Maintenance: troubleshoot SonarCloud not running on forks

aws-powertools / powertools-lambda-typescript

Powertools is a developer toolkit to implement Serverless best practices and increase developer velocity.

https://docs.powertools.aws.dev/lambda/typescript/latest/

MIT No Attribution

1.52k stars 134 forks source link

Maintenance: troubleshoot SonarCloud not running on forks #2730

Closed dreamorosi closed 2 weeks ago

dreamorosi commented 1 month ago

Summary

As per issue title, SonarCloud is not running on pull requests coming from forks. We use this tool as SAST / code quality tool and as of 3 weeks ago it was working on all PRs.

The tool has stopped working on PRs coming from external contributors (aka from forks) and we don't know why.

We should either troubleshoot this, or find an alternative that covers our needs.

Why is this needed?

So that we can continue running our code quality scans on all PRs.

Which area does this relate to?

Automation

Solution

No response

Acknowledgment

[X] This request meets Powertools for AWS Lambda (TypeScript) Tenets
[ ] Should this be considered in other Powertools for AWS Lambda languages? i.e. Python, Java, and .NET

Future readers

Please react with 👍 and your use case to help us understand customer demand.

github-actions[bot] commented 1 month ago

⚠️ COMMENT VISIBILITY WARNING ⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

dreamorosi commented 1 month ago

Reopening since SonarCloud is still not running.

We have opened a thread on their community support forum: https://community.sonarsource.com/t/pull-requests-not-being-automatically-analysed/118489

And there's also a bigger thread with other customers being impacted as well: https://community.sonarsource.com/t/cloud-analysis-of-github-stopped-working/117641/4

dreamorosi commented 1 month ago

Based on new developments on the thread linked above, it seems that SonarCloud might be out of question.

I'll leave this on hold for a few more weeks, and if needed be we'll start seriously looking into CodeQL, including how to improve its performance.

dreamorosi commented 4 weeks ago

SonarCloud re enabled analysis on PRs coming from forks, and said that they're now confident with the results reported by the tool.

We'll monitor the reports during the next couple of weeks and if they're ok we'll close the issue and stick with SonarCloud.

dreamorosi commented 2 weeks ago

I've been monitoring Sonar analysis on PRs for the past couple weeks and they seem to be accurate.

I'm going to close this issue as resolved and we are going to stay with Sonar for the foreseeable future.

github-actions[bot] commented 2 weeks ago

⚠️ COMMENT VISIBILITY WARNING ⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.