We are using SonarQube 7.7 developer edition in my team. We’re scanning Java code, and we have installed the PMD and Findbugs plugins. Here are some version information:
- SonarQube, 7.7.0.23042
- SonarJava, 5.11 (build 17289)
- Findbugs, 3.11.0
- PMD, 3.2.1
- Git, 1.8 (build 1574)
- Gradle sonarqube scanner, 2.7
- The operating system that SonarQube and the scanner runs on is: Windows 7 Enterprise, Version 6.1 (Build 7601: Service Pack 1)
When setting the PR target to a branch that is not master, SonarQube does not display that the target branch is not master. Specifically in our case, the branch is a short-lived branch. I read from in another issue that this should have been fixed, as also shown on the Jira task. The Jira task was closed 3 days ago as a duplicate, so I’m unsure if the fix is available in the versions I’ve specified, but according to the other discussion thread it seems so. I have not tested how the behaviour is for long-lived branches.
I’ve made sure that the git repo is not shallow, and specifically fetch the target branch via
git fetch --no-tags origin +refs/heads/feature/MY-BRANCH-NAME:refs/remotes/origin/feature/MY-BRANCH-NAME
Previously we erroneously only fetched the master branch, regardless of the target branch, and got a warning on SonarQube. However, after fetching the correct target branch the warning has disappeared. We’re then scanning the code with a Jenkins node with the following parameters:
gradle --info sonarqube -Dsonar.projectVersion=$GIT_COMMIT
-Dsonar.pullrequest.branch=$BRANCH_NAME
-Dsonar.pullrequest.key=$CHANGE_ID
-Dsonar.pullrequest.base=$CHANGE_TARGET
-Dsonar.pullrequest.bitbucketserver.project=$BITBUCKET_PROJECT
-Dsonar.pullrequest.bitbucketserver.repository=$BITBUCKET_REPO
which resolves to (some values censored):
gradle --info sonarqube -Dsonar.projectVersion=SOME_VERSION
-Dsonar.pullrequest.branch=PR-357
-Dsonar.pullrequest.key=357
-Dsonar.pullrequest.base=feature/MY-BRANCH-NAME
-Dsonar.pullrequest.bitbucketserver.project=SOME_PROJECT
-Dsonar.pullrequest.bitbucketserver.repository=SOME_REPOSITORY
After the analysis the PR dashboard shows the following:
Notice that it says “for merge into master from PR-357”, i.e. the incorrect target branch. Please note, that the warning is due to the fact that we don’t have a personal access token available yet, as seen in the following screenshot:
As you can see from the screenshots, there are no code changes. This is because the PR just includes changes to the SonarQube scanning configuration, such that I could fetch the currect target branch as previously mentioned.
In the analysis log the following appears:
The target branch 'feature/MY-BRANCH-NAME' is not a long branch. Using its own target instead: 'master'
I’m guessing that “long branch” means a long-lived branch. That would seem to indicate that the issue, despite what is mentioned in the other thread I mentioned. It’s interesting then that, despite the fact that I’m not fetching the master branch, and that the target branch is changed master, there is no warning that the master branch cannot be located.
In conclusion
The sonar.pullrequest.base property does not work for short-lived branches, and will always target the master branch when specifying short-lived branches.
.