I followed the Sonarqube documentation https://docs.sonarqube.org/latest/instance-administration/github-application/ and created the GitHub app and then configured the Sonarqube global settings instance as mentioned in the documentation.
Now, what else I need to do for integration because after doing all these I am not able to see any PR checks decoration.
Do I need to use Jenkins in between or to write script for cron job to do integration?
I am really confused…please help me in that .
I am attaching the Git App and Sonarqube page for reference. image|690x413
Do you have paid support for SonarQube Enterprise?
Which version of SonarQube Enterprise are you using?
How do you run the scanner (which scanner, which parameters)
What do you see on SonarQube, for example: pull request is listed correctly, with a “See the PR” link to GitHub, but no decoration, some warnings: “x, y, and z”
Can you see in the logs of SonarQube any messages related to GitHub integration? There should be something during server startup, and when PR decoration is not happening, then also for each PR created.
And when I run on my terminal mvn sonar:sonar after doing mvn clean install the code coverage is being successfully reflected on my Sonarqube dashboard.
4)But now I want to Integrate Sonarqube with GitHub for the PR checks decoration…
5)So, as per your documentation mentioned https://docs.sonarqube.org/latest/instance-administration/github-application/ I created the GitHub app whose screenshots I send you in earlier post for reference and then configured the Sonarqube global settings instance as mentioned in the documentation.
But after that I am not able to see and link for the PR checks to Github.
I haven’t used any CI engine in between like Jenkins…do I need to use any CI engine or can be done by writing shell script and schedule it in a cron table.
7)I have done only the two things which is mentioned in the documentation of Sonarqube .
8)No, I am not able to see any logs or messages related to Github Integration.
What I see missing is the parameters needed for pull request decoration, such as sonar.pullrequest.key, sonar.pullrequest.base, sonar.pullrequest.branch. Do you set those when running the scanner? (That is, when you’re running mvn sonar:sonar ....) See also the relevant documentation.
When running the scanner like that (passing the required parameters), you should see the pull request analysis on SonarQube. The pull requests are in a dropdown menu next to the project name. The pull request page should have a link to the PR on GitHub, where you should see Checks created by your GitHub App.
Please give the above a try, and let us know how it goes.
I added the following parameters in my project pom.xml sonar.pullrequest.key , sonar.pullrequest.base , sonar.pullrequest.branch but still I am not getting any link for GitHub App ,I am only getting this page under the project name.And one more thing what should I give for the sonar.pullrequest.key?
The value for sonar.pullrequest.key should be the pull request number on GitHub. For example, if the URL of the pull request on GitHub is https://github.com/user/repo/pull/19, then the key is 19.
If you see a warning like the one you pasted, then look in your SonarQube logs for more clues.
HI Janos,
I am not seeing any logs …I am seeing only these logs in “ce.log” in Sonarqube
2019.08.12 21:03:53 INFO ce[AWyHpPf8G25SM2IiiFVy][o.s.c.t.s.ComputationStepExecutor] Publish task results | status=SUCCESS | time=0ms
2019.08.12 21:03:53 INFO ce[AWyHpPf8G25SM2IiiFVy][o.s.c.t.s.ComputationStepExecutor] Trigger refresh of Portfolios and Applications | status=SUCCESS | time=0ms
2019.08.12 21:03:53 INFO ce[AWyHpPf8G25SM2IiiFVy][o.s.c.t.CeWorkerImpl] Executed task | project=SampleProject | type=REPORT | pullRequest=221 | id=AWyHpPf8G25SM2IiiFVy | submitter=Admin | status=SUCCESS | time=2108ms
No, I am not getting any logs in Sonarqube related to Github PR after adding the sonar.pullrequest.key.
And the warning is still there.Can you please guide me what shall I do to get the PR checks decoration in Github
For your version of SonarQube (7.7), the correct documentation to configure the integration is here: https://docs.sonarqube.org/7.7/instance-administration/github-application/
It’s a little bit different from the latest one that you linked, for example the configuration of the private key. Please follow this one carefully!
Note that these properties don’t belong to your project, but to a specific pull request, so it’s not appropriate to put them in pom.xml. Pass them on the command line, something like:
mvn sonar:sonar -Dsonar.pullrequest.key=...
Let me know the complete parameters that you are passing (ok to mask the sensitive values).
Lastly, are you integrating SonarQube with GitHub Enterprise? And are you sure you set the GitHub API URL setting correctly?
Now I am getting in my Sonarqube under the Project->Overview as “See the PR” link beside Passed but as you can see in the screenshot there is no lines of code it is showing, only “0.0% Duplications on 86 new lines” it is reflecting which is nothing but the pom.xml lines of code.
While doing mvn sonar:sonar…I am getting the following warnings:-
[INFO] SCM provider for this project is: git
[INFO] 9 files to be analyzed
[INFO] 0/9 files analyzed
[WARNING] Missing blame information for the following files:
[WARNING] This may lead to missing/broken features in SonarQube.
Please help me in this.
I am getting the web.logs as following:-
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:264)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1156)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
at org.sonar.core.util.DefaultHttpDownloader$BaseHttpDownloader$HttpInputSupplier.getInput(DefaultHttpDownloader.java:272)
at org.sonar.core.util.DefaultHttpDownloader.readString(DefaultHttpDownloader.java:111)
And in command line after doing mvn sonar:sonar …I am getting this error:-
[WARNING] Missing blame information for the following files:
[WARNING] * pom.xml
[WARNING] This may lead to missing/broken features in SonarQube
Before doing Github Integration with Sonarqube when I was running the mvn sonar:sonar…Its not giving me this error, it was running fine scanning all submodules of my project…but I don’t know why after trying to do integration its giving this error?
It seems you are trying to integrate with github.com, which is not officially supported. (Notice the documentation describes the procedure for GitHub Enterprise, which is different, it’s the on-premise product of GitHub.) However it will probably work, but the API URL to use in this case should be https://api.github.com
It is a warning, not an error. I explained what it means in my previous message. It has nothing to with GitHub integration.
These parameters are not enough for pull request analysis. You need also:
sonar.pullrequest.base
sonar.pullrequest.branch
sonar.pullrequest.provider
And I would like to see the values you are setting, if not sensitive. Passing all the required parameters with the right values is the key to understanding why you’re not getting the results you want, and how to fix it.
Why do you think it is not scanning sub-modules? Please share the sources of your assumptions.
I already explained this: “The files listed under this message have uncommitted changes or not under version control. If those files should be analyzed, then commit them first.” Which part of this explanation you do not understand? Please be specific, otherwise I don’t know how to answer.