Must-share information
Which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension):
SonarQube Community EditionVersion 9.1
SonarScanner 4.6.2
mc1arke/sonarqube-community-branch-plugin 1.9.0
GitLab Community Edition 13.12.11
GitLab Branch Source plugin 1.0.6
Jenkins 2.289.1
Jenkins Git Plugin 4.10.0
Similar problems on this forum:
These posts and their solutions has not worked on our issue
What are you trying to achieve:
We are configuring pull request analysis with Gitlab webhook to Jenkins. This provides “GitLab branch source plugin” the required git branches (target/source) and is supposed to build ${gitlabSourceBranch} and analyse the new code versus ${gitlabTargetBranch}.
This project is a large corporate software with multiple modules, and is build with Gradle.
What we have tried so far:
-
Works on a smaller Spring Boot project. Has configuration copied from this Jenkins job, but this Spring project uses maven to build the project
-
Changed New Code analysis from “Previous Version” to “Reference Branch”
-
Changed sonar-scanner JDK to Java 11 and also compiled the whole project in Java 11
-
Using refspec with only fetching source and target branch
-
Using “Honor refspec on initial clone” tried with both on/off no difference
-
Git plugin step “Clean before checkout”
Adds these commands on log output:
git rev-parse --verify HEAD
git reset --hard
git clean -fdx -
Git plugin configuration “Preserve second fetch for checkout”
Removes “Avoid second fetch” from log output -
Changed git plugin to use SSH rather than HTTP
Removed “skipping resolution of commit **********, since it originates from another repository” from log output
We have also updated the plugins and SonarQube + Gitlab to newer version
GitLab “Git shallow clone” is left blank so it should fetch all branches
None of these above mentioned test tries has changed the end result.
Sonar properties set:
sonar.language=java
sonar.sources=src/main/java
sonar.tests=src/test/java
sonar.java.binaries=build/classes
sonar.java.test.binaries=build/classes
sonar.java.libraries=…/…/client/lib/.jar
sonar.java.test.libraries=/tmp/jars/junit.jar
sonar.junit.reportPaths=build/test-results
sonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml
sonar.modules=module1,module2,module3,module4
sonar.projectBaseDir=directory/custom-extensions/custom-projects
sonar.java.source=11
sonar.java.jdkHome=/usr/java/jdk-11.0.10
sonar.login=username
sonar.password=password
sonar.java.libraries=/directory/jobs/SonarScanner_merge_request/workspace/**/client/lib/.jar
sonar.ci.autoconfig.disabled=true
sonar.pullrequest.key=${gitlabMergeRequestIid}
sonar.pullrequest.branch=${gitlabSourceBranch}
sonar.pullrequest.base=${gitlabTargetBranch}
sonar.log.level=DEBUG
sonar.analysis.mode=publish
Here is to my understanding the relevant snippet from Jenkins job log:
Triggered by GitLab Merge Request #1056: root/sonarqube_mergereq_test1 => sandbox
Running as SYSTEM
Building in workspace /var/lib/jenkins/jobs/SonarScanner_merge_request/workspace
[WS-CLEANUP] Deleting project workspace…
[WS-CLEANUP] Deferred wipeout is used…
[WS-CLEANUP] Done
The recommended git tool is: NONE
using credential JenkinsSshGitlabAccess
Cloning the remote Git repository
Honoring refspec on initial clone
Cloning repository git@git.company:root/custom-extensions.git/usr/local/bin/git init /var/lib/jenkins/jobs/SonarScanner_merge_request/workspace # timeout=10
Fetching upstream changes from git@git.company:root/custom-extensions.git
/usr/local/bin/git --version # timeout=10
git --version # ‘git version 2.9.5’
using GIT_SSH to set credentials Used for ssh access to gitlab
/usr/local/bin/git fetch --tags --progress – git@git.company:root/custom-extensions.git +refs/heads/:refs/remotes/origin/ # timeout=10
/usr/local/bin/git config remote.origin.url git@git.company:root/custom-extensions.git # timeout=10
/usr/local/bin/git config --add remote.origin.fetch +refs/heads/:refs/remotes/origin/ # timeout=10
/usr/local/bin/git config remote.origin.url git@git.company:root/custom-extensions.git # timeout=10
Fetching upstream changes from git@git.company:root/custom-extensions.git
using GIT_SSH to set credentials Used for ssh access to gitlab
/usr/local/bin/git fetch --tags --progress – git@git.company:root/custom-extensions.git +refs/heads/:refs/remotes/origin/ # timeout=10
/usr/local/bin/git rev-parse 6a25a03d74df2318938dfb033344b2a143d9d4ee^{commit} # timeout=10
/usr/local/bin/git branch -a -v --no-abbrev --contains 6a25a03d74df2318938dfb033344b2a143d9d4ee # timeout=10
Checking out Revision 6a25a03d74df2318938dfb033344b2a143d9d4ee (origin/sonarqube_mergereq_test1)
/usr/local/bin/git config core.sparsecheckout # timeout=10
/usr/local/bin/git checkout -f 6a25a03d74df2318938dfb033344b2a143d9d4ee # timeout=10
Commit message: “commit message”
/usr/local/bin/git rev-list --no-walk 6a25a03d74df2318938dfb033344b2a143d9d4ee # timeout=10
Cleaning workspace
/usr/local/bin/git rev-parse --verify HEAD # timeout=10
Resetting working tree
/usr/local/bin/git reset --hard # timeout=10
/usr/local/bin/git clean -fdx # timeout=10
.
.
.
15:45:59.277 INFO: SCM collecting changed files in the branch (done) | time=264ms
15:45:59.278 DEBUG: SCM reported 11 files changed in the branch
.
.
.
16:08:57.537 DEBUG: SCM revision ID ‘6a25a03d74df2318938dfb033344b2a143d9d4ee’
16:08:57.759 INFO: SCM writing changed lines
16:08:57.783 DEBUG: Merge base sha1: ced0107b7e0dd5afa3c0643f2efc1251968440a9
16:08:57.784 DEBUG: SCM reported changed lines for 0 files in the branch
The main question is why the log first states “SCM reported 11 files changed in the branch” and later “SCM reported changed lines for 0 files in the branch”?
At least this might be the reason why Sonarqube shows that there are nothing new, and i have also created bugs on this branch for SonarQube to find for testing purposes.
Any help or ideas on what to try are greatly appreciated