0.2170-linux.zip
        sonar-scanner-4.4.0.2170-linux/bin/sonar-scanner -Dsonar.host.url=https://sonarcloud.io -Dsonar.branch.name=master -Dsonar.organization=joelguittet -Dsonar.projectKey=joelguittet_c-amp -Dsonar.cfamily.build-wrapper-output=cfamily-output

Hello @mpaladin !

Thanks so much for your very detailed answer and the code snippet adapted to my case !! You saved me hours !!

Well I don’t know exactly why I was doing a script, probably something I have seen googling…

My analysis is now working, I see I have several code smell and want also to offer my comparison with Codacy, because I have used it before. Sonar is really better with more detailed issues and more issues detected in the code !!!

Do you know how to integrate Coverage ? Else I will create a separated thread if I do not succeed with that.

Joel

Hi @joelguittet,

I am glad you got it working.

Do you already have coverage setup? I believe you want to use gcov in your case as you are using gcc.

You should modify your build to enable coverage instrumentation with these flags:

-O0 -fprofile-arcs -ftest-coverage

Then, after ctest you shouldd run something like, test it locally, not fully sure about gcov arguments:

mkdir gcov-reports
pushd gcov-reports
for f in `find ../build -name '*.o'`
do
  gcov --branch-probabilities --branch-counts -o ${f}
done

Then add to the sonar-scanner invocation -Dsonar.cfamily.gcov.reportsPath=gcov-reports.

Hello @mpaladin

I haven’t setup coverage at all for the moment, but I have read something about gcov. Your answer is a very nice beginning, I will try to do it locally before using Github Actions.

Again, thanks a lot for your help, it’s greatly appreciated !!

Joel

Hi @joelguittet,

You’re welcome, if you face issues with coverage at the time of setup you can eventually create a new topic.