I am trying to setup sonar pipleline using github workflows. My pom.xml has the below plugin configured in build:
pom.xml
<!-- Dependencies needed for creating SonarQube coverage reports -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco.version}</version>
<executions>
<execution>
<id>prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
</plugin>
When I do a mvn clean install I can find the jacoco.xml on the path: target/site/jacoco/jacoco.xml
Next I have setup my workflow .yml file under .github/workflows/main.yml
main.yml
jobs:
maven-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'temurin'
cache: maven
- name: Build with Maven
run: mvn clean install
sonar_analysis:
needs: maven-build
runs-on: ubuntu-latest
steps:
- name: Analyze with SonarCloud
uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
with:
args:
-Dsonar.projectKey=sk-Prices-Tracker
-Dsonar.organization=sk
The maven-build
job does a clean install which generates the jacoco.xml
report. Next the
sonar_analysis
runs after maven-build
is run to ensure that the report exists before sonar scanning runs.
On the workflow run log I can see that it is unable to pick up the jacoco.xml
report. What am I doing wrong here?
INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=10ms
Jobs are run independently on different (virtual) machines.
Therefore, if you want to access artefacts from maven-build
in sonar_analysis
, you need to either use the action upload-artifact or join your two jobs into one like so:
jobs:
maven-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'temurin'
cache: maven
- name: Build with Maven
run: mvn clean install
- name: Analyze with SonarCloud
uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
with:
args:
-Dsonar.projectKey=sk-Prices-Tracker
-Dsonar.organization=sk