I’m looking into SonarQube as a solution for making Code Coverage PR Diff reports added as comments in PRs.
This is something SonarQube does, but it also supports many other kinds of static analysis. Although this additional static analysis is useful, it seems to be taking a substantial amount of time to scan and generate. For productivity, CI performance is a critical consideration, so I’d like to see if there are ways of getting better performance out of SonarQube for the purpose of a Code Coverage Diff metric only.
I’m wondering if it is possible to configure SonarQube / SonarScanner to only run the Code Coverage diff report, and not spend time running all of the other static analysis tools.
I’m stymied by why you wouldn’t want the additional information (such as the introduction of new reliability or security problems) on your PRs. But if you must do this, then create empty profiles and assign them to your project(s).
The additional information would be great! The primary use case that we’re interested in is PR-level code coverage diffs, but we’d gladly benefit from additional validations. We may decide it’s worth the hit to performance, but we’re seeing a significant performance issue with a particularly large repo. SonarScanner is taking over an hour to run, on top of building and running PR/CI tests, which is a lot.
This “empty profiles” sounds interesting! Are you talking about Quality Profiles?
Would you have any other suggestions worth looking into, to significantly improve performance?
Incremental analysis should be kicking in for PRs, but it requires that the underlying branch be analyzed first. Is that the case for you?
Yes. But note that the same Quality Profiles are applied for all analyses of a project. So if you want the rules turned off for PRs, you’ll have to turn them off for the entire project - branches too.
Let’s figure out why incremental analysis isn’t kicking in.
