[CI] Integrate SonarCloud to the repository

[meenbeese]

Resolves #3180

SonarCloud sales pitch: Using this GitHub Action, scan your code with SonarCloud to detect bugs, vulnerabilities and code smells in C and C++!

I chose the C/C++/Objective-C version of the workflow as this covers more than 80% of our code.
I also took the first steps to integrate SonarCloud but some actions are needed from the maintainers:

• Have an account on SonarCloud. Sign up for free now if it's not already the case!
• The repository to analyze is set up on SonarCloud. Set it up in just one click.
• Generate the SONAR_TOKEN and GITHUB_TOKEN – Resources: Security page in SonarCloud. You can set the SONAR_TOKEN environment variable in the "Secrets" settings page of your repo and (see Authenticating with the GITHUB_TOKEN).
• Populate the .github/workflows/sonar-analyze.yml and sonar-project.properties files with the secrets.
• Configure actions in the workflow (maybe sonar-project.properties too) according to the needs of the project .

Some useful documentation:

• https://docs.sonarcloud.io/getting-started/github/
• https://www.sonarsource.com/products/sonarcloud/signup/
• https://github.com/marketplace/actions/sonarcloud-scan-for-c-and-c
• https://docs.sonarcloud.io/advanced-setup/languages/c-c-objective-c/
• https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/github-actions-for-sonarcloud/

[biodranik]

Thanks! Did you test it in your fork? Is it helpful? Is there a lot of unimportant noise?

[meenbeese]

Thanks! Did you test it in your fork? Is it helpful? Is there a lot of unimportant noise?

I didn't test it in my fork as I wanted to save myself the hassle of configuring it. Yet, I have seen many open-source projects use it which they wouldn't if it wasn't adequately useful.

As for the noise, it is really minimal and is only in the form of a reply comment on a PR with the analyzed results. Here is a screenshot for context:

[rtsisyk]

I will take a look.

[AndrewShkrob]

You can preview how it will appear in our project by checking here:
AndrewShkrob#2
https://sonarcloud.io/summary/new_code?id=AndrewShkrob_organicmaps&pullRequest=2

[meenbeese]

Should I rework the PR with @AndrewShkrob's changes and prepare it to be merged? @biodranik

I see a lot of potential value here in regards to saving maintainers' time.

[biodranik]

How actionable is this list of many issues and smells? Note that we also have third-party code that should be ignored. And there is Java which may be useful to analyze.

[rtsisyk]

@meenbeese , I've created an organization, started the scan, added SONAR_TOKEN to this repo and invited you to the organization.

[rtsisyk]

Please let me know if you need any help.

[meenbeese]

@meenbeese , I've created an organization, started the scan, added SONAR_TOKEN to this repo and invited you to the organization.

Thanks, I have seen the invite and joined the org, as well as applied the suggested changes. Since the sources and exclusions are also done, should we move ahead with customizing the sonar-analyze workflow?

[rtsisyk]

Let's try to get it working.

https://github.com/organicmaps/organicmaps/actions/runs/10550477538/job/29226696423

INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 6.889s
ERROR: Error during SonarScanner execution
INFO: Final Memory: 11M/54M
INFO: ------------------------------------------------------------------------
ERROR: Could not find a default branch for project with key 'organicmaps'. Make sure project exists.
ERROR: 
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
Error: Process completed with exit code 2.

[rtsisyk]

Analysis status
Last analysis failed
Analysis ID "AZGNmunTRjEkc6bEtEo0"
Your analysis with ID "AZGNmunTRjEkc6bEtEo0" has failed because it took too much time. Please try another CI tool to analyze your project.

[See troubleshooting documentation](https://docs.sonarsource.com/sonarcloud/appendices/troubleshooting/#automatic-analysis-timeout/)

[AndrewShkrob]

Let's try to get it working.

https://github.com/organicmaps/organicmaps/actions/runs/10550477538/job/29226696423

INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 6.889s
ERROR: Error during SonarScanner execution
INFO: Final Memory: 11M/54M
INFO: ------------------------------------------------------------------------
ERROR: Could not find a default branch for project with key 'organicmaps'. Make sure project exists.
ERROR: 
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
Error: Process completed with exit code 2.

What are you expecting to see here if the workflow is not configured? 😄

[rtsisyk]

What are you expecting to see here if the workflow is not configured? 😄

What should be done to get it "configured"? The workflow is in this PR..

[AndrewShkrob]

What are you expecting to see here if the workflow is not configured? 😄

What should be done to get it "configured"? The workflow is in this PR..

This workflow is just a template. Steps "Run build-wrapper" and "Run sonar-scanner" do nothing. That's why you see failures in the runner.
You can copy-paste the configuration from my PR that I prepared a long time ago
AndrewShkrob#2

But my config doesn't include everything supported by sonarcloud, f.e. test coverage, ios, android

[meenbeese]

Interesting Sonar error after resolving dependency issues:

Run sonar-scanner --define sonar.cfamily.build-wrapper-output="build_wrapper_output_directory"
23:49:28.367 INFO Scanner configuration file: /home/runner/work/organicmaps/organicmaps/.sonar/sonar-scanner-6.1.0.4477-linux-x64/conf/sonar-scanner.properties
23:49:28.370 INFO Project root configuration file: /home/runner/work/organicmaps/organicmaps/sonar-project.properties
23:49:28.386 INFO SonarScanner CLI 6.1.0.4477
23:49:28.389 INFO Java 17.0.11 Eclipse Adoptium (64-bit)
23:49:28.389 INFO Linux 6.8.0-1012-azure amd64
23:49:28.422 INFO User cache: /home/runner/.sonar/cache
23:49:28.971 INFO JRE provisioning: os[linux], arch[x86_64]
23:49:30.206 INFO EXECUTION FAILURE
23:49:30.208 INFO Total time: 1.843s
23:49:30.208 ERROR Error during SonarScanner CLI execution
java.lang.IllegalStateException: Error status returned by url [https://api.sonarcloud.io/analysis/jres?os=linux&arch=x86_64]: 401
at org.sonarsource.scanner.lib.internal.http.ServerConnection.callUrl(ServerConnection.java:182)
at org.sonarsource.scanner.lib.internal.http.ServerConnection.callApi(ServerConnection.java:145)
at org.sonarsource.scanner.lib.internal.http.ServerConnection.callRestApi(ServerConnection.java:123)
at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.getJreMetadata(JavaRunnerFactory.java:159)
at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.getJreFromServer(JavaRunnerFactory.java:138)
at org.sonarsource.scanner.lib.internal.JavaRunnerFactory.createRunner(JavaRunnerFactory.java:85)
at org.sonarsource.scanner.lib.internal.ScannerEngineLauncherFactory.createLauncher(ScannerEngineLauncherFactory.java:53)
at org.sonarsource.scanner.lib.ScannerEngineBootstrapper.bootstrap(ScannerEngineBootstrapper.java:118)
at org.sonarsource.scanner.cli.Main.analyze(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:63)
23:49:30.209 ERROR
23:49:30.209 ERROR Re-run SonarScanner CLI using the -X switch to enable full debug logging.