Github Actions, Python Coverage and Sonar Qube - sonarqube

I want to create a Github workflow that does the following:
test my code with pytest
trigger Sonar Qube Cloud to analyze to the code and show my test coverage!
As far as I understand, SonarQ needs a file coverage.xml to display the code coverage. This can be generated with
pytest --cov=./ --cov-report=xml --doctest-modules
According to this article coverage.xml should be available under /github/workspace/coverage.xml.
Thus, I specify my sonar-project.properties in the root folder of the project:
sonar.organization=pokemate
sonar.projectKey=PokeMate_name-generator
sonar.sources=.
sonar.python.coverage.reportPath=/github/workspace/coverage.xml
my actions file build.yml:
on:
push:
branches:
- master
- develop
- sonar-qube-setup
jobs:
build:
runs-on:
- ubuntu-latest
steps:
# Checkout repo
- uses: actions/checkout#v2
# Dependencies
- name: Set up Python 3.7
uses: actions/setup-python#v1
with:
python-version: 3.7
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
# Test
- name: Test with pytest
run: |
pytest --cov=./ --cov-report=xml --doctest-modules
# Sonar Qube
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
However, on SonarQ it still shows 0% test coverage, which is probably because it cannot find the coverage.xml. Any idea how to make this work?

The error came from the missing s in reportPaths in the sonar-project.properties file.

Related

Sonarqube code coverage is 0% though scan was successful in Github Action for php app

I have a github action which runs the php unit test followed by Sonarqube scanner but the Sonarqube code coveage is always 0%
Phpunit Test is ok
Sonaiqube ok as well but no CodeCoverage
These is my Github action script eliminated some jobs related to unitest in here :
name: front-data-stage-unittest
on:
pull_request:
branches: [ master ]
jobs:
Test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
php: ['8.1']
name: PHP ${{ matrix.php }}
steps:
- name: Checkout repository and submodules
uses: actions/checkout#v3
with:
submodules: recursive
token: ${{ secrets.SUBMODULE_TOKEN }}
- name: Install PHP
uses: shivammathur/setup-php#master
with:
php-version: ${{ matrix.php }}
extensions: mbstring, dom, fileinfo, mysql
coverage: xdebug
- uses: php-actions/composer#v5
with:
php_version: 8.1
args: --profile --ignore-platform-reqs --optimize-autoloader
- name: Execute PHPUnit tests
run: vendor/bin/phpunit --coverage-clover=coverage.xml
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action#master
with:
args: >
-Dsonar.php.coverage.reportPaths=coverage.xml
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
sonar-project.properties:
sonar.projectKey=tara_app
sonar.php.coverage.reportPaths=coverage.xml
Possible cause:
looking at the logs looks like its not finding the file but anyone worked on generating or making it work via github action
14:06:11.466 INFO: 1157/1193 files analyzed, current file: app/Http/Controllers/V2/PerformanceController.php
14:06:13.823 INFO: 1193/1193 source files have been analyzed
14:06:13.825 WARN: PHPUnit xml test report not found: tests/report/test.xml
14:06:13.826 INFO: No PHPUnit coverage reports provided (see 'sonar.php.coverage.reportPaths' property)
14:06:13.826 INFO: Sensor PHP sensor [php] (done) | time=88263ms
14:06:13.826 INFO: Sensor Analyzer for "php.ini" files [php]
The filesystem is not preserved between jobs. Thus your reports generated from your Test jobs are not available to your run-sonarqube job.
If you want to share files between jobs you need to use artifacts.
After your phpunit step add a step using actions/upload-artifact and then add a step before your scan using actions/download-artifact to pull the report into that job.

