Empty report for Pull Request analysis (Github/Bitrise)

andy.cs · September 28, 2021, 5:21pm

After running pull request analysis for the Swift project - the empty report is always generated.

Sonar-scanner properties:

            sonar.projectKey=project-ios
            sonar.sources=$BITRISE_SOURCE_DIR/Sources
            sonar.exclusions=$BITRISE_SOURCE_DIR/Pods
            sonar.host.url=correct-url.com
            sonar.login=$SONARQUBE_LOGIN
            sonar.c.file.suffixes=-
            sonar.cpp.file.suffixes=-
            sonar.objc.file.suffixes=-
            sonar.coverageReportPaths=$BITRISE_SLATHER_REPORT_PATH
            sonar.swift.swiftLint.reportPaths=$BITRISE_DEPLOY_DIR/swiftlint_report.json
            sonar.verbose=true
            sonar.pullrequest.key=$BITRISE_PULL_REQUEST
            sonar.pullrequest.branch=$BITRISE_GIT_BRANCH
            sonar.pullrequest.base=$BITRISEIO_GIT_BRANCH_DEST
            sonar.pullrequest.github.repository=some/repository
            sonar.scm.revision=$BITRISE_GIT_COMMIT
            sonar.pullrequest.github.endpoint=https://api.github.com/

Setup: Sonarqube Enterprise Edition Version 8.7.1 (build 42226), SonarScaner 4.6.2.2472 (from Bitrise step)

It works fine for branch analysis.

ganncamp · September 29, 2021, 5:36pm

Hi,

First, your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.7.1 → 8.9.2 → 9.1 (last step optional)

Regarding your actual question, I notice a few things in your analysis parameters:

The variable is named “source directory”. Is there really a “Sources” directory inside the “source directory”, or is this pathing off?

Since Pods doesn’t appear to be inside Sources, there’s no reason to exclude it. (Tangential, but worth mentioning.)

The place to specify this is not in your analysis parameters but in the server.

Also, can you share your analysis logs?

Ann

junkpiano · November 15, 2021, 9:20am

Hi, @andy.cs @ganncamp

We also ran into this bitrise issue, and found the solution(or workaround). Our case was with Bitbucket Server though.
Simply put, prepending origin/ to sonar.pullrequest.base solved our issue.

sonar.pullrequest.base=origin/$BITRISEIO_GIT_BRANCH_DEST

The reason is in bitrise merge behavior.
Bitrise checkout your base branch first and then merge target branch into base branch.

As you might guess now, on bitrise, base branch == target branch.

sonar-scanner cannot create diff between them, since they are identical, and eventually you got empty results. However, if you add origin/, even if bitrise local behavior is same as the case without origin, sonar-scanner is supposed to compare local target branch with remote base branch which is not merged yet, hence you will get correct results. You might wonder if it’s ok to have origin/ hardcoded, but I think it’s OK, since even bitrise-clone-step also hardcodes origin here and there.

I am not sure if this bitrise checkout is a bug or an intentional behavior. Correct me if I am wrong.
if you are still struggling with this issue, I hope my answer helps you move forward.

Yusuke