I’m using Sonarqube community edition 8.9
I’m setting up Sonarqube analysis via Jenkins on some projects on Github in my organisation.
My main goal is:
- To have PR/branch analysis done for the project.
- To understand what the current state of code quality is in the master branch so that teams can fix the issues.
This has been my current setup:
- 1 jenkins job that builds the code on master branch and runs sonar scan once every day.
- 1 jenkins job that gets triggered when someone creates a PR on their own branch so that they can merge into master. When the PR is created, this job builds the code and then runs sonar scan which then shows as a PR check on Sonarqube server and the PR gets decorated as well.
- Do I really need to have the 1st jenkins job or I can run sonar scan just once on the master branch (the very first analysis manually) and leave it at that?
- In order for PR analysis to produce the right metrics, is it necessary for sonar scan to happen first (in sequence) on the master branch ?
- Is this documented anywhere on sonarqube documentation? I could not find anything.
Welcome to the community!
Unless your project takes a very long time to build/analyze, it’s considered best practice to (rebuild and) re-analyze with every commit. Once a day is a good minimum.
Are you asking whether your job should analyze the main branch right before it analyzes the PR? Not necessary. We detect what’s new in the PR based on SCM information (branch date of the underlying branch) so you don’t need to seed PR analysis with main analysis first.
Fair question and good point. It’s not. Our docs focus on the how rather than the why/when. And I’ll bring this up internally.
Firstly thanks a lot for responding. Really appreciate
The reason why I asked the first question is because I do not know how people in general approach sonar analysis of master branch when they also have PR/branch analysis setup. So I can safely assume that I can continue to run a dedicated CI job that runs sonar scan on master branch daily. Right?
For your question to my 2nd question “Are you asking whether your job should analyze the main branch right before it analyzes the PR?”
No. My question is when I onboard a codebase/repository to sonarqube for the very first time, should I consider running a 1 time sonar scan on the master branch first to generate baseline code quality metrics, and then enable PR/branch analysis for it?
I’d say that’s a good practice. At a minimum, it verifies that your pipeline is set up correctly.