It sounds to me like your SonarCloud organization and projects are not actually bound to GitLab.
I recommend that you delete your existing projects and organization on SonarCloud, log out, and then log back in using your GitLab credentials. Once you are logged in you can click the “+” in the top right and “analyze new project”, then follow the prompts. You will be guided through creating a new SonarCloud org that corresponds with your existing GL org, after which you should be able to import the projects you want from that org into SC. The org and these imported projects will be properly bound to SC and merge request decoration should work automatically.
We followed what you are describing here at the beginning when we set everything up (at the beginning of this year) and it seems that both are well linked.
Because we have a lot of projects that implies many teams, it is not an acceptable way to go for us to delete everything and start again…
Our Sonarcloud account is bound to Azure AD, connecting everything again through GitLab is - unfortunately - a no-go.
Isn’t there another way of integrating Sonarcloud and GitLab?
Pull request analysis is available for all four repository services: GitHub, BitBucket Cloud, Azure DevOps and GitLab. @rictorres, you would not need to switch to GitLab to get PR analysis, as you seemed to suggest, it should be available on your existing AzDO setup.
However,
In all cases, PR analysis is only available for bound repositories, i.e., repositories that have been imported according to the procedures outlined in Getting started with Azure DevOps and Getting started with GitLab (and similar, for the other two repo providers)
You can determine if your project is bound to the repository by checking for the repository provider symbol in the top left of the project page. If your project is bound then hovering over the symbol should reveal “this project is bound to…”, something like this:
With GitLab, PR analysis is only available if you are also using GitLab CI/CD.
It is technically possible that your repositories are not bound. But, for that to be the case, you (or whoever did the setup) would have had to manually create an organization and project on SonarCloud and then manually configure the SonarScanner tool in your build environment to use those org ID and project ID. This is usually only done in very specific circumstances and is not really a recommended way of doing things.
I would first of all double-check if your projects are bound. If they are, then we can narrow down the issue further.
So, this is good news! Your project is bound and you are using the GitLab CI/CD, so PR decoration is supported and indeed it should work right out-of-the-box.
But, apparently, it is not working. Is that correct?
@gbrissonnette
Can you go to [your project] > Administration > Background Tasks
and give us a screenshot or give us some of the IDs of the tasks listed there?
@gbrissonnette Sorry I missed this earlier in the thread, but in fact while your organization is bound, your project is not (there is a difference between these two types of binding).
This is almost certainly the reason that you are not getting PR decoration.
Currently, we do not support binding an already created, unbound project. So, you will have to create a new project by importing the repository through the SC import process.
Could you share how you have set-up your CI pipeline to run the SonarCloud analysis?
Did you set the projectKey of the newly created project or are you still using the projectKey of the older project?
In the pictures you shared one references the projectKey groupemutuel.io_fcot-backend while the other references groupemutuel.io_fcot-api. I assume this is just a copy-paste error though .
Could you share your CI configuration that invokes the scanner? If you are using GitLab pipelines that would be in your .gitlab-ci.yml
It’s not standard to have multiple different projectKeys in one project, could you explain a bit more about the structure of your project? For example:
Do you want the code scan results from the two submodules to show up in a separate project on SonarCloud?
Is there code that doesn’t fall under the fcot-api or fcot-infermedica-proxy module?
On the pom reactor we have: sonar.projectKey == groupemutuel.io_fcot-backend and sonar.organization == groupemutuelio
on the pom of the module1 we have sonar.projectKey == groupemutuel.io_fcot-api
on the pom of the module2 we have sonar.projectKey == groupemutuel.io_infermedica-proxy
I have no specific needs. Everything can be wrapped up in the same SC project it is fine for me. Just let me know what needs to be changed in my configuration and I will do it