Regarding the pull request analysis, we got to know about the “Pull Request decoration to Bitbucket Cloud” feature and followed Adding Pull Request decoration to Bitbucket Cloud section in the document Bitbucket Cloud Integration | SonarQube Docs
But unfortunately, we are not able to get any reports in the bitbucket. Please find the screenshots for the configuration we did on sonarQube side and please let me know if we missed anything here?
Your repository SLIG setting is clearly incorrect. As per the tooltip that shows up when you click on the question mark, the SLUG is only the tail of the bitbucket cloud URL (what appears after manhattanassociates/ in your URL, I can’t see what it should be since it’s hidden in your screenshot).
but still we are not able to see sonarqube pull request decoration for our PR on bitbucket cloud. Can you please let us know if there is any other configuration we need to check.
Your last screenshot makes it clearer. Even if you have “something” in SonarQube, it’s the result of a branch analysis, not a pull request, even if your branch is called pullrequest/... it’s icon is clearly a branch icon
Depending on your CI tool this could be automated, but for now you may force the PR properties manually to see the results in BitBucket. If that does not work, please send me:
we have injected pull request analysis properties directly into our jenkins and after triggering the jenkins build,
we are not able to see the pull request branch for which we triggered the build (pullrequest/DEV-8422-sonar-pr-slug-test),
but we were seeing an already merged PR branch (5 – AAL-633 Spotless Plugin For Inventory) on sonar ui.
We tried with below pull request analysis properties sonar.pullrequest.branch=pullrequest/* sonar.pullrequest.branch=$BRANCH_NAME (to take any branch)
The most important parameter is sonar.pullrequest.key.
The sonar.pullrequest.branch is only useful if the ALM (Bitbucket) integration is not working, otherwise the branch name is automatically retrieved from the PR key (or id).
I can see from your last post that now the PR analysis integration is working fine. You indeed have the expected SonarQube check on the right column of the PR
To see a bit more of the decoration, you need to click on this SonarQube check to have more details.
In the current case the check mark is green meaning that the PR passes the quality gate and, as confirmed by your SonarQube screenshot, that there is no issues in the code. So there will be nothing more in the Bitbucket decoration.
It is only in the case where you have some issues in the PR that you will see a bit more decoration, highlight in bitbucket where you have those issues, like in the below screenshot:
To have issues in the PR obviously you must have added new code in thr PR (ie in the source branch of the PR). I wonder if that is something you did? Did you not simply create a branch and a PR without any new code in the branch ? In that case the PR decoration will not very spectacular since there is no new code, no issues and no real metrics on new code.
I got your point but as I said once Jenkins build successful ,in sonar ui we can see merged pr branch to the master one but not the one which we created.
Also can you please let me know what value we need to give for sonar.pullrequest.key.if it is not 5,then anywhere we will get it on bitbucket side or sonar side?
The PR key is changing for each PR, so it is not an option to hard code this PR key in your pipeline.
For test you can hard code, and the key is displayed in Bitbucket.org in several l-places, see below screenshot (below it’s PR key 9)
In production mode the PR key should be retrieved dynamically.
If you have set up your jenkins properly (with the bitbucket cloud branch source plugin and a correct multibranch pipeline) this pull request key should be in a Jenkins environment variable, but this is out of the scope of SonarQube. See Jenkins Branches and Pull Requests
If the pipeline is triggered from a bitbucket web-hook you can also find the pull request key in the web-hook payload
Thanks @OlivierK .we have already Branch Source plugin configured ,as per below screenshot these parameters should detect automatically and we no need to pass them manually. Please let us know if any other configurations do need to do for Branch Source plugin.
Hello,
I am sorry but configuring the branch source plugin and your pipeline is something I cannot help you with. This is beyond the scope of SonarQube itself and I am not a Jenkins expert.
I must say that your combination that you use (Bitbucket cloud and Jenkins) is a bit unusual. Most Bitbucket cloud users would use Bitbucket