We are in the process of integrating SonarQube scans across our repos, but are running into some problems along the way.
We currently have one product repo integrated with a SonarQube scan using the SonarScanner for MSBuild, and it’s being used as a proving ground for getting the overall process correct. The repo mostly follows the standard Gitflow process with an additional long-running
develop branch off
master. The branch structure is basically:
/ hotfix/789 / hotfix/xyz master \ develop \ feature/abc \ feature/123 \ bugfix/1234
We have the
develop branch set up in the SonarQube UI to be the project’s main branch, since
develop is main in the Gitflow process.
Our general approach has been to resolve all issues in code that SonarQube flags, by both utilizing SonarLint and running scans in feature branches and making code changes to address the issues before merging to
develop. However, we had one issue get flagged by SonarQube in our
develop branch that we decided to resolve as “won’t fix” in the SonarQube UI instead.
Upon merging to
master, this same issue was flagged by SonarQube unexpectedly. After some brief research, it appears this was caused by not setting the
/d:sonar.branch.target scanner parameter when scanning
develop. The script that runs SonarScanner was updated to pass this parameter to the scanner when running on
develop, with the target of course being
master. However, this failed with the error:
ERROR: The main branch must not have a target. I did not find this info in the documentation anywhere.
The easiest solution to this would seem to be setting
master as the main branch, but it appears that can only be done during the initial scan. We have been using the project for a couple months now, so starting over with a base scan is really not an ideal solution.
How can we easily fix this situation so we can have issues resolved in our
develop branch synced to
master? Right now if we want to resolve issues in the UI, we are stuck doing it twice: Once in
develop, and a second time in
master. The worst part is we need to wait for the
master scan to fail with the flagged issues before we can resolve them. This is definitely not optimal.
Please let me know if you need any more info.
We are using the following:
SonarQube Enterprise v7.9.2
SonarScanner for MSBuild v188.8.131.521