Cannot get PR decoration working with SonarQube Enterprise

Hi Janos,

I am using Enterprise edition of Sonarqube.

I followed the Sonarqube documentation https://docs.sonarqube.org/latest/instance-administration/github-application/ and created the GitHub app and then configured the Sonarqube global settings instance as mentioned in the documentation.
Now, what else I need to do for integration because after doing all these I am not able to see any PR checks decoration.
Do I need to use Jenkins in between or to write script for cron job to do integration?
I am really confused…please help me in that .

I am attaching the Git App and Sonarqube page for reference.
image|690x413

Thanks,
Nisha

Hi @Nisha_Sahay,

Please answer all of these questions:

  • Do you have paid support for SonarQube Enterprise?
  • Which version of SonarQube Enterprise are you using?
  • How do you run the scanner (which scanner, which parameters)
  • What do you see on SonarQube, for example: pull request is listed correctly, with a “See the PR” link to GitHub, but no decoration, some warnings: “x, y, and z”
  • Can you see in the logs of SonarQube any messages related to GitHub integration? There should be something during server startup, and when PR decoration is not happening, then also for each PR created.

Hi Janos,

  1. I am using Sonarqube 7.7 version.
  2. No…I don’t have paid service for Sonarqube .
    3)I am using plugin to run the scanner in my maven projects…

    org.sonarsource.scanner.maven
    sonar-maven-plugin
    3.4.0.905

    And then adding the sonar properties in the pom.xml file of the project.

    <sonar.host.url>http://…</sonar.host.url>
    <sonar.projectKey>{project_key}</sonar.projectKey>
    <sonar.projectName>I{project_name}</sonar.projectName>
    <sonar.projectVersion>1.0</sonar.projectVersion>

    And when I run on my terminal mvn sonar:sonar after doing mvn clean install the code coverage is being successfully reflected on my Sonarqube dashboard.
    4)But now I want to Integrate Sonarqube with GitHub for the PR checks decoration…
    5)So, as per your documentation mentioned https://docs.sonarqube.org/latest/instance-administration/github-application/ I created the GitHub app whose screenshots I send you in earlier post for reference and then configured the Sonarqube global settings instance as mentioned in the documentation.
    But after that I am not able to see and link for the PR checks to Github.
  3. I haven’t used any CI engine in between like Jenkins…do I need to use any CI engine or can be done by writing shell script and schedule it in a cron table.
    7)I have done only the two things which is mentioned in the documentation of Sonarqube .
    8)No, I am not able to see any logs or messages related to Github Integration.

Please help me in doing this.
Thanks,
Nisha

Hi Janos,
You haven’t replied to my questions…please help me in resolving my issues for integration of Sonarqube with Github

Looking forward to your reply.
Please reply as soon as possible.

Thanks,
Nisha

Hi Nisha,

Thanks for the details!

What I see missing is the parameters needed for pull request decoration, such as sonar.pullrequest.key, sonar.pullrequest.base, sonar.pullrequest.branch. Do you set those when running the scanner? (That is, when you’re running mvn sonar:sonar ....) See also the relevant documentation.

When running the scanner like that (passing the required parameters), you should see the pull request analysis on SonarQube. The pull requests are in a dropdown menu next to the project name. The pull request page should have a link to the PR on GitHub, where you should see Checks created by your GitHub App.

Please give the above a try, and let us know how it goes.

Hi Janos,
Thanks for the reply.
I will try to do that and will let you know if it works or not.

Thanks,
Nisha

Hi Janos,

I added the following parameters in my project pom.xml sonar.pullrequest.key , sonar.pullrequest.base , sonar.pullrequest.branch but still I am not getting any link for GitHub App ,I am only getting this page under the project name.And one more thing what should I give for the sonar.pullrequest.key?

The value for sonar.pullrequest.key should be the pull request number on GitHub. For example, if the URL of the pull request on GitHub is https://github.com/user/repo/pull/19, then the key is 19.

If you see a warning like the one you pasted, then look in your SonarQube logs for more clues.

HI Janos,
I am not seeing any logs …I am seeing only these logs in “ce.log” in Sonarqube
2019.08.12 21:03:53 INFO ce[AWyHpPf8G25SM2IiiFVy][o.s.c.t.s.ComputationStepExecutor] Publish task results | status=SUCCESS | time=0ms
2019.08.12 21:03:53 INFO ce[AWyHpPf8G25SM2IiiFVy][o.s.c.t.s.ComputationStepExecutor] Trigger refresh of Portfolios and Applications | status=SUCCESS | time=0ms
2019.08.12 21:03:53 INFO ce[AWyHpPf8G25SM2IiiFVy][o.s.c.t.CeWorkerImpl] Executed task | project=SampleProject | type=REPORT | pullRequest=221 | id=AWyHpPf8G25SM2IiiFVy | submitter=Admin | status=SUCCESS | time=2108ms

Is there any improvement when you provide the correct value for sonar.pullrequest.key?

