How to merge branch analysis into master?

SonarQube 8.6, Developer Edition

Hi, I’m really new to SonarQube, so please forgive my lack of expertise!

I want the issues set to “False Positive” or “Won’t fix” on a development branch merged back into the master branch. But these issues keep showing after merging the branch into master.

That’s what I did:

  1. I created a new branch for my project at Gitlab.
  2. I defined the sonar-project.properties file for my project.
  3. I executed sonar-scanner and got the branch analysis on SonarQube.
  4. I reviewed some of the reported issues, fixed some at code, changed some others to “False Positive” / “Won’t Fix”
  5. I executed sonar-scanner again, fixed issues are closed, and other issues are kept (good!)
  6. I submit a Merge Request at Gitlab, and my branch gets merged into the master branch.
  7. I checkout my project’s master branch and pull the changes. I confirm my changes have been merged.
  8. I edit the sonar-project.properties file, so the analysis is done in the master branch.
  9. I execute sonar-scaner again (on the master branch)
  10. I expected the master branch at SonarQube to have the “False positive” / “Won’t fix” issues to be resolved, but there they are, reported as open issues again.

Any guideline on how to make this work?
Thanks a lot!

Hi,

Issues aren’t synchronized between branches. Instead, make sure your merge request is analyzed and do your issue maintenance there. Then you should see your FP/WF statuses carry over.

 
HTH,
Ann

Hi G Ann,
thanks for your answer! But I think I didn’t explain the scenario well enough, sorry.

I’m working in just one branch, I don’t want to synchronize issues between branches.
I just expect the SonarQube issues set to FP/WF in this branch to be resolved in master once the git merge request is merged into master.

Does it make sense now?

Hi,

Again, to make that happen, you need to mark the issues FP/WF on the merge request.

 
Ann

Hi Ann,
I will try this, but even if this works, it doesn’t fully address my question: the SonarQube analysis for a merge request will report new issues, issues in the modified code. But it will not report issues on already existing code, and that’s what I’m really trying to resolve.

I created a new branch to fix issues already existing in the master branch. FP/WF do not require a code change, so they are not noticed by the merge request analysis. I cannot mark them as FP/WF because…they are not reported in the merge request analysis, it’s not new code…

Okay! You’re trying to see fixed issues. I get it now.

We’re aware of the need and I’m going to pass this thread on internally as another vote for getting it handled.

And unfortunately, that’s the best I can do right now.

 
:woman_shrugging:
Ann

Hi Ann,
First of all, thanks a million for taking the time to help me with this! But I’m not sure that’s what I want…

I want the issues I mark as FP/WF in a branch to disappear from master when I merge this branch back.

Maybe my workflow is not the correct one (remember I’m a newbie to SonarQube, sorry):

  1. I ran a sonar-scanner in the master-branch and got some issues.
  2. I create a git branch to fix those issues (let’s call it work-branch).
  3. I run a sonar-scanner in the work-branch
  4. I mark some issues as FP/WF
  5. I merge my work-branch into the master-branch
  6. I run a sonar-scanner in the master-branch

The issues marked as FP/WF in the work-branch are still present in the master-branch; I don’t expect these issues to be shown again, they are already fixed.

Once again, thanks a lot for your help!

1 Like

Hello @alex.mera @ganncamp,

I have the same problem, if you have another way to run the analysis I appreciate the information about it.

Best regards,

Susana

Hi Alex,

in your first post you wrote

are they really open or even new = means failing a quality gate with new condition(s) or do they keep their state ?
According to the FAQ this would be the expected behaviour

False-Positive and Won’t Fix
You can mark individual issues False Positive or Won’t Fix through the issues interface. If you’re using PR analysis provided by the Developer Edition, issues marked False Positive or Won’t Fix will retain that status after merge. This is the preferred approach.

Gilbert

Hi Gilbert,
They keep their condition, the quality gate’s failing condition is the same I marked as FP/WF in the work-branch (a “normal” branch, not a PR one).

And if you try this some workflow with a PR branch, sonar-scanner only analyzes the modified code, so usually no FP/WF there (unless they are new ones)…

I’m assuming SonarQube works with issues (FP/WS included) the same way git works with code changes: you fix an issue in a work-branch, and the issue is fixed in master when you merge the branch back.
Is that correct?

Hi,

Again the behavior you want is available when you mark an issue FP/WF on a Pull Request not on a branch.

 
Ann

Ok, I get it; SonarQube does not support (yet) this workflow. I love SonarQube, I’ve seen what it does, and it really helps me be a better developer. I just want to use its full potential!

Pull Requests are great for new/changed code, but that’s only a part of my work. I need a workflow that helps me with technical debt, with the issues raised when analyzing the master branch.
This helps me get an updated measurement of the quality of my code.

Maybe this can do the trick, let me know what you think:

  1. Run sonar-scanner on the master branch.
  2. Create (and checkout) a Git branch (work-branch) to work on the reported issues.
  3. Mark FP/WF at the SonarQube master branch.
  4. Fix code issues at the Git work-branch.
  5. Create a SonarQube Pull Request to merge your changes into master.
  6. Fix code or mark FP/WF in the Pull Request as needed, until you pass your quality gate.
  7. Merge the Git work-branch into master.
  8. Run sonar-scanner on master.

Will this ensure that FP/WF don’t show up again in master?

2 Likes

Hey @alex.mera

I think the changes done with SONAR-14257 (in SonarQube v8.7) should help you, as long as you are using pull requests (and pull request analysis) to merge branches. This should let you mark issues either in the branch or pull request as FP/WF and have them brought to the master branch.

It would be great if you could test this! FYI, SQ 8.8 is probably dropping next week.

1 Like

Hi @Colin, great news!

I will contact the SomarQube admin, let’s see if we can update it and test this.

Thanks a lot Colin!