How to manually set the correct quality gate on FIRST build, with old branching support?

I’m using SonarQube Version 6.7.3 (build 38370). I’m NOT using the new branch support.

I’m trying to implement automated builds of pull requests, integrating BitBucket and Jenkins with SonarQube. As I’m not using the new branch support, I’m setting “sonar.branch” instead of “sonar.branch.name”. As a result of this, I get a separate project for the pull request. This is ok, as I have automation that deletes the SonarQube project when the pull request branch is deleted (when it is merged).

What isn’t working correctly is that the pull request SonarQube project sometimes gets the wrong quality gate assigned to it on first creation. It’s not acceptable to have to modify it after the fact. If the wrong quality gate is assigned, and the correct thresholds are not observed, the pull request could be marked as mergeable, even though it violates our quality guidelines.

I know the name of the required quality gate. Is there a Sonar property I can set in the build (using the Maven plugin), which will ensure that the resulting project has the correct quality gate?

If there’s no way to include this information on the initial scan, is it possible to call the SonarQube REST api before I run the scan, to ensure the project is created, and set the quality gate for it, and then run the scan?

I can’t find the documentation for the REST api for recent versions.

I noticed https://docs.sonarqube.org/pages/viewpage.action?pageId=2752810#WebService/api/qualitygates-AssociateaProjecttoaQualityGate , but that appears to be obsolete. That page has a link to the new documentation, but I don’t see any description of the REST api there.

David,

Documentation on the REST API endpoints available to your instance are, as always, available at [your_instance]/web_api

If the quality gate you need selected is not the default quality gate on your instance, you could use the POST api/qualitygates/select to set the desired quality gate on your new project.

It’s also probably worth mentioning that sonar.branch is deprecated and as a result will eventually be removed (I think the usual removal timeline is two major versions? So sometime in 8.x. Purely speculation as a non-SonarSourcer. Worth thinking ahead about though if you don’t plan on using the new branch functionality (or pull request functionality, which became available in 7.2)!

Colin

Thanks for the link to the api doc.

My problem with using the “api/qualitygates/select” is that I think I would need more than that.

Here’s the problem. Say I’m about to run the SonarQube scan for a pull request branch, and it’s likely before the scan runs, the project doesn’t exist. It doesn’t seem likely that executing “api/qualitygates/select” BEFORE the sonarqube scan would help, as the project doesn’t exist yet. It also won’t help to do this AFTER the scan completes, because by that time it’s already processed the quality gate, and it will have done it with the wrong quality gate.

If there’s an api I can call to CREATE the project before using the “api/qualitygates/select” api to set the quality gate, and THEN run the sonarqube scan, than that could work. I haven’t looked at the api set yet. Is that feasible?

I’m well aware that sonar.branch is deprecated. However, the situation with sonar.branch.name is unworkable at this point. The integration with BitBucket simply doesn’t work with the new branch system, and even if it did, the new branch project omits coverage and duplication info.

We’re still on 6.7, so I don’t know what this pull request functionality is in 7.2.

David,

Check the web api documentation when you get the chance. There’s an api/projects section including a project creation API. Basically everything you can do through the UI you can do through the Web API.

Colin

1 Like

Ok. It appears that I’m also going to have to do this for quality profiles, in addition to quality gates.

I haven’t tried to create a project yet with the api, I’m first making sure I can retrieve the information I need. I was able to get the quality gate id of my “base” project, but I don’t see a way to get the same information for the quality profile. There is no “get_by_project” in quality profiles like there is for quality gates.

I did try “api/qualityprofiles/search”. I added “project=xxx” as the single request parameter, hoping that that would return the quality profile for that project, but it simply returned all quality profiles.

I’m talking to other people who are using this same operation, and it’s working as expected. There must be something wrong with how I’m specifying the project name. Still looking at this.

It appears that if I add the “language” parameter, it makes this work, which doesn’t make much sense.

David,

A project is 1:1 with a quality gate.

A project may have many quality profiles, 1 for each language being analyzed for a project. It’s expected that if you have multiple languages, you would see multiple profiles returned absent the language parameter.

If you provide the URLs (company name, project name etc. redcated if necessary) you’re trying, the community might be able to help you more.

Colin

I’ve gotten past this. I was wondering about the cardinality of those relationships, and that explanation helps me understand what I had to do.

In any case, I’ve been able to get all of this working. I was able to get the quality gate and quality profile (for java) from the “base” project, then manually create the pull request project, then manually assign the qate and profile, and THEN let it run the scan. This ensures that the project will work as expected on the first run. If the project already exists before that point, or if the correct gate and profile were already assigned, it appears to be harmless.

1 Like

Hi David, we have exactly the same situation. Could you maybe summarize your final solution? Thank you very much!

I have added a new thread to discuss this: Automated scan on new code – How do I specify the quality gate for the first scan to use? - SonarQube - Sonar Community (sonarsource.com)