Issue with sonarqube pull request decoration integration with GitHub

• Annotation on GitHub pull request is not shown.
  Annotation/Comments on code for bugs is not visible in GitHub pull request,
  We have followed this doc https://docs.sonarqube.org/latest/analysis/pr-decoration/ for adding pull request decoration with Github, after the analysis, we see that there are issues/bugs reported by sonarqube which is visible in sonar dashboard but we are not able to see any annotation/comment on that code on GitHub dashboard.

Attached screenshot below to explain the issue, we can see that in the GitHub dashboard there are no issues is commented whereas if we see in the sonarqube dashboard we see there is a bug reported on line 13, If we see GitHub check dashboard below it says that there are 2 issues/bugs but it just points to sonarqube dashboard.

Sonar Scanner: 4.0.0.1744
Sonarqube: Developer Edition 8.1.0
Node: v13.5.0

collage-sonar-new4000×3000 815 KB

ce.log

2020.01.17 11:36:40 INFO  ce[AW-zSmjv5Te351AfMIYC][o.s.c.t.s.ComputationStepExecutor] Publish task results | status=SUCCESS | time=1ms
2020.01.17 11:36:40 INFO  ce[AW-zSmjv5Te351AfMIYC][o.s.c.t.s.ComputationStepExecutor] Trigger refresh of Portfolios and Applications | status=SUCCESS | time=0ms
2020.01.17 11:36:40 INFO  ce[AW-zSmjv5Te351AfMIYC][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Webhooks | globalWebhooks=0 | projectWebhooks=0 | status=SUCCESS | time=7ms
2020.01.17 11:36:41 DEBUG ce[AW-zSmjv5Te351AfMIYC][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:3370ab628bf98d2bbcde1c2797d4634, Subject:CN=*.github.com, O="GitHub, Inc.", L=San Francisco, ST=California, C=US, Issuer:CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US, Key type:RSA, Length:2048, Cert Id:-1712238821, Valid from:7/8/19, 12:00 AM, Valid until:7/16/20, 12:00 PM
2020.01.17 11:36:41 DEBUG ce[AW-zSmjv5Te351AfMIYC][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:4e1e7a4dc5cf2f36dc02b42b85d159f, Subject:CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US, Issuer:CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, Key type:RSA, Length:2048, Cert Id:-599509715, Valid from:10/22/13, 12:00 PM, Valid until:10/22/28, 12:00 PM
2020.01.17 11:36:41 DEBUG ce[AW-zSmjv5Te351AfMIYC][jdk.event.security] ValidationChain: -1410680354, -599509715, -1712238821
2020.01.17 11:36:41 DEBUG ce[AW-zSmjv5Te351AfMIYC][jdk.event.security]  TLSHandshake: api.github.com:443, TLSv1.3, TLS_AES_128_GCM_SHA256, -1712238821
2020.01.17 11:36:41 DEBUG ce[AW-zSmjv5Te351AfMIYC][jdk.event.security] ValidationChain: -1410680354, -599509715, -1712238821
2020.01.17 11:36:41 DEBUG ce[AW-zSmjv5Te351AfMIYC][jdk.event.security]  TLSHandshake: api.github.com:443, TLSv1.3, TLS_AES_128_GCM_SHA256, -1712238821
2020.01.17 11:36:41 DEBUG ce[AW-zSmjv5Te351AfMIYC][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@6531919b7 pairs: {GET /repos/tibin-mfl/sonar-prcheck HTTP/1.1: null}{Authorization: token v1.c608f6492219bcbd09ef7a310e1398b9522cb94b}{Accept-Encoding: gzip}{User-Agent: Java/11.0.5}{Host: api.github.com}{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}{Connection: keep-alive}
2020.01.17 11:36:42 DEBUG ce[AW-zSmjv5Te351AfMIYC][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@72c4765b25 pairs: {null: HTTP/1.1 200 OK}{Date: Fri, 17 Jan 2020 11:36:42 GMT}{Content-Type: application/json; charset=utf-8}{Transfer-Encoding: chunked}{Server: GitHub.com}{Status: 200 OK}{X-RateLimit-Limit: 5000}{X-RateLimit-Remaining: 4979}{X-RateLimit-Reset: 1579262339}{Cache-Control: private, max-age=60, s-maxage=60}{Vary: Accept, Authorization, Cookie, X-GitHub-OTP}{ETag: W/"7e1bbcb669a65047cc3eaa3be60d408e"}{Last-Modified: Fri, 17 Jan 2020 09:34:57 GMT}{X-GitHub-Media-Type: unknown, github.v3}{Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type}{Access-Control-Allow-Origin: *}{Strict-Transport-Security: max-age=31536000; includeSubdomains; preload}{X-Frame-Options: deny}{X-Content-Type-Options: nosniff}{X-XSS-Protection: 1; mode=block}{Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin}{Content-Security-Policy: default-src 'none'}{Content-Encoding: gzip}{Vary: Accept-Encoding}{X-GitHub-Request-Id: 83B4:0625:849636:B0FFAF:5E219C49}
2020.01.17 11:36:42 DEBUG ce[AW-zSmjv5Te351AfMIYC][o.k.github.GitHub] Rate limit now: GHRateLimit{remaining=4979, limit=5000, resetDate=Fri Jan 17 11:58:59 UTC 2020}
2020.01.17 11:36:42 DEBUG ce[AW-zSmjv5Te351AfMIYC][jdk.event.security]  TLSHandshake: api.github.com:443, TLSv1.3, TLS_AES_128_GCM_SHA256, -1712238821
2020.01.17 11:36:42 DEBUG ce[AW-zSmjv5Te351AfMIYC][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@2847af477 pairs: {GET /repos/tibin-mfl/sonar-prcheck/pulls/10 HTTP/1.1: null}{Authorization: token v1.c608f6492219bcbd09ef7a310e1398b9522cb94b}{Accept-Encoding: gzip}{User-Agent: Java/11.0.5}{Host: api.github.com}{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}{Connection: keep-alive}
2020.01.17 11:36:42 DEBUG ce[AW-zSmjv5Te351AfMIYC][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@394b3d8725 pairs: {null: HTTP/1.1 200 OK}{Date: Fri, 17 Jan 2020 11:36:42 GMT}{Content-Type: application/json; charset=utf-8}{Transfer-Encoding: chunked}{Server: GitHub.com}{Status: 200 OK}{X-RateLimit-Limit: 5000}{X-RateLimit-Remaining: 4978}{X-RateLimit-Reset: 1579262338}{Cache-Control: private, max-age=60, s-maxage=60}{Vary: Accept, Authorization, Cookie, X-GitHub-OTP}{ETag: W/"fbd3e2358f3808446016488df48d0dd4"}{Last-Modified: Fri, 17 Jan 2020 11:24:53 GMT}{X-GitHub-Media-Type: unknown, github.v3}{Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type}{Access-Control-Allow-Origin: *}{Strict-Transport-Security: max-age=31536000; includeSubdomains; preload}{X-Frame-Options: deny}{X-Content-Type-Options: nosniff}{X-XSS-Protection: 1; mode=block}{Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin}{Content-Security-Policy: default-src 'none'}{Content-Encoding: gzip}{Vary: Accept-Encoding}{X-GitHub-Request-Id: 83BA:0624:429B24:599921:5E219C4A}
2020.01.17 11:36:43 DEBUG ce[AW-zSmjv5Te351AfMIYC][o.k.github.GitHub] Rate limit now: GHRateLimit{remaining=4978, limit=5000, resetDate=Fri Jan 17 11:58:58 UTC 2020}
2020.01.17 11:36:44 INFO  ce[AW-zSmjv5Te351AfMIYC][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Pull Request decoration | status=SUCCESS | time=3632ms
2020.01.17 11:36:44 INFO  ce[AW-zSmjv5Te351AfMIYC][o.s.c.t.CeWorkerImpl] Executed task | project=test-project-sonar | type=REPORT | pullRequest=10 | id=AW-zSmjv5Te351AfMIYC | submitter=tibin-george-moonfroglabs-com23284 | status=SUCCESS | time=6908ms```

