Sonar Scan does not work for Pull Requests outside of WWT

Question

Sonar Scan does not work for Pull Requests outside of WWT

Richard-Gist opened this issue 3 years ago · comments

Describe the bug

See PR #18 for an example of this. It seems that our testing of access to secrets is no longer correct and we will need to figure out how contributors can get a successful sonar scan.

To Reproduce

Steps to reproduce the behavior:

Don't be a contributor on the project
Fork the repo and change something minor like documentation
Make a PR

Expected behavior

All parts of the pipeline pass

Screenshots

see PR #18

Debug Logs

Run sonarsource/sonarcloud-github-action@master
with:
projectBaseDir: .
env:
GITHUB_TOKEN: ***
SONAR_TOKEN:
/usr/bin/docker run --name a33c16c74351a4fd04c929e180db60e1f4978_331657 --label 8a33c1 --workdir /github/workspace --rm -e GITHUB_TOKEN -e SONAR_TOKEN -e INPUT_ARGS -e INPUT_PROJECTBASEDIR -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/Workflow/Workflow":"/github/workspace" 8a33c1:6c74351a4fd04c929e180db60e1f4978
Set the SONAR_TOKEN env variable.

Richard Gist · Answer 1 · Tue May 25 2021 23:33:27 GMT+0800 (China Standard Time)

I have a general idea for this. At one point we were publishing when people ran the pipeline from their forks. We could leverage that for this situation.

I think it will entail doing something like a separate workflow for scanning that will watch for CI or PR to complete and then it will kick off to run. It will also need to download the sq-generic.xml artifact from a different workflow.

Tyler Thompson · Answer 2 · Wed Jun 16 2021 05:18:54 GMT+0800 (China Standard Time)

@wwt/workflow-developers I'm not at all convinced SonarCloud is doing more good than harm. If you intend to keep it around because you feel its value is greater than its cost then this needs to stay. If you feel SonarCloud should be removed then this whole issue can be closed and the issue can be removed from the milestone.

The reason it needs to stay if you opt to keep SonarCloud is because part of a great onboarding experience is knowing you can contribute if you want to see SwiftCurrent get better, this is a direct barrier to people being able to contribute.

Richard Gist · Answer 3 · Wed Jun 16 2021 23:11:22 GMT+0800 (China Standard Time)

I created a discussion for this one at #48

Richard Gist · Answer 4 · Wed Jun 16 2021 23:48:03 GMT+0800 (China Standard Time)

The discussion has gone in the way of replacing SonarCloud with CodeCov. I am closing this issue in favor of the new issue #50