I am using Sonarqube Enterprise 9.9.7. All my Java repos have Sonarqube workflows in their repos to run the analysis on PR and after the merge to master. Currently, all the projects are being analyzed on our custom Java quality profile with approximately 40 rules. Progress of repos is tracked through grades on new code (we focus on new code only and we use default new code definition i.e. previous version).
Now I want to see my portfolio grades for different quality profiles. I am trying to create a duplicate sonar project with a modified project key and a different quality profile (say 100 rules). To be able to compare the two projects side by side, I need new code of both to be the same but since the original project’s new code started 2 or 3 months ago, I am trying to find a workaround to set same baseline for duplicate repo as well as new code.
What I have tried till now:
I stored the original commit hash when the baseline was truly set for the original project and then I did the following in IDE:
git checkout -b $TEMPORARY_MAIN_BRANCH $ORIGINAL_COMMIT_HASH
then I built and ran the analysis:
mvn clean verify sonar:sonar -Dsonar.projectKey=$PROJECT_KEY -Dsonar.projectName=$PROJECT_NAME -Dproject.version=0.0.1
It is exactly what we run in Github actions. This does the first analysis on duplicate project.
For running the next analysis, I do this:
git merge origin/$MAIN_BRANCH --no-commit --no-ff
mvn clean verify sonar:sonar -Dsonar.projectKey=$PROJECT_KEY -Dsonar.projectName=$PROJECT_NAME -Dproject.version=0.0.1
This way I can see staged changes from that commit in my IDE and when analysis is run, I can see some new code in the duplicate project. However, it only treats the lines as new code which are part of new files in staged changes, and for the line changes in modified files, it directly goes to the whole code and not part of the new code. So, new code is different on both projects.
I don’t know why is it happening but can you help me if there is a way to achieve what I want? Or why are modified lines not treated as new code while backtesting?
Is there any simpler way to clone the sonar project and run the analysis using different profile to have a side-by-side comparison?