Integration of GITHUB with Sonarqube for PR Checks Decoration

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    -> SonarQube 7.7 Developer Edition.

  • what are you trying to achieve
    -> Trying to integrate GitHub with Sonarqube for PR checks decoration

  • what have you tried so far to achieve this
    -> I created GitHub App as per documentation instructions https://docs.sonarqube.org/7.7/instance-administration/github-application/ and then configured the Sonarqube global settings instance…
    Key: sonar.pullrequest.provider :-GitHub
    sonar.pullrequest.github.endpoint :- https://github.com/minty-22
    sonar.alm.github.app.name :- SonarQubePRChecks
    sonar.alm.github.app.id :- 120
    sonar.alm.github.app.privateKey.secured :base64 -pemKey

Even in the project repository identifier …Adminsitration->General Settings->Pull Requests…I set the
sonar.pullrequest.github.repository :-https://github.com/sampleProject

I am using sonar-scanner plugin in my maven project pom.xml

org.sonarsource.scanner.maven
sonar-maven-plugin
3.4.0.905

And <sonar.host.url>http://…</sonar.host.url>
<sonar.projectKey>{project_key}</sonar.projectKey>
<sonar.projectName>{projetc_name}</sonar.projectName>
<sonar.projectVersion>1.0</sonar.projectVersion>
When I do mvn clean install + mvn sonar:sonar it runs and display the code coverage on the Sonarqube Dashboard but I didn’t see anything in the sonar logs for PR checks decoration.
And after doing all this I am unable to see the any PR checks in the GitHub …so do I need to do anything else to make Sonarqube and GitHub talk with each other for PR checks decoration?
What other steps I need to do to get PR checks decoration work?
Please help me
Thanks in advance.

Hi,

Welcome to the community!

First, I need to point out that 7.9.1 is the latest SonarQube version and the current LTS. You should consider upgrading at your earliest convenience.

I’ve just fired up a 7.7 DE instance to double-check. At a minimum you’ve misunderstood sonar.pullrequest.github.endpoint. The in-UI field explanation is this:

The API url for a GitHub Enterprise instance, for instance https://github.company.com/api/v3

So apparently your value should be https://github.com/api/v3, not https://github.com/minty-22.

And then at the project level, you also appear to have misconfigured sonar.pullrequest.github.repository. The in-UI explanation gives an example value of SonarSource/sonarqube. Note that there’s no “https://github.com” in there. Other fields have identified where your GHE enterprise is. This field asks for a value within that instance. I’m guessing your value would be something like minty-22/sampleProject.

So… without seeing all your key/value pairs, I can only suggest that you re-examine each one and make sure the values you’ve filled in conform to the in-UI descriptions and/or examples.

 
HTH,
Ann

Hi Ann ,
Thanks for the reply.
After making the changes in the Sonarqube settings as per your suggestion to change the inputs…I am getting one link as “See the PR” in the Sonarqube dashboard under my project name but not seeing any code there.And ,Github in the pull request ->checks tab I am getting Github App reflecting but nothing showing there as the analysis .
Only under the Sonarqube GitHub App ,reflecting “Queued 12 hours ago” & “Re-run all”.
Why I am getting this…Am I making any more mistakes?
Please help me .

Hi,

I don’t understand what this means. Screenshot?

Is the PR passing its quality gate? From checking our own PRs, it doesn’t look like you’ll see much in GH when the PR passes. It’s when it fails that the Checks tab lights up.

 
Ann

Hi Ann,
Thanks for the reply.

Now I am getting in my Sonarqube under the Project->Overview as “See the PR” link beside Passed but as you can see in the screenshot there is no lines of code it is showing, only “0.0% Duplications on 86 new lines” it is reflecting which is nothing but the pom.xml lines of code.

And,In Github,it is only showing this under the Pull Requests->Checks Tab but no analysis and no code review

While doing mvn sonar:sonar…I am getting the following warnings:-
[INFO] SCM provider for this project is: git
[INFO] 9 files to be analyzed
[INFO] 0/9 files analyzed
[WARNING] Missing blame information for the following files:
[WARNING] This may lead to missing/broken features in SonarQube.

Please help me in this.

Hi,

What are the file extensions of the files changed in this PR? i.e. are we talking about analyzable code files, or something else?

 
Ann

Hi Ann,

The extensions of the files are .java .Earlier it was running fine without giving any warning but after trying to do integration of GitHub with Sonarqube its giving me this error.Its not scanning the sub-modules of the project, its only scanning the pom.xml of the aggregator module.

Hi,

Your git clone isn’t shallow, is it? That causes problems with recognizing what code is ‘new’.

 
Ann