When python code changes, build C++ code and run static analysis

[rdmark]

• Run the sonarcloud job when the python/ code changes (the sonarcloud job already does python static analysis)
• Run C++ workflow only upon PR events, or on branch pushes (not both)

[uweseimet]

@rdmark Just a question: What's the benefit of also building the C++ code?

[rdmark]

@uweseimet The benefit of the current PR is simplicity: Always run analysis on both C++ and Python code when there's changes to either. And in order to run Sonar analysis on C++ code, it has to be built first. One Sonar analysis job for one repository is the straight-forward way to configure it, I think.

As an experiment I can try to split the C++ and Python analysis into two separate jobs. In this scenario, I'm most curious what will happen if one PR touches both Python and C++ code, which kicks off two individual Sonar analyses, using the same auth key, on the same branch, but with different contexts. Let me put up a separate PR and see what happens.

[rdmark]

I ran the experiment in #1281

As far as I can tell, what happens when two Sonar analysis jobs runs on the same PR / branch, the one that finishes later will overwrite the one that finishes earlier in the Sonarcloud database. Namely, the C++ analysis will always overwrite the Python analysis, since the former takes a lot longer time.

If I'm not mistaken, this means that when the PR is later merged into develop, the develop branch report on Sonarcloud will only ever contain the analysis of the C++ code.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[uweseimet]

@rdmark This means that you have to contribute much much more Python code, until the Python analysis takes longer than the C++ analysis ;-).

Isn't it possible to run both kinds of analysis in a single SonarQube job? I thought that SonarQube supports analyzing more than kind of language at the same time.

[rdmark]

Yes, it's possible to run analysis of multiple languages at once. That is what we had configured before, and still have.

However, a precondition for running analysis on C++ code is that the code is compiled and Sonar has access to the build dir. Maybe it's possible to have a conditional in the job that skips the C++ part when no build dir is found... but that seems messy to me.