Hi,

Welcome to the community!

In fact, your screenshots show that the issues are visible in the GH checks interface. At the same time, we realize this isn’t visible enough, so we’re going to work on that.

 
Ann

Hi @ganncamp,
Thanks for responding, as I said issues are visible in the GH checks dashboard, but the feature I am looking for is the annotation/inline comments on GH dashboard for the reported issues/bugs.
We have moved from community edition to developer edition to use this feature, as per the doc GitHub Plugin will add inline comments on GH files changes dashboard like this, which is now replaced by pull request decoration on Developer Edition

Hi,

Could you point me to the docs in question? It looks like you’re referencing documentation from a plugin that was deprecated quite a while ago. The current functionality is to use the GH Checks interface. At the same time, we recognize that that doesn’t give as much visibility as desired, so we’re planning to address that, altho I think the details aren’t settled yet.

 
Ann

Thank you @ganncamp,
As you said I was referring to the depreciated part itself. The confusion here is because this doc https://docs.sonarqube.org/display/PLUG/GitHub+Plugin which is of depreciated plugin says “This plugin is deprecated, and its functionality more than replaced by the Developer Edition SonarQube 7.2+.”, so it is obvious for everyone who reads that all functionality in this plugin will be available in Developer Edition 7.2+ versions but it is not as pull request decoration feature is depreciated on recent builds.

Pull request decoration was a good feature in sonarqube as it would increase the productivity of developers as there will not require to switch between 2 dashboards to find issues and fix issues, GH checks dashboard doesn’t help much as I hope to see this feature in future versions soon.

Hi @ganncamp @Tibin_George_Kuriyan

We are also looking for the same feature… i.e issues are visible in the Github PR’s as below

SonarQube analysis reported 5 issues

MAJOR file.java#L21: Remove this assignment of “smartConfig”. rule
MAJOR file.javaL33: Remove this assignment of “balancer”. rule
MINOR files.py#L33: Remove the unused local variable “list_files”. rule
MINOR files.py#L35: Remove the unused local variable “root”. rule
MINOR files.py#L39: Remove the unused local variable “git_repo”. rule

Currently we are on Sonarqube 7.9LTS version.
Is this feature added in any of pull request decoration working versions?
Please let us know if this available.

Hi,

We’ve added a summary back to the conversation tab, but not the issue-by-issue comments you’re looking for; they tend to get stale.

 
Ann

Hi @ganncamp,
Thanks for responding, Please let us know if its possible to enable the “summary of analysis should be visible in the GitHub conversation tab” in the Sonarqube 7.9LTS version.

How to achieve this? Please suggest.

Thanks,

Hi,

Sorry, you’ll need to upgrade.

 
Ann