Hello, I’m using Sonar 8.8.0.42792 Developer Edition with an eval license. I am attempting to integrate with GitHub so my team will have PR decorations from SonarQube. I’ve worked through all the instructions, but am stuck on the step that requires GItHub to build and analyze the project.
When GitHub attempts to run:
mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
The problem is our artifacts are not in the central maven repo, but in a private repo not accessible by GitHub. Is this going to be a blocker for us? Is there any way to proceed with GitHub unable to access our private artifact repository?
The project must be built/analysed somewhere, but not necessarily by GitHub (SonarQube is what decorates the Pull Request, not the scan). Where do your build/analyses happen today?
I think the TeamCity SonarQube Plugin (owned by JetBrains, not SonarSource) has worked out the auto-configuration of this.
SonarQube Branches & Pull Requests Build Feature
Branches and Pull-Requests analysis parameters automatically provided on build from VCS build information, using SONARQUBE_SCANNER_PARAMS environment variable. It requires TeamCity v2019.2 and SonarQube Developer Edition or above.