SonarCloud CI can't find source files for Ruby / SimpleCov coverage

tl;dr - SonarCloud CI on GitHub actions warns that it can't find any of the source files with coverage reported, despite confirming that the files are in the docker filesystem at the path reported.
I have a Ruby / Rails app with rspec specs which produce coverage stats using SimpleCov and its JSON formatter (so my rails_helper.rb starts:
require 'simplecov'
require "simplecov_json_formatter"
SimpleCov.formatter = SimpleCov::Formatter::JSONFormatter
SimpleCov.start('rails') do
add_filter ['/channels/', '/jobs/', '/mailers/']
end
I have SonarCloud CI set up to scan using GitHub Actions, with the following sonar-project.properties in the root:
sonar.projectKey=asilano_my-app
sonar.organization=asilano
sonar.ruby.coverage.reportPaths=coverage/coverage.json
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
sonar.sources=app,lib
sonar.tests=spec
and the following GitHub workflow:
name: Test and Deploy
on:
pull_request:
types: [opened, synchronize, reopened]
branches:
- 'main'
- 'staging'
push:
branches:
- 'main'
- 'staging'
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout#v2
- uses: ruby/setup-ruby#v1
with:
bundler-cache: true
- name: Install PostgreSQL client
run: |
sudo apt-get -yqq install libpq-dev
- name: Build App
env:
PGHOST: localhost
PGUSER: postgres
PGPASSWORD: postgres
RAILS_ENV: test
RAILS_MASTER_KEY: ${{ secrets.TEST_MASTER_KEY }}
run: |
bin/rails db:setup
yarn install
- name: Run Tests
env:
PGHOST: localhost
PGUSER: postgres
PGPASSWORD: postgres
RAILS_ENV: test
RAILS_MASTER_KEY: ${{ secrets.TEST_MASTER_KEY }}
run: |
bundle exec rspec
- name: Where Am I?
run: |
head coverage/coverage.json
ls -l /home/runner/work/my-app/my-app/app/lib/some_file.rb
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.SONAR_GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
(main and staging are both long-lasting branches in SonarCloud)
The Where Am I? step is to try and debug the problems I'm having. It shows that the top of coverage.json reads:
{
"meta": {
"simplecov_version": "0.21.2"
},
"coverage": {
"/home/runner/work/my-app/my-app/app/lib/some_file.rb": {
"lines": [
1,
1,
1,
and confirms via ls that the mentioned path exists:
-rw-r--r-- 1 runner docker 1729 Oct 24 08:15 /home/runner/work/my-app/my-app/app/lib/some_file.rb
However, the SonarCloud scan step warns that the coverage file mentions some_file.rb, but can't find it in the filesytem:
INFO: Sensor SimpleCov Sensor for Ruby coverage [ruby]
WARN: File '/home/runner/work/my-app/my-app/app/lib/some_file.rb' is present in coverage report but cannot be found in filesystem
...and then repeating for every file in the app.
Why not? Why can't the SonarCloud scanner find some_file.rb on the path reported in the coverage file, even though I've confirmed it's where it should be?
I had the same issue with GitHub actions, rails, and simplecov. You need to replace the paths generated by simplecov on coverage/coverage.json. To do this run this step before your sonarcloud scan. Also, you could check this post https://community.sonarsource.com/t/code-coverage-doesnt-work-with-github-action/16747
- name: Running rails tests
run: bundle exec rspec
- name: fix code coverage paths
working-directory: ./coverage
run: |
sed -i 's#'$GITHUB_WORKSPACE'#/github/workspace/#g' coverage.json
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

