We are trying to integrate SonarQube analysis for the Pull Request validation pipeline from Jenkins. Pull requests originates from the developer’s feature branch, but it is scanning the entire feature branch, we wanted to scan the changed files in the feature branch.
.
Using the SonarQube server v8.9.3
Hi @ganncamp ,
configured it in the Jenkins but it is scanning the entire codebase instead of Pull Request. below is my sonar properties.
- sonar.host.url=https://sonar.callawaygolf.com/sonar
- sonar.java.binaries=**/classes
- sonar.login=******
- sonar.projectBaseDir=/devops/jenkins/workspace/workspace/tm_cicd_b2c_dev/builds/hybris_repo/git
- sonar.projectKey=tm_na_b2c_hybris_commerce
- sonar.projectName=tm_na_b2c_hybris_commerce
- sonar.projectVersion=1.0
- sonar.pullrequest.base=dev_tm_na
- sonar.pullrequest.branch=dev_ci-cd
- sonar.pullrequest.key=8346
- sonar.sources=hybris/bin/custom
Thanks,
Uday
Hi Uday,
Can you add -Dsonar.scanner.dumpToFile=[file path] to your analysis command line so we can see what parameters (full list & final values) the analysis is getting?
Ann
build-wrapper-dump.json (3.7 KB)
Hi @ganncamp
Please find the attached dump file
Hi Uday,
Thanks for the properties file. I see that the PR properties are present.
Note that your analysis token is also present. You’ll want to invalidate that one and issue a new one.
So even with the PR parameters present, you’re saying that SonarQube is reporting all issues and metrics, on both new and old code?
Ann
So even with the PR parameters present, you’re saying that SonarQube is reporting all issues and metrics, on both new and old code?
-Yes, that is the issue i am facing
Hi,
Would you mind sharing some screenshots?
And just to make sure, you’re on a commercial edition of SonarQube, right?
Ann
@ganncamp Please see the attached screen shots
PR is having only one file change, but it is scanning a lot of files
Hi,
Thanks for the screenshots. The warnings picture was the key one. It shows that your PR analysis isn’t finding SCM information for ~5k files. I’m assuming that’s your entire project, and that would be the root problem. PR analysis uses SCM data to determine which files and lines are new. Without that data, you’ll get what you’ve been experiencing: everything is included in the analysis.
HTH,
Ann