I have a mono-repo (enterprise license support) that runs multiple scans within it’s CI workflow for different parts of the code base during a Github PR (Github actions). Each one of these scans is it’s own project on the SonarQube server (About 20 projects). When the scans are finished, a comment is posted on the PR for each project. I was wondering if there was a way to combine these results and only have one comment appear on the PR? I’ve looked a little into applications but I think this only works for branch scans and not PR scans?
Wondering if anyone has time to look at this question?
Thank you for your insight and sorry for the delay.
To answer your question, today it’s not possible to combine these results. I’m wondering why you would prefer to see it that way. Could you elaborate on this?
And you are absolutely right about Applications, it doesn’t work for PR scans but only for branch scans.
Currently, we have other “checks” in the CI pipeline that post other comments onto the PR. Due to our repository being a mono-repo, we have to perform multiple scans on different areas of the code. This creates a PR comment for each scan we do which is about 20-25 C++ projects. Having this many comments can create a bad user experience for our devs navigating around their PRs. I’ve seen workarounds where other folks have taken their build-wrapper-output.jsons and merged those into one file to have one project but I’ve found this to be messy and we do like the multiple project view from the SonarQube server side.
Thank you for your answer.
That is an interesting topic indeed and a great opportunity.
Generally when you create PRs, is it only related to one specific sub-project of the mono-repo or could it be on multiple ones?
Let’s imagine you modify different areas of the code (multiple sub-projects) and you create a PR, would you prefer to have one combined comment or one comment for each sub-project that has been modified?
I think we would prefer to have one combined comment while still keeping the sub projects on the server for better organization of where issues appear. I’ve been playing around with a python script to test out this concept. The idea being:
Based on a pre-defined set of project keys and a PR number, use the sonar api to retrieve qualityGateStatus value for each Project’s PR result.
Format the results into a string:
""" [COMMENT_HEADER]\n Project 1\t Result: [qualityGateStatus value]\n Project 2\t Result: [qualityGateStatus value]\n ... [COMMENT_FOOTER] """
- Use the github api to post the comment. If the comment has already been posted and the developer has committed a new change, which will re-run the scans, we should update the original comment with the new results instead of posting a new comment.
Thank you for your answer and concept about the topic, we really appreciate you took the time to share it.
It’s not something that we will consider for the roadmap at the moment but we’ll keep a record of this and continue to look out for similar requests.