Hello,
So I understand that running sonarscanner from GitLab pipelines on merge requests will trigger a pull request analysis. (These pull request analysis only analyze new/changed code rather than the whole scope of code that’s analyzed on a regular branch analysis.)
We have had a few instances where we have new code smells post-merge (i.e Unused “using” should be removed) but nothing was picked up on the Merge Request analysis because the new/changed code was all OK.
Basically we want to run a full analysis on all code files when the pipeline is triggered by a merge request.
There’s no difference in the pipeline that gets run in the merge requests and on actual branches, the scanner somehow knows its a merge request and acts accordingly.
I have tried to overwrite the following analysis parameters to trick the scanner to think its not running on a merge request.
- sonar.pullrequest.provider
- sonar.pullrequest.branch
- sonar.pullrequest.key
e.g. dotnet sonarscanner begin /k:$SONAR_PROJECT /v:$VERSION_NUMBER /d:sonar.token=$SONAR_TOKEN /d:sonar.host.url=$SONAR_HOST_URL /d:"sonar.cs.opencover.reportsPaths=**/coverage.opencover.xml" /d:sonar.qualitygate.wait=true /d:sonar.qualitygate.timeout=1000 /d:sonar.junit.reportPaths=test/****.****.****.Tests,test/****.****.****.ApiTests /d:sonar.pullrequest.provider="" /d:sonar.pullrequest.branch=="" /d:sonar.pullrequest.key==""
This does not work - e.g. The format of the analysis property sonar.pullrequest.provider= is invalid
Maybe the scanner is picking up environment variables exported by GitLab. E.g. something from here
What do I need to do to get the scanner to run full analysis on merge/pull requests.
Catching these pre-merge is the only option for our workflow. And our automated ci/cd processes make it hard to run pipelines without them being on MR’s (i.e just on a branch). Our merge request pipelines actually run on what would be the result of the merge (merged_results_pipelines).
We are using SonarQube Developer Edition* Version 9.9 (build 65466).
We are using the .Net SonarScanner installed as a dotnet tool (dotnet-sonarscanner 5.14.0).
We are using a self-hosted version of GitLab.
We are using a docker executor GitLab runner.