Hi SonarCloud users,

We are happy to announce that we deployed a new feature to display the result of the Pull Request Analysis in one place inside the Checks tab of your Pull Request in GitHub

What to expect ?

As a result of the analysis, you’ll be able to see in the Checks tab for SonarCloud :

• Whether the result of the analysis is a success or not
• The number of open issues in your Pull Request if you have any
• The coverage and duplication information
• And a link to your PR in SonarCloud to dig in if you need

What will you gain ?

With this new feature, you’ll be able to concentrate on discussing with your pairs in the Conversation tab while having analysis results in a dedicated place.

We removed the comments posted by SonarCloud on each analysis that were not removed previously and polluted the Conversation tab.

How to enable the feature?

In order to enable this feature, please make sure you have accepted the SonarCloud GitHub App Request to add the “checks:write” permission (this permission was asked mid-december 2018).

Please be aware that in all cases, all the previous analysis comments will be deleted from the Conversation tab of the Pull Request. You’ll still be able to see your PR analysis results in SonarCloud.

Current limitations

• It’s not possible to re-run the PR analysis from Checks

• The Checks Suites are created automatically for every repository the SonarCloud has access to with a QUEUED status, even if there are no analysis launched on this PR.

• As you will see, we decided for now to not display issues that are discovered in the code of the Pull Request (as well as issues that are not in the code).
  The reason is that with Checks, we first wanted to use Annotations to display issues. We realised that we would not be able to display in the best way we want the issue information such as the type of the issue (bug, code smell, vulnerability), the severity of the issue and the link to the issue in SonarCloud. You can still retrieve all those information on SonarCloud, via the link.

How to give feedbacks?

We would really appreciate your feedbacks about your new experience with Pull Request Analysis results now displayed in the Checks tab. They will help us improve the feature.

To give feedback, simply create a new thread on the forum, under “Get Help > SonarCloud with the “github-checks” tag".

Enjoy

Good Stuff =)

Was that the reason the application name/id changed from “Sonar” to “Sonar Cloud Analysis” in github? I had to fix all my repos that had the sonar required for prs. =/

I’m not sure what you mean… “Sonar Cloud Analysis” is the name of the Check Run we create when decorating a Pull Request. This name appears on the Conversation tab, on the status line of the check. It’s not the name of the app.

What changed is the app requires new permissions: to create checks. Is that what you meant? What did you need to fix on your repos?

This seems very exciting. Are there any plans to release something similar to the Bitbucket integration of SonarCloud? It’d be great if we could prevent merging if the SonarCloud analysis is not passing.

On Bitbucket Cloud side, SonarCloud is already creating a commit status when a pull request is analyzed. If you have a premium Bitbucket account, you should be able to configure a merge check to prevent the merge is the status is not green. Note that we have not tested this Bitbucket feature on our side.
https://confluence.atlassian.com/bitbucket/merge-checks-856691474.html

Thanks for your answer. Although we use Bitbucket premium and have merge checks activated, I haven’t been able to find a way to configure a merge check based on the SonarCloud status for the branch.

I’m exploring the feasibility of writing our own plugin to do this but given that we use Bitbucket Cloud, it might not be possible.

Thanks again!

Hi Ben,

I think we are kind of hijacking this GitHub thread I have created a ticket on our side to look at this (unfortunately I can’t share the link). If you want to receive updates, don’t hesitate to open a new thread on this community forum.

Hi

Thus, could you please confirm that the second screenshot in your page https://sonarcloud.io/about/sq/branch-analysis-and-pr-decoration is now obsolete?

The same holds for this line in https://docs.travis-ci.com/user/sonarcloud/ “SonarCloud can inspect internal pull requests of your repository and write comments on each line where issues are found.”

It was driving me mad the fact that I was seeing no comments in the conversation but just the check…

thanks in advance

Hi Lorenzo,

Indeed we forgot to update our docs, we’re sorry about that.
We will fix that asap.

Thank you for your feedback.

Hi

In our Organization. PR Decoration is working . But I am not able to see the results of sonar in Checks tab.
We have sonarQube Version 6.7.5 (build 38563) . And Github repo.

Please let me know how I can enable checks with coverage info. As with PR decoration we can just see the issues.

Thanks
Janani

Hi Janani,

Welcome to our community
Are you using SonarCloud or SonarQube? I’m a bit confused because PR decorations are not available on SonarQube version 6.7.5.

I suggest you use SonarCloud or SonarQube 7.7 if you want to have PR decoration with Checks.

Hope it helps,

Thank you for the prompt response.

We use SonarQube, Our enterprize uses that . This is the screenshot of the issue that is reported back in PR

image.png825×50 3.79 KB

But I do not see anything in Checks tab . The tab heading is Checks(0)

Also in the case. Will have this in the SonarQube under the branches dropdown. I do not see that. If I analyse a branch that is shown in the dropdown as short lived branch but not PR.

Please help me on this.

Thanks
Janani

Hi Janani,

Sorry, I probably missed something Maybe you are using the GitHub plugin that is now deprecated ?

In any cases, if you want PR decoration in the Checks, there are currently only 2 ways that I’m aware of :

• with SonarQube 7.7 Developer edition, you’ll find documentation here and here
• with SonarCloud, documentation is here.

Hope it will help

Hi thank you very much, that helps.

Yes probably the plugin is there.

My sonar site shows this -

image001.png824×59 3.84 KB

Thanks a lot for the help. Appreciate it.

Good day.

Thanks

Janani

Hi!
We’ve started our evaluation time to use SonarQube Developer and unfortunately we hit the same problem.
I know that reading is a base skill, but this skill has failed in my case while reading https://docs.sonarqube.org/latest/instance-administration/github-application/

Basically it’s important to highlight that we need to set an actual ID of application:

image.png706×179 7.27 KB

Instead the Client ID in OAuth section which is way better exposed.
(also for people migrating from old GitHub plugin, it was natural choice to look there for ID, and even use Client Secret as OAuth token as sonar.alm.github.app.privateKey.secured )

After making sure that:
sonar.alm.github.app.privateKey.secured stores base64 private key
sonar.alm.github.app.id stores the actual - numeric ID of GitHub App

It works like a charm

Is below restriction still prevails in latest version of Sonarqube developer edition?

• It’s not possible to re-run the PR analysis from Checks

Hi,

We use the SonarCloud app with Github on our private organisation repos.
I am seeing that SonarCloud is creating a status check on the PR but what I am not sure about is will it block the merge if our code breaks the quality gates? I don’t really want to manually apply that check myself and would be great if the SonarCloud app automatically does it.

Regards,

Nas