De-duplicate sonar job in the CI

[jmartinesp]

Type of change

• Feature
• Bugfix
• Technical
• Other :

Content

Fix duplicate Sonar scanner job, and hopefully the very long run times.

Motivation and context

Sonar is running twice in the CI and it's become super slow.

Checklist

• Changes have been tested on an Android device or Android emulator with API 23
• UI change has been tested on both light and dark themes
• Accessibility has been taken into account. See https://github.com/vector-im/element-x-android/blob/develop/CONTRIBUTING.md#accessibility
• Pull request is based on the develop branch
• Pull request includes a new file under ./changelog.d. See https://github.com/vector-im/element-x-android/blob/develop/CONTRIBUTING.md#changelog
• Pull request includes screenshots or videos if containing UI changes
• Pull request includes a sign off
• You've made a self review of your PR

[github-actions]

📱 Scan the QR code below to install the build (arm64 only) for this PR.

If you can't scan the QR code you can install the build via this link: https://i.diawi.com/j7BWfq

[bmarty]

I am pretty sure I had done this change in the past, but I cannot find where. The name could be updated too (at line 1)

[bmarty]

I remember having removed this as well :/

[jmartinesp]

Yes, it's quite weird. I remember we removed some binaries from the repo and that re-wrote history. Could that be related?

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (9e5b462) 57.62% compared to head (9a3e2eb) 57.62%.
Report is 6 commits behind head on develop.

❗ Current head 9a3e2eb differs from pull request most recent head a2587b0. Consider uploading reports for the commit a2587b0 to get more accurate results

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #1238   +/-   ##
========================================
  Coverage    57.62%   57.62%           
========================================
  Files         1066     1066           
  Lines        27677    27677           
  Branches      5713     5713           
========================================
  Hits         15948    15948           
  Misses        9244     9244           
  Partials      2485     2485           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ElementBot]

	Warnings
⚠️	gradle/libs.versions.toml#L13 - A newer version of androidx.core:core-ktx than 1.10.1 is available: 1.12.0
⚠️	gradle/libs.versions.toml#L18 - A newer version of androidx.lifecycle:lifecycle-runtime-ktx than 2.6.1 is available: 2.6.2
⚠️	gradle/libs.versions.toml#L25 - A newer version of androidx.compose:compose-bom than 2023.08.00 is available: 2023.09.00
⚠️	gradle/libs.versions.toml#L95 - A newer version of androidx.compose.material3:material3 than 1.2.0-alpha06 is available: 1.2.0-alpha07

Generated by 🚫 dangerJS against a2587b0

[jmartinesp]

Ok, Sonar CI times are back to 10-15min, instead of 35-60min.

[jmartinesp]

About the 2 vulnerabilities, they are false positives as we know they exist and the keys mentioned are intentionally public, right?

EDIT: it's confirmed they're false positives, they've been addressed in Sonar.

[bmarty]

Thanks for looking at this Jorge!

[bmarty]

Just to confirm, the work-around is not needed anymore?

[jmartinesp]

They recently added support for KMP source sets, so I'd be really surprised if they didn't support the default Kotlin ones 😅 . But yes, the analysis seems to be working fine after removing these lines. I couldn't find where this support was added though.

[bmarty]

Maybe add a comment above that 4.3.1.3277 is problematic, because Renovate will try to upgrade again.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

No Coverage information
0.0% Duplication