How to set up a monorepo in SonarCloud with a Java + Angular application

I have developed an application where the backend is developed using Java language (with maven) and the frontend is using Angular language. I host both parts in one project in github.
Now I am interested on the use of SonarQube on SonarCloud. For this purpose, I am following the information gathered from the community sonarsource and the standard documentation from sonarcloud. The idea is to use GiHub Actions for analyzing the projects.
What I have created is a .github/workflows/build.yml on the root folder with the content:
name: Build
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
jobs:
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 11
uses: actions/setup-java#v1
with:
java-version: 11
- name: Cache SonarCloud packages
uses: actions/cache#v1
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache#v1
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=kendo-tournament-backend
with:
projectBaseDir: ./backend/
- name: SonarCloud Frontend Scan
uses: SonarSource/sonarcloud-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
projectBaseDir: ./frontend/
Where basically, I create some steps for executing the maven project, and another extra step to execute the frontend. On both of them, I included the projectBaseDir with the path to both projects' folders as specified here.
Also, as suggested on the documentation, I have included a sonar-project.properties on the root folder of the frontend folder with:
sonar.projectKey=kendo-tournament-frontend
sonar.organization=softwaremagico
# This is the name and version displayed in the SonarCloud UI.
#sonar.projectName=Kendo Tournament Manager Frontend
#sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
#sonar.sources=.
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
And for the backend, I have updated the root pom.xml with the:
<properties>
<sonar.organization>softwaremagico</sonar.organization>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
</properties>
As required.
But, no analyses scan is launch for any of both projects. And SonarCloud looks like is ignoring the configuration.
Probably, something is missing but I cannot imagine what. What steps are needed to set up a monorepository correctly using Java and Angular in Github?
Ok, after the example obtained from here. The changes I have made are:
Two different workflows on github, one for backend and one for frontend. Not one workflow with all steps together.
Include two different sonar-project.properties. One inside the backend folder, and one inside the frontend folder. Now I have added the sonar.sources line as follows:
sonar.projectKey=kendo-tournament-backend
sonar.organization=softwaremagico
sonar.sources=.
That ensures that is only for this folder.
For launching CircleCi with Sonar (for backend) edit file .circleci/config.yml:
version: 2.1
jobs:
build:
docker:
- image: 'circleci/openjdk:11-jdk'
working_directory: ~/KendoTournamentManager/backend
steps:
- checkout:
path: ~/KendoTournamentManager
- run:
name: Analyze on SonarCloud
command: mvn verify sonar:sonar -Dsonar.projectKey=kendo-tournament-backend
workflows:
main:
jobs:
- build:
context: SonarCloud
And now seems working fine:

Issues creating a CD based release on Github (WPF .NET 5.0)

I'm trying to put together a CI / CD pipeline for GitHub and strugglign with attaching my build artifact to the release. Here's my ci.yml
name: CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
jobs:
Build:
runs-on: windows-latest
env:
BuildPath: ${{ github.workspace }}\BuildTesting\bin\Release\net5.0-windows
steps:
- uses: actions/checkout#v2
- name: Setup .NET SDK
uses: actions/setup-dotnet#v1.8.1
with:
dotnet-version: 5.0.x
- name: Install dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Upload a Build Artifact
uses: actions/upload-artifact#v2.2.4
with:
name: thingy
path: ${{ github.workspace }}\BuildTesting\bin\Release\net5.0-windows
retention-days: 1
That runs well and I get a release artifact:
I was under the impression I'd be able to download that existing artifact but I couldn't get my head around why actions/download-artifact isn't downloading anything. So I found another article and in their cd step they were re-building, so I figured that in doing that at least I'd have a fresh build in the cd workflow to pull from. So I create a release triggered on tag push events. I can't use most zip utilities becuase they don't run on windows. I have to user windows-latest as the target framework for WPF desktop applications has to be net5.0-windows and using ubuntu-latest it fails. I tried papeloto/action-zip#v1 and in one case I managed to get a zip file which then attached to the release successfully but was only 22 bytes, so empty once I downloaded it. Here's my cd.yml:
name: CD
on:
push:
tags:
- '*'
jobs:
Release:
runs-on: windows-latest
env:
BuildPath: ${{ github.workspace }}\BuildTesting\bin\Release\net5.0-windows
ZipName: TheThing.zip
steps:
# Build the solution
- uses: actions/checkout#v2
- name: Setup .NET SDK
uses: actions/setup-dotnet#v1.8.1
with:
dotnet-version: 5.0.x
- name: Install dependencies
run: dotnet restore
- name: Build
run: dotnet build --configuration Release --no-restore
- name: Zip the release
uses: << What should I use to zip ${{ env.BuildPath }} ? >>
# Create a Release on the GitHub project
- name: Create release
id: create_release
uses: actions/create-release#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: ${{ github.ref }}
release_name: ${{ github.ref }}
draft: false
prerelease: false
# Upload the Build Artifact to the Release
- name: Update release asset
id: upload-release-asset
uses: actions/upload-release-asset#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: .\${{ env.ZipName }}
asset_name: ${{ env.ZipName }}
asset_content_type: application/zip
Can anyone please recommend a GitHub action for zipping a folder that will work for windows-latest ... or another approach?
Long term I want to go with semantic versioning but GitVersion overwhelmed me last time I tried, granted I'd never working with yml builds before. I'd like to keep this as simple as possible as I'm starting to grok the basics of what's going on and once I get past this I'll start looking into GitVersion.
I'm using a test repository located here so you can see the whole thing.
You may use PowerShell to zip your artifacts using 7Zip. Please check my repository in GitHub. That compile a WPF app, compress the artifacts, create a prerelease and upload files under that release.

