Bitbucket SonarQube PR checks not detecting errors in new lines of code

SonarQube Server / Community Build
, ,
1

Must-share information (formatted with Markdown):

  • SonarQube Developer Edition Version 10.3 (build 82913)
  • How is SonarQube deployed: zip
  • What are you trying to achieve: Scan Bitbucket PRs
  • What have you tried so far to achieve this: Enable the Sonar Quality Checks in BitBucket

We have SonarQube Development and BitBucket running on promise. We installed the SonarQube integration and enabled it for PR Review. We see many errors in new lines which are not detected during the PR build and are only detected after the Merge. Example:

New code was introduced on this PR

image
image1744×660 110 KB

The scan said everything was green:

image
image1763×921 123 KB

But after the merge it comes the surprise:

image
image1796×910 117 KB

What should we do so that errors on new lines are detected during the PR Review?

Thanks

d

2

Hey there.

This tells me that maybe your New Code wasn’t detected during the PR analysis.

You’ve shown a screenshot of Bitbucket – but could you take a screenshot of the Pull Request analysis in SonarQube? It shouldn’t have been swept up by housekeeping yet. Is there any code in the Code tab? Any analysis warnings in the upper right?

3

Here it goes:

image
image1010×874 67.3 KB

4

Your screenshot show the last analysis had warnings. What are they?

5

SonarScanner will require Java 17 to run, starting in SonarQube 10.4. Please upgrade the version of Java that executes the scanner and refer to the documentation if needed.

The property ‘sonar.login’ is deprecated and will be removed in the future. Please use the ‘sonar.token’ property instead when passing a token.

Could not find ref ‘develop’ in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin. You may see unexpected issues and changes. Please make sure to fetch this ref before pull request analysis and refer to the documentation.

Using Node.js version 14 to execute analysis is deprecated and will stop being supported no earlier than May 1st, 2023. Please upgrade to a newer LTS version of Node.js [18, 20]

6

Here is the issue.

What environment is your analysis configured in (Jenkins, Azure DevOps, Bitbucket Pipelines, Bamboo, etc…) – and in that environment, have you made sure shallow clones are disabled?

7

Hi Colin ,

We use Bitbucket for the PRs and Bamboo for the build.

Thanks

8

I think “shallow” clones are the default in Bamboo, and I’d refer to some Atlassian documentation on Bamboo/Git to figure out how to disable them.

9

Hi Colin,

Thanks for the investigation. The problem of disabling shallow clone is that it might add a considerable overhead to our builds. How come the Sonar PR view show that there are new lines but the analysis cannot identify them?

~WRD0000.jpg

10

Hi @Colin ,

Coming back to this point. I have another example here. For this repo, the shallow clone is surely disabled:

image
image1063×741 36.5 KB

But the PR identify 0(!) changed lines:

image
image1807×545 39.5 KB

And the warning is still there:

“Could not find ref ‘development’ in refs/heads, refs/remotes, refs/remotes/upstream or refs/remotes/origin. You may see unexpected issues and changes. Please make sure to fetch this ref before pull request analysis and refer to the documentation.”

How do we fix this? The number of bugs is piling up in all projects.

11

Are your branches stored in a “custom” remote? This thread comes to mind:

12

Hi @Colin ,

I found out what the problem was. For your reference: In Bamboo by default only the current branch is cloned. To change this behavior, you must configure the “Linked Repository” in Bamboo to “Fetch whole repository”:

image
image1027×587 28.8 KB

Thanks for the help,

Bruno Marotta

1 Like
13

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.