Waiting for status of Github check of Sonarcloud when using Github Actions

christopher-cudennec · October 13, 2021, 5:29am

Description

We’re trying to split our Github actions and move Sonar code analysis to a separate workflow that is triggered after our Java CI workflow was completed successfully. Most of it looks good and promising but the check result is not reported anymore. It worked before when we executed Sonar within the Java CI pipeline. I can observe:

Sonarcloud adds the comment “Kudos, SonarCloud Quality Gate passed!”
I can find the PR on Sonarcloud

The code change was about moving the execution of the Gradle task to a new workflow that is triggered “on.workflow_run”.

Since our project is open source you can also have a look at the code changes:

Versions used: Sonarcloud, Gradle plugin 3.3

Any help is appreciated.

Thanks,

Christopher

Marcin_Majewski · October 13, 2021, 3:36pm

Hey @christopher-cudennec,

Welcome to the community!

There is quite a big difference in a way Github check and Github summary comment are added. Github summary comment is added in the context of the PR, whereas Github check is for a specific commit (does not matter if it is a PR or any other branch).

Are you sure that you are running the analysis on the commit that corresponds to the PR commit? I can see in the SonarCloud that the SHA of the commit is 877ea1ba where Github shows me 3b265149

Best,
Marcin

christopher-cudennec · October 14, 2021, 6:38am

Hey Marcin and thanks for looking into our issue!

I’ve double checked the commit SHA but I’m pretty sure it matches our last commit:

Last commit now is: c83959e3f466715001729463cf925b3535812172
That matches the checkout details of the last workflow run: chore: Sonar workflow checks out exact commit that triggered the workflow · SDA-SE/sda-dropwizard-commons@3405e48 · GitHub

But still we don’t get the check result from Sonarcloud.

I did one change after your comment: When checking out the repo at the start of the workflow run, you can either checkout the branch or the exact commit SHA. I changed it to the latter: chore: Sonar workflow checks out exact commit that triggered the work… · SDA-SE/sda-dropwizard-commons@3405e48 · GitHub

Anything else that looks suspicious to you?

Cheers,

Christopher

Marcin_Majewski · October 14, 2021, 7:12am

Hey @christopher-cudennec,

I checked out the logs for the PR 1213 and the computed revision that we tried to decorate is: 3405e (run from the morning around 8:00). This kind of answers why you do not see the check on revision c8395.

The 3405e revision actually corresponds to the latest commit in the master branch. When looking at the previous analysis of this pull request, we also computed 1778b7 revisions which are also part of your master branch. I suspect that there may be some issues in the way the code is checked out and for some reason the analysis run on the master branch. Would you be able to verify it? For example print out the sha of the commit in the action?

Best,
Marcin

christopher-cudennec · October 14, 2021, 10:19am

Hi @Marcin_Majewski !

I added the current commit SHA to the output of the workflow. IMHO it shows the correct commit SHA. Please have a look here:

The PR’s SHA now is: 5a3bedde802812bf131437da73cd3fef325998b7
The output can be found in the following workflow in “Get master”: chore: Print current commit SHA for Sonar workflow · SDA-SE/sda-dropwizard-commons@59644fb · GitHub

Somehow the error must be connected to executing “sonarqube” in the workflow run. When we had it as part of the “Java CI” workflow it worked smoothly. Can you spot another error on our side?

Cheers,

Christopher

Marcin_Majewski · October 14, 2021, 3:22pm

Hi @christopher-cudennec,

Can you run the scan with the debug flag? It would help to see some logs of scanner. For this purpose you have to set:

-Dsonar.verbose=true

Best,
Marcin

christopher-cudennec · October 15, 2021, 5:22am

Sure, builds are running

Do you think it makes sense to override sonar.scm.revision?
Documentation says:

By default value is provided by the CI environment or guessed by the checked-out sources.

If there is a problem with guessing we could override it with the commit SHA.

Cheers,

Christopher

Marcin_Majewski · October 15, 2021, 9:03am

Yes, overriding the sonar.scm.revision should fix the problem, as this value will be taken into consideration when creating a GitHub check. Let me know if this fixes problem for you!

You can also check out this thread: SonarCloud Code Analysis Expected- onoging issues - #57 by HofmeisterAn where there is a user with a similar problem (I think) as you.

Best,
Marcin

christopher-cudennec · October 15, 2021, 10:01am

Overriding sonar.scm.revision fixed it. Although I’d say it’s really strange (even a bug?) that the plugin could not guess the right revision.

@Marcin_Majewski : Thanks a lot for your support!

Marcin_Majewski · October 15, 2021, 3:23pm

Indeed, there has to be specific configuration here, that does not allow scanner to figure out the correct revision. I will look into the logs and see what I can find

system · October 22, 2021, 3:24pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.