I want to get a scan result for a PR & the specific revision the scan was made for. It seems there is no way to do that. I have tried the following endpoints:
api/qualitygates/project_status - does not contain “revision” in the result
api/project_pull_requests/list - does not contain “revision” in the result
api/project_analyses/search - contains “revision”, but does not list pull requests
Is there any way to get the analysis result for a PR + revision id via the Web API that I missed? Or to retrieve that data via a combination of API calls?
I am using SonarQube - Developer Edition - Version 9.9.1 (build 69595)
So since there seems to be no actual way of determining what revision was an analysis done on for a pull request, I suggest adding as a feature a flag parameter to api/project_analyses/search, which would make the API endpoint include PR analyses too.
This is some pretty basic data & I assume it would be straightforward to add.
Toggle visibility of internal API and you’ll see the branch parameter. Why is it marked internal? I think we just forgot to make it public.
Fair enough. The results you get back from this endpoint correspond to what shows up on a branch’s Activity tab, and there is no Activity tab for PRs.
That’s because we don’t keep history on PR analyses. What you see is always the result of the latest version of the PR. So it’s self-answering: which revision does this PR data correspond to? The lastest.
So it’s self-answering: which revision does this PR data correspond to? The lastest.
Not necessarily. The PR can have received new commits & sonar’s last PR scan will be out of date until a new scan is run on the PR. So until that happens - the PR data/scan will correspond to an older revision/commit than the latest one on the PR.
My goal is to determine whether the PR scan in sonar is actually of the last commit/revision that is in the PR or whether it is out-of-date, of an older commit/revision. The history is not important.
I need to know whether it is an up-to-date scan to be able to apply business rules to the PR according to the sonar result & I cannot do that if I am working off an old scan which does not have the latest changes.
@ganncamp I think this is a considerable, basic use-case, to determine whether a scan is of the latest revision. It can be pretty simply implemented by having api/project_pull_requests/list also return the revision. It already returns various data on PR scans, so adding a revision field seems very straightforward.
I know the data is there, because PR decorations actually happen not on PRs, but on commits/revisions. The github GUI just shows the decorations of the last commit/revision on the PR. So sonarqube has to know the revision to be able to decorate PRs.
Unfortunate. This does seem like a big deficiency that looks more like a bug than a feature request though, since SonarQube literally does not provide a way to tell if the scan is from the latest code or not.