How to work with long-lived branches and assigning the default branch?

We run SonarQube Developer Edition, version 7.9.2 (build 30863) and the only way we could set long-lived branches is through defining a pattern in Adminstration > Configuration > Detection of long lived branches, where we changed the default RegEx from (branch|release)-." to "((master|release|develop)-.)".

The way we had to implement that was to run the first analysis without any mention of the key “sonar.branch.name” via CLI, a sonar-project.properties file or in the Jenkinsfile.

So, a few questions:

  1. is there any way to check Sonarqube for a master branch?
  2. We tried to use the key “sonar.branch.longLivedBranches.regex” to define a pattern in the project’s pom.xml. No matter what we tried in the <sonar.branch.longLivedBranches.regex>, it does not overwrites the pattern defined in Administration > Configuration > Detection of long-lived branches.
  3. Is there a way to have the same dashboard for all long-lived branches? For instance, we check for vulnerabilities against the OWASP dependency-check database and run a license check plugin for every build, but there features are only available for the branch (develop or master) annotated with “Main branch”.

Hi,

It’s also possible to create the project through provisioning. That creates the shell, which you can then configure before the first analysis.

Sorry, I don’t understand the question

Not everything is definable via analysis properties. In general, if it’s presented in the GUI, you should default to managing it there.

Uhm… each long-lived branch has its own dashboard, which presents all the same information as the one for master

 
HTH,
Ann

Hi,

As for 1) the idea would be to check whether there is a Main Branch already, regardless of its name. Maybe via an API call? And adjust the pipeline command to add the sonar.branch.name key.

For 2), yes. That’s not terrible, I just hoped it would be more flexible.

For 3), yes. The dashboard for the long-lived branches are fine and have the same look, but we only the the More dropdown menu for the Main Branch, where the licence-check report and dependency-check report can be accessed.

Hi @gtludwig,

  1. Yes, you can call /api/project_branches/list. This will return a list of branches, and one of them will have the isMain flag set to true. This is the “Main Branch” (defaults to master)
  2. Like Ann said, you cannot set project properties during analysis (well, there are a few exceptions; but the rule of thumb is, don’t do it :slightly_smiling_face: ). This is because they have an impact across the whole project, regardless of the branch you’re analyzing. The regex is a perfect example of this: it has nothing to do with the branch you’re currently analyzing, but rather tells the project how to deal with this branch when the analysis is processed by SonarQube.
  3. This is actually a debate that was not solved before 7.9 got released… But because it’s not a security problem, we likely won’t fix it in this LTS. In a nutshell, extensions cannot tell if they support branches, so to avoid confusion, the menu only showed up for the Main Branch. But, if the extension has branch support, it will work. The links don’t show up in the menu, but the URL is valid. For instance, if your extension is accessible at project/extension/foo/bar?id=key for the Main Branch, it will be available for another branch (say, develop) at project/extension/foo/bar?id=key&branch=develop. This will pass the branch information to the function that bootstraps the extension. Again, not all extensions support branches, so it may not work.

Hope this helps. Let me know if you need help on providing branch support to custom extensions.