Adjust GitLab merge request decoration depending on SonarQube project status

Hello,

we are facing a problem described as part of this issue: GitLab integration as external status check instead of failing the ci pipeline - SonarQube / Product Manager for a Day - Sonar Community (sonarsource.com).

Quote
The recommendation to prevent merge of MRs containing failing quality gate is to fail the corresponding pipeline.

However, we often have this workflow:

  • A quality gate is failing for a change
  • Some findings are marked as “won’t fixed” directly in SonarQube
  • The quality gate is green again.

With the current proposed integration, this means we have to rebuild the pipeline.
End quote

We have the same kind of workflow. What we are looking for is this: When the quality gate is green again, after choosing “wontfix” on SonarQube for example, there should be an API call to GitLab to trigger or restart the pipeline automatically, such that the merge request decoration is set to what is reported on the SonarQube side. The relevant API call would be this one I think: Pipelines API | GitLab. SonarQube knows where to put the merge request decoration, so it must know about the merge request ID/IID. The specific pipeline could be figured out using the Merge Requests API.

Is there already such a feature? If not, this issue can be seen as a feature request.

SonarQube server details:

  • SonarQube 10.6 (build 92116)
  • Self-managed, deployed using Docker

GitLab server details:

  • GitLab 17.1.6
  • Self-managed

Best regards,
Timo Reichl

Hi Timo,
Thank you for your insight on this. We would like to align the use of Gitlab status check to what we did for other DevOps platforms. We currently don’t have this initiative in our roadmap, but we recorded your issue to discuss it with the team, and we’ll update this thread if anything changes.

Hi Farah,

thanks for the reply! I’m looking forward to the result of your internal discussion about the topic.

Hey @treichl

Check my update here: SonarQube/GitLab Integration: Set merge request approval - #4 by Colin

I was a little confused when I re-read this post because I’m quite sure that SonarQube already works as you describe (updating the decoration on issue changes, independent of whether the pipeline has run). I have used SonarQube for so long that I remember what a big deal it was in SonarQube v7.0 when the QG got updated on issue changes without a new pipeline run!

And in fact, in my testing, this is how it works:


There was no new pipeline run between these two screenshots, just SQ updating the decoration!

Hi Colin,

thanks for the reply! That looks promising. I will discuss internally with my team if we can reproduce your testing and report back.