How to use Go Release Binary GitHub Action

Anyone able to get Go Release Binary GitHub Action working? which is supposed to
Automate publishing Go build artifacts for GitHub releases through GitHub Actions
The readme looks rather simple, but I've tried all my imaginations to get it working but not avail. Similar questions has been asked in its issue tracks but got no answer.
Somebody help please.
BTW, while searching for the answer, I came upon this commit logs, which is quite interesting/amusing to read. I.e., it seems to be quite a battle to get it working, but the author gave up eventually (no any releases from his/her latest commits/tags)
Conclusion:
Turns out that my project does not have go mod and there were issues in Go Release which stops it from working. It was then fixed by this and this.
I actually wrote my own release workflow for generating Go binaries.
The only non-obvious steps from my point of view are:
I have a release note generation step where I include a list of non-merge commits since the last release tag.
I use a matrix build for GOOS and GOARCH pairs and do some Bash string manipulation in the "Get OS and arch info" step.
The nice thing about softprops/action-gh-release is that you can keep adding artifacts to the same release as long as the workflow run is triggered by a push to the same tag.
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
name: Latest Release
defaults:
run:
shell: bash
jobs:
lint:
name: Lint files
runs-on: 'ubuntu-latest'
steps:
- uses: actions/checkout#v2
- uses: actions/setup-go#v2
with:
go-version: '1.16.3'
- name: golangci-lint
uses: golangci/golangci-lint-action#v2.5.2
with:
version: latest
test:
name: Run tests
runs-on: 'ubuntu-latest'
needs: lint
steps:
- uses: actions/checkout#v2
- uses: actions/setup-go#v2
with:
go-version: '1.16.3'
- run: go test -v -cover
release:
name: Create Release
runs-on: 'ubuntu-latest'
needs: test
strategy:
matrix:
# List of GOOS and GOARCH pairs from `go tool dist list`
goosarch:
- 'aix/ppc64'
# etc
steps:
- name: Checkout code
uses: actions/checkout#v2
with:
fetch-depth: 0
- uses: actions/setup-go#v2
with:
go-version: '1.16.3'
- name: Get OS and arch info
run: |
GOOSARCH=${{matrix.goosarch}}
GOOS=${GOOSARCH%/*}
GOARCH=${GOOSARCH#*/}
BINARY_NAME=${{github.repository}}-$GOOS-$GOARCH
echo "BINARY_NAME=$BINARY_NAME" >> $GITHUB_ENV
echo "GOOS=$GOOS" >> $GITHUB_ENV
echo "GOARCH=$GOARCH" >> $GITHUB_ENV
- name: Build
run: |
go build -o "$BINARY_NAME" -v
- name: Release Notes
run:
git log $(git describe HEAD~ --tags --abbrev=0)..HEAD --pretty='format:* %h %s%n * %an <%ae>' --no-merges >> ".github/RELEASE-TEMPLATE.md"
- name: Release with Notes
uses: softprops/action-gh-release#v1
with:
body_path: ".github/RELEASE-TEMPLATE.md"
draft: true
files: ${{env.BINARY_NAME}}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Resources