I want to get a scan result for a PR & the specific revision the scan was made for. It seems there is no way to do that. I have tried the following endpoints:
- api/qualitygates/project_status - does not contain “revision” in the result
- api/project_pull_requests/list - does not contain “revision” in the result
- api/project_analyses/search - contains “revision”, but does not list pull requests
Is there any way to get the analysis result for a PR + revision id via the Web API that I missed? Or to retrieve that data via a combination of API calls?
I am using SonarQube - Developer Edition - Version 9.9.1 (build 69595)
So since there seems to be no actual way of determining what revision was an analysis done on for a pull request, I suggest adding as a feature a flag parameter to
api/project_analyses/search, which would make the API endpoint include PR analyses too.
This is some pretty basic data & I assume it would be straightforward to add.
Take a look at the
api/project_analyses/search API. Its response includes the revision.
Hi, thanks for the response.
The suggestion does not work, because as I wrote in the initial message, the
api/project_analyses/search endpoint does not include PR scans.
Or am I missing something and it is possible to somehow list PR scans with it? Or is it a bug with the
@ganncamp Can you confirm that
api/project_analyses/search not including PR scans is a bug?
Toggle visibility of
internal API and you’ll see the
branch parameter. Why is it marked
internal? I think we just forgot to make it public.
Fair enough. The results you get back from this endpoint correspond to what shows up on a branch’s Activity tab, and there is no Activity tab for PRs.
That’s because we don’t keep history on PR analyses. What you see is always the result of the latest version of the PR. So it’s self-answering: which revision does this PR data correspond to? The lastest.
So it’s self-answering: which revision does this PR data correspond to? The lastest.
Not necessarily. The PR can have received new commits & sonar’s last PR scan will be out of date until a new scan is run on the PR. So until that happens - the PR data/scan will correspond to an older revision/commit than the latest one on the PR.
My goal is to determine whether the PR scan in sonar is actually of the last commit/revision that is in the PR or whether it is out-of-date, of an older commit/revision. The history is not important.
I need to know whether it is an up-to-date scan to be able to apply business rules to the PR according to the sonar result & I cannot do that if I am working off an old scan which does not have the latest changes.
@ganncamp I think this is a considerable, basic use-case, to determine whether a scan is of the latest revision. It can be pretty simply implemented by having
api/project_pull_requests/list also return the revision. It already returns various data on PR scans, so adding a revision field seems very straightforward.
I know the data is there, because PR decorations actually happen not on PRs, but on commits/revisions. The github GUI just shows the decorations of the last commit/revision on the PR. So sonarqube has to know the revision to be able to decorate PRs.
Can this be considered for implementation?
I’ve moved this to the Product Manager for a Day category, since the feature doesn’t exist. I’ll flag it for the (full time) PMs’ attention.
Sound good, thanks Any estimate on putting it into a release?
I wouldn’t hold my breath.
Unfortunate. This does seem like a big deficiency that looks more like a bug than a feature request though, since SonarQube literally does not provide a way to tell if the scan is from the latest code or not.
Thank you for taking the time to explain your need.
The addition of this information is under consideration. Once it becomes available, it will be accessible from both SonarQube UI and the API.