Closed tschaffter closed 8 months ago
I configured the main
branch so that the following check is required:
All PRs would now include a check that would only pass if the project schematic-api
was to push a report to Sonar and if the report satisfies the code quality gateway configured for this project.
In the example above, the project schematic-api
is not modified, so no report will be pushed to Sonar and the check will never pass. So we can't make this specific check required.
See this example from Schematic:
Is it when the check shown in the above post is executed and completed?
Currently only pushing to the main
branch triggers the scan with sonar. The last commit pushed to main
that modified schematic-api
created the check "[schematic-api] SonarCloud Code Analysis" (see screenshot).
Was this check triggered by the sonar scan executed in the CI/CD workflow?
Here is another commit to main
that triggered the execution of the sonar scan for openchallenges-app
and schematic-api
.
The app has the permission to write to the PR threads and GitHub checks.
I removed the sonar scan from the CI workflow, then opened and merged a PR that modifies openchallenges-app
. As a result, the checks did not include a Sonar check as reported in a post above.
As the execution of the CI workflow progress, here is what seems to happen:
[!NOTE]
I'm not sure why the runtime of the completed checks are different between the two screenshots. I'm almost sure that I tracked the same workflow.
Is the SonarCloud app triggering the scan?
~Is the reason why it doesn't do it on Sage Monorepo because the projects registered on SonarCloud are specified as belonging to a monorepo?~
Nevermind, this settings is marked as disabled for openchallenges-app
and to only work with Azure repositories.
Another difference between Sage Monorepo and Schematic repo is that Sage Monorepo use the forking workflow and that the PR don't have access to the official repo secrets.
See also:
Sage Monorepo uses https://github.com/apps/sonarcloud
A GitHub Action is available in the marketplace to make it easy for you (for projects where automatic analysis isn't available). SonarCloud also integrates smoothly with Jenkins, CircleCI, TravisCI, CirrusCI, and many other tools.
There is also a GitHub action: https://github.com/marketplace/actions/sonarcloud-scan. But the schematic repo does not seem to make use of it.
Try with branches that do not involve main
to avoid coupling with the existing CI workflow.
See closed PR below and the closing comments. The SonarCloud app can't trigger or post scan report to PRs in monorepo.
We will continue to run Sonar scans for commits added to trusted branches. The results of the scan are available in the "Details" section of the corresponding Sonar scan (see below).
[!NOTE]
The forking workflow prevents us from running the Sonar scan for branches created from forks. However, we should be able to block PRs from being merged if the code quality does not meet the requirements of the Sonar Code Quality gateway.
For non-monorepo project, see this Sage Confluence page to setup Sonar.
What product(s) is this story for?
Sage Monorepo
As a user, I want
No response
Description
Review the current integration of Sage Monorepo with Sonar. Especially in the context of reviewing PRs.
Acceptance criteria
No response
Tasks
No response
Anything else?
No response
Have you linked this story to a GitHub Project?