Maven plugin does not populate sonar.pullrequest values

SonarQube Cloud
, , , ,
1

The Sonar analysis is working, but the pull request information is getting lost. All analysis is posted against the main branch even though the environment is populated with the branch and pull request information.

Using SonarCloud with Maven plugin 3.9.1.2184, running in Jenkins 2.332.1 with GitHub and Sonar plugins installed (latest) in a Jenkins declarative pipeline. The pull request is initiated on a public GitHub repo, but the Jenkins build is behind a firewall.

With the dumpfile property, I can see that none of the sonar.pullrequest.* values are injected even though the environment has values for CHANGE_BRANCH, CHANGE_TARGET, etc. The dumpfile ENV values match the environment (as expected). The documentation for Sonar says that sonar.pullrequest.base, .branch, and .key should be populated when using Jenkins pipeline with withSonarQubeEnv(). But, I am not seeing that behavior. What am I doing wrong? Or what needs to happen to fix this?

From dumpfile:

env.BUILD_NUMBER=16
env.CHANGE_ID=1103
env.CHANGE_TARGET=main
env.CHANGE_BRANCH=sonar-analyze

From Jenkins environment:

[Pipeline] sh
+ env
+ sort
BRANCH_NAME=PR-1103
BUILD_DISPLAY_NAME=#16
BUILD_ID=16
BUILD_NUMBER=16
BUILD_TAG=****
BUILD_URL=****
CHANGE_AUTHOR=****
CHANGE_AUTHOR_DISPLAY_NAME=****
CHANGE_BRANCH=sonar-analyze
CHANGE_ID=1103
CHANGE_TARGET=main
...
GITHUB_TOKEN=****

My Sonar scan step from the Jenkins pipeline:

            steps {
                withSonarQubeEnv('SonarCloud') {
                    withCredentials([string(credentialsId: '***masked***', variable: 'GITHUB_TOKEN')]) {
                        sh 'mvn -B sonar:sonar -Dsonar.projectKey=***masked***'
                    }
                }
            }

The Sonar configuration on Jenkins configuration page has injection of environment variables enabled.

1 Like
3

Hey there.

SonarCloud does not automatically detect these values when running in Jenkins. You will need to configure your build to pass the right environment variables to ‘sonar.pullrequest.*’ analysis parameters. See the documentation here .

Can you point me to where you see this documented?

1 Like
4

This Jira seems to imply that it does: [SONAR-11853] Auto-configuration pull requests on Jenkins - SonarSource

But as you suggested, I changed the Jenkinsfile to this, and it works (just messy).

    def changeUrl = env.GIT_URL.split("/")
    def org = changeUrl[3]
    def repo = changeUrl[4].substring(0, changeUrl[4].length() - 4)
    if (env.CHANGE_ID != null) {
        sh "mvn -B sonar:sonar \
            -Dsonar.projectKey=${org}_${repo} \
            -Dsonar.pullrequest.provider=GitHub \
            -Dsonar.pullrequest.github.repository=${org}/${repo} \
            -Dsonar.pullrequest.key=${env.CHANGE_ID} \
            -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH} \
            -Dsonar.pullrequest.base=${env.CHANGE_TARGET}"
    } else {
       sh "mvn -B sonar:sonar \
           -Dsonar.projectKey=${org}_${repo} \
           -Dsonar.branch.name=${env.BRANCH_NAME}"
    }
1 Like
5

Hey there.

While that ticket was implemented in SonarQube, it wasn’t for SonarCloud. And, I’ll add your topic to my running-list of threads to help me convince the powers that be that we should do the same for SonarCloud :wink: Thanks.

2 Likes