we are using sonarqube in our CI-Pipeline. The scans run on new branches in our merge requests pipelines and as well after merge in our main pipeline.
We are trying to achive, that our developer get quick feedback during the merge request pipeline that will match the findings of the master pipeline after merge.
The problem that we encounter is that the scan findings in our merge request pipelines differ from the findings after merge. Means the merge request pipeline has no findings and after merge they appear in the main pipeline.
I understand it’s due our new code definition, which is set globally to “previous version” per default.
What we need is a way to define a new code definition “reference branch” for merge requests and use the new code definition “previous version” for the main branch.
Is there a way to configure it conditionally based on branches through fixed analysis parameters?
For example, set main branch to “previous version” and all others to “reference branch”.
We would like to avoid creating sonar.properties files in ci-jobs or do it via the api.
If you’re using Pull Request Analysis, the “New Code Period” is always the changed lines when compared to the target branch sonar.pullrequest.base That overrides anything else you might have configured (stated another way: there’s no New Code Period for PR analyses other than the diff between your PR branch and the target branch).
Could you share some examples? Maybe there’s just something that’s affecting your PR analyses, and we can fix that.
thank you for your reply and sorry for the late response.
Your post gave me an idea and I finally could manage to test it.
My problem was, that our gitlab pipeline were not defined as merge request pipeline, which means that gitlab creates branch pipelines per default and in those branch pipelines sonarqube won’t get the right reference.
So defining the pipeline properly works as expected. Sonarqube recognizes the new code.
If any of you is wondering how to define your pipeline as merge pipeline in gitlab, here an example snippet.
#Add this to your jobs(s)
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- when: never