Azure DevOps Pull Request Decoration is adding Comments on Files not involved in the Merge

dschwartz · June 23, 2021, 12:51pm

SonarQube 8.8
C# Scanner
Azure DevOps Pull Request Decoration

I have Sonar Pull Request Decoration for Azure DevOps. Until recently, it only added comments of Code Smells on files that were changed in the Pull Request. In the past few days, it started marking up pull requests with unrelated changes. What can I do to prevent this situation?

matthieug · September 2, 2021, 8:02am

SonarQube 8.9.2
C++ Scanner
Azure DevOps Pull Request Decoration

Same issue here.
On each pull request, sonar decorate all files modified since the last full scan, even if the file is not involved in the pull request.
If the full scan run between two pull requests, there is no issue. It’s major drawback because a full scan take a while and can’t be run after each merge.

Jeff_Zapotoczny · September 9, 2021, 1:56pm

Hi @matthieug, and first of all welcome to the SonarSource Community!

This is likely to be the source of the problem. You don’t automate analysis of the target branch?

Jeff_Zapotoczny · September 9, 2021, 1:57pm

@dschwartz, as the original poster here, can you elaborate on whether your situation is like @matthieug’s?

matthieug · September 9, 2021, 2:21pm

Hi @Jeff_Zapotoczny
Yes, our Azure DevOps run analysis automatically after any merge. But if you have two pull requests or more in same time, you can have an issue. Example :

Analysis run on target branch (develop)
PR1 and PR2 are created
PR1 is analysed before merge (no issue)
PR1 is merged
PR2 is analysed => issue : the analysis contains result from PR1 and PR2 because the full analysis have not run yet.

Hope it helps

dmeneses · September 9, 2021, 9:03pm

Hi @matthieug,

If git is being used and the target branch of the pull request is available (fetched in the local repository), the scanner should use git to determine what was changed in the pull request. In that scenario the files showing up in SonarQube should match exactly what you see in your devops platform.

Are you using git in the CI agent running the scan? Could you please post the logs of the scanner with debug enabled?

matthieug · September 13, 2021, 7:50am

Hi @dmeneses ,

Yes, our pipeline use GIT from the Azure DevOps Agent.
Please find attached sonar logs :
log-sonar.txt (2.6 MB)

dmeneses · January 12, 2022, 9:50pm

Hi,
If it’s still relevant, I think the problem you experienced was due to this:

WARN: Shallow clone detected, no blame information will be provided. You can convert to non-shallow with ‘git fetch --unshallow’.

The scanner needs to have access to the git history of the project to be able to build a diff between branches. Please change the way you clone the git repository. This will also affect other features in SonarQube, such as auto assignment of issues.

matthieug · February 7, 2022, 9:57am

Hi,
@dmeneses git fetch without shallow fix the issue for me.

Thank you.

system · February 14, 2022, 9:58am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.