Hi Janos,

No, I am not getting any logs in Sonarqube related to Github PR after adding the sonar.pullrequest.key.
And the warning is still there.Can you please guide me what shall I do to get the PR checks decoration in Github

Hi Nisha,

For your version of SonarQube (7.7), the correct documentation to configure the integration is here: https://docs.sonarqube.org/7.7/instance-administration/github-application/
It’s a little bit different from the latest one that you linked, for example the configuration of the private key. Please follow this one carefully!

Note that these properties don’t belong to your project, but to a specific pull request, so it’s not appropriate to put them in pom.xml. Pass them on the command line, something like:

mvn sonar:sonar -Dsonar.pullrequest.key=...

Let me know the complete parameters that you are passing (ok to mask the sensitive values).

Lastly, are you integrating SonarQube with GitHub Enterprise? And are you sure you set the GitHub API URL setting correctly?

Hi Janos,

Thanks for the reply.

Now I am getting in my Sonarqube under the Project->Overview as “See the PR” link beside Passed but as you can see in the screenshot there is no lines of code it is showing, only “0.0% Duplications on 86 new lines” it is reflecting which is nothing but the pom.xml lines of code.

And,In Github,it is only showing this under the Pull Requests->Checks Tab but no analysis and no code review

While doing mvn sonar:sonar…I am getting the following warnings:-
[INFO] SCM provider for this project is: git
[INFO] 9 files to be analyzed
[INFO] 0/9 files analyzed
[WARNING] Missing blame information for the following files:
[WARNING] This may lead to missing/broken features in SonarQube.
Please help me in this.

I need your responses to all those points above in order to help you!

The files listed under this message have uncommitted changes or not under version control. If those files should be analyzed, then commit them first.

The pull request analysis shows only the changed files relative to the base branch. If only the pom.xml has changed, then that’s all you will see.

Hi Janos,

I am setting the GitHub API URL :- www.github.com/api/v3

I am getting the web.logs as following:-
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:264)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1156)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
at org.sonar.core.util.DefaultHttpDownloader$BaseHttpDownloader$HttpInputSupplier.getInput(DefaultHttpDownloader.java:272)
at org.sonar.core.util.DefaultHttpDownloader.readString(DefaultHttpDownloader.java:111)

And in command line after doing mvn sonar:sonar …I am getting this error:-
[WARNING] Missing blame information for the following files:
[WARNING] * pom.xml
[WARNING] This may lead to missing/broken features in SonarQube

Before doing Github Integration with Sonarqube when I was running the mvn sonar:sonar…Its not giving me this error, it was running fine scanning all submodules of my project…but I don’t know why after trying to do integration its giving this error?

It seems you are trying to integrate with github.com, which is not officially supported. (Notice the documentation describes the procedure for GitHub Enterprise, which is different, it’s the on-premise product of GitHub.) However it will probably work, but the API URL to use in this case should be https://api.github.com

It is a warning, not an error. I explained what it means in my previous message. It has nothing to with GitHub integration.

Hi Janos,
I am setting github api instance url as:- https://github.company.com/api/v3

Actually it’s unclear to me why this warning is coming,it doesn’t appear before when doing mvn sonar:sonar but after doing integration it’s appearing.

Let me know the complete parameters that you are passing (ok to mask the sensitive values).

Hi Janos,

I am passing in my root pom :-
org.sonarsource.scanner.maven
sonar-maven-plugin
3.4.0.905

<sonar.host.url>http://…</sonar.host.url>
<sonar.projectKey>{project_key}</sonar.projectKey>
<sonar.projectName>I{project_name}</sonar.projectName>
<sonar.projectVersion>1.0</sonar.projectVersion>

And also passing the analysis parameters:-
Sonar.pullrequest.key
Sonar.branch

Why it is not scanning the sub modules of the project and giving warning as “Missing blame information for the following files :*pom.xml”

These parameters are not enough for pull request analysis. You need also:

  • sonar.pullrequest.base
  • sonar.pullrequest.branch
  • sonar.pullrequest.provider

And I would like to see the values you are setting, if not sensitive. Passing all the required parameters with the right values is the key to understanding why you’re not getting the results you want, and how to fix it.

Why do you think it is not scanning sub-modules? Please share the sources of your assumptions.

I already explained this: “The files listed under this message have uncommitted changes or not under version control. If those files should be analyzed, then commit them first.” Which part of this explanation you do not understand? Please be specific, otherwise I don’t know how to answer.