MR decoration of scans with results in Gitlab not shown

  • Latest K8s * Developer Edition
  • Version 9.5 (build 56709)
  • MR decoration of scans with results in Gitlab not shown
  • Added configuration and Gitlab integration, results added to sonarcube but i dont see MR’s decorated
    gitlab-ci.yml
sonarqube-check:
  stage: test
  <<: *ci_img
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script: gradle sonarqube -Dsonar.qualitygate.wait=true
  allow_failure: true

build.gradle

plugins {
  id 'java'
  id 'checkstyle'
  id "org.sonarqube" version "3.4.0.2513"
}

sonarqube {
  properties {
    property "sonar.projectKey", "xxxxxxx"
    property "sonar.qualitygate.wait", true
  }
}

when running the scan we get this error:


$ gradle sonarqube -Dsonar.qualitygate.wait=true
Welcome to Gradle 6.8.3!
Here are the highlights of this release:
 - Faster Kotlin DSL script compilation
 - Vendor selection for Java toolchains
 - Convenient execution of tasks in composite builds
 - Consistent dependency resolution
For more details see https://docs.gradle.org/6.8.3/release-notes.html
Starting a Gradle Daemon (subsequent builds will be faster)
FAILURE: Build failed with an exception.
* Where:
Build file '/builds/prismacloud/iam/pcs-iam-ingestion/build.gradle' line: 18
* What went wrong:
A problem occurred evaluating root project 'prisma-iam-ingestion'.
> No signature of method: build_xxxxxx.sonarqube() is applicable for argument types: (build_xxxxx$_run_closure1) values: [build_xxxxx$_run_closure1@3a931fcd]

The build.gradle you shared is shorter than 18 lines – can you share the full one (at /builds/prismacloud/iam/pcs-iam-ingestion/build.gradle)?

Hi Colin,

Not sure i can share the whole file will check,
anyway this is the only relevant code for sonarcube we are using our own image with gradle 6.8.1

Well since the error is at line 18 of this build.gradle file… it sure seems relevant.

Hi here is the beginning of the file including line 18

buildscript {
  repositories {
    mavenCentral()
    dependencies {
      if(project.hasProperty('sealights')){
        classpath 'io.sealights.on-premise.agents.plugin:sealights-gradle-plugin:3.1.777'
      }
    }
  }
}

plugins {
  id 'java'
  id 'checkstyle'
  id "org.sonarqube" version "3.4.0.2513"
}

sonarqube {
  properties {
    property "sonar.projectKey", "prismacloud_iam_pcs-iam-ingestion_xxxxxxxx"
    property "sonar.qualitygate.wait", true
  }
}

line 18 is the sonarqube part

Hi i now get the job run successfully but with no mr decoration still:

sonarqube-check:
  stage: test
  <<: *ci_img
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    - export JAVA_OPTS="-Xmx1024m -XX:+HeapDumpOnOutOfMemoryError"
    - gradle sonarqube -Dsonar.qualitygate.wait==true -Dsonar.qualitygate.timeout=1000
  allow_failure: true
  tags:
    - k8sdev-app
    - eks
> Task :sonarqube
Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
Use of preview features have been detected during analysis. Enable DEBUG mode to see them.
Use of preview features have been detected during analysis. Enable DEBUG mode to see them.
Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.
Use of preview features have been detected during analysis. Enable DEBUG mode to see them.
Use of preview features have been detected during analysis. Enable DEBUG mode to see them.
BUILD SUCCESSFUL in 9m 14s
11 actionable tasks: 11 executed
Saving cache for successful job
00:07
Creating cache sonarqube-check-5-non_protected...
.sonar/cache: found 145 matching files and directories 
No URL provided, cache will be not uploaded to shared cache server. Cache will be stored only locally. 
Created cache
Cleaning up project directory and file based variables
00:00
Job succeeded

Any news on how to proceed
scans succeed
we configured it properly so what’s missing for MR decoration ? Help needed

Hey there.

Can you confirm that the required details are set for GitLab Integration at the project-level? You can check in the project-level Project Settings > General Settings > DevOps Platform Integration

Hi Thanks for the update !

Did everything that is mentioned in the Doc Passed the Env of the SONAR_TOKEN and the URL variables through the CI
Also added the app and the scan config to gitlab-ci.yaml
Configured the global integration and projects were added also.

We are using gitlab runners

In Project setting Devops integration:
I see we have a Configuration name with the url of the api and i have a project key also when i click test configuration
i get configuration is valid
Any suggestions on how we can resolve this issue ?

i do have one warning which is:

Shallow clone detected during the analysis. Some files will miss SCM information. This will affect features like auto-assignment of issues. Please configure your build to disable shallow clone.

Added this took care of the warning:

variables:
  SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
  GIT_DEPTH: "0"
cache:
  key: "${CI_JOB_NAME}"
  paths:
    - .sonar/cache

Latest run passed with no MR decoration

Task :sonarqube
QUALITY GATE STATUS: PASSED - View details on https://sonarqube-dev.k8sdev.prismacloud.io/dashboard?id=prismacloud_iam_pcs-iam-ingestion_xxxxxxxx&branch=IVG-5737-sonarqube
Analysis total time: 3:00.611 s
:sonarqube (Thread[Execution worker for ‘:’,5,main]) completed. Took 3 mins 5.494 secs.
BUILD SUCCESSFUL in 19m 12s
17 actionable tasks: 17 executed
Created user preferences directory.
Saving cache for successful job

It looks like branch analysis was performed, rather than pull request (merge request, in GitLab terms) analysis.

Are you running your job on merge_requests?

we are running on every branch with an MR open:
I am missing this config in gitlab-ci.yaml

only:

  • merge_requests

because when i added it to the job the job disappeared from the pipeline
is this the reason it doesn’t work ?

There’s a distinction to be made between branch pipelines and merge request pipelines – you can read about it in this documentation:

And, as the docs state, merge request pipelines:

  • Do not run by default. The jobs in the CI/CD configuration file must be configured to run in merge request pipelines.

Thanks for the update !
we use the following to avoid duplication the job still runs on merge request:
https://stackoverflow.com/questions/70290807/difference-between-different-gitlab-ci-merge-request-rules

Is this what’s causing the issue ?

workflow:
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
      when: never
    - when: always