Hi, we have an Azure DevOps GIT project that we are analyzing using SonarCloud on Pull Requests.
we however see that the analysis of the PR includes changes of previous pull requests. What are we doing wrong?
under the settings in sonarcloud, under “new code”, we have set Number of days 30, but as I understood your documentation, this will only apply to mainline branch, and the PR will always look at only the PR changes?
Our yaml pipeline contains the following part of code
under the settings in sonarcloud, under “new code”, we have set Number of days 30, but as I understood your documentation, this will only apply to mainline branch, and the PR will always look at only the PR changes?
Yes, this should not reflect the changes done in the PR as they are compared with the reference branch.
Can you tell me what warnings did you get? It looks you have: “Last analysis had 2 warnings” popup at the top of the screen.
Do you have the “Shallow fetch” option enabled for your Azure Pipeline? And if you do, can you disable it and make sure the full repository gets checked out:?
We actually have a custom checkout procedure because our repository has so many tags because all of the pull request, that it was taking much longer to checkout.
I think I can add one extre detail: we don’t run a new analysis on the mainline branch after a PR succeeds, to save some build time. It does look that it checks the PR analysis versus the last analysis of the mainline in which we are merging, is that possible?
It looks like you are fetching the pull-request branch with --depth set to 1 and you only checkout the pull request branch. I reproduced your case and was able to make it work, by checking out the target branch and increasing depth. You have to tweak the depth parameter so the scanner can know merge-base between branches.
Do you have this error:
Could not find ref: master in refs/heads, refs/remotes/upstream or refs/remotes/origin
or
WARN: No merge base found between HEAD and refs/remotes/origin/master
I didn’t find “could not find ref:”
but I did find “WARN: No merge base found between HEAD and refs/remotes/origin/develop”
after adding a depth of 100 I didn’t see that warning anymore, so I’ll be monitoring the analysis for the upcoming week and I’ll let you know if that fixed it.