GitHub Enterpriste integration

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  SonarQube Developer Edition, version 8.2.0.32929
• what are you trying to achieve
  GitHub Enterprise Pull Request Decoration and Status Check
• what have you tried so far to achieve this
  GitHub Enterprise authentication

We followed documentation from link:
https://docs.sonarqube.org/latest/instance-administration/github-application/
Issue is there’s no Pull Requests option under Administration panel.

Zrzut ekranu 2020-04-21 o 11.34.081434×1854 234 KB

Can you provide us proper link to the documentation which we suppose to achieve what we want in Developer Edition?

Hi,

I think that got renamed to ALM Integrations:

Selection_999(029)984×557 121 KB

We’ll get that fixed in the docs.

 

Ann

@ganncamp Docs update won’t solve our issue. We still can’t get it working with Pull Request Decoration on trial of Developer edition. We followed documentation, it seems enabled, but is not working. Also on brach list we don’t see updating branches. Only the initial branch we have get there manually running scan task.

Hi,

How about some details on specifically what you’re doing and what’s happening in response?

 
Ann

We followed the documentation to enable Pull Request Decoration: https://docs.sonarqube.org/latest/instance-administration/github-application/

We have created SonarQube GHE application, created key pair and installed applicaiton in Github Org/Repository. On the SonarQube ALM Integrations we see green mark as on the screenshot in first post.

Outcome we have:
Nothing happens on creating PR/branch. There is nothing in the logs on System tab. It just don’t work without erroring on any of the sides.

Expected outcome:
Working Pull Request Decoration, refreshing Branches on branches list in SonarQube, have an option to enable Status Check for SonarQube in GHE repository.

I am in the same boat. I have set up the sonarqube 8.2.0.32929, followed the github integration instructions and installed the github app.

What I see is under the Advanced tab in the github app, I see a 404 on every commit that seems to be using the webhook URL that was marked as “not important”.

Untitled775×543 18.6 KB

I do not see any other information, either in sonarqube or in github. Where are the decorations supposed to show up in github?

Sorry if the question sounds basic, but it is not covered in the docs on what to expect now that you have this integration set up.

Hi,

Maybe this is a silly question, but you did actually set up build and analysis for your PRs, didn’t you? I ask because previously the docs didn’t explicitly say you need to run the analysis (we take it so for granted…) and some people just didn’t read that in.

 
Ann

Hi,

G Ann Campbell can you share the link to documentation how to to set up build and PRs analysis?

Based on the documentation from url https://docs.sonarqube.org/latest/analysis/analysis-parameters/ i see those options don’t exist in SonarQube GUI.

Project properties, defined in the UI, override global property values (At a project level, go to Project Settings > General Settings)

Hi,

You’re right; those options don’t exist in the SonarQube GUI because SonarQube doesn’t handle that step (thus I can’t point you to SQ documentation for it either). This should be set up in your CI/CD system.

 
HTH,
Ann

Hello G Ann Campbell,

We need to finish PR Decoration and finalize buying a license for SonarQube Developers Edition. We followed all documentation we’ve been able to find on your Documentations page and most of them seems to be not up-to-date.

We have set up GitHub Enterprise Application for SonarQube.

Zrzut ekranu 2020-05-5 o 11.37.131033×479 52.9 KB

In the advanced settings of GHE Application we see a response from SonarQube to a webhook with this

    window.serverStatus = 'UP';
    window.instance = 'SonarQube';
    window.official = true;</script><script type="module" src="/js/vendors-main.m.e9260f78.chunk.js"></script><script nomodule src="/js/vendors-main.1582644816097.chunk.js"></script><script type="module" src="/js/main.m.9a77a104.js"></script><script nomodule src="/js/main.1582644816097.js"></script></body></html>

While your documentation states Github WebHooks aren’t required how it suppose to work?

We have enabled Pull Request Decoration in SonarQube and the project:

Zrzut ekranu 2020-05-5 o 11.29.51614×512 29.4 KB

Zrzut ekranu 2020-05-5 o 11.30.08543×504 18.3 KB

We have also tried creating a file named sonar-project.properties in the repository root with content:

sonar.pullrequest.key=1
sonar.pullrequest.branch=sonarqube-plugin
sonar.pullrequest.base=develop

it gave no effect and it is hardcoding the branch names in the file.

Effect:
Nothing happens on creating PR/branch. SonarQube isn’t catching changes at all.

Expected outcome:
Code analysis performed on every PR creation in Github Enterprise and additionally status check.

Overall:
Based on the information i’ve sent you please help us set this up properly.

The “PR decoration” feature will just show the progress and result of an analysis with GitHub checks.
It doesn’t actually run the analysis based on triggers from GitHub (with webhooks).

You still need to have some CI pipeline running the analysis. Is that what you are missing?

@dmeneses that’s exactly what was missing. I was pretty sure SonarQube automatically populate the GH Actions or the scanner is ran automatically using Github Webhooks.

That wasn’t obvious based on the documentation that we need 3rd party tools to achieve the PR Decoration. We have it now set up.

Thank you both @dmeneses and @ganncamp for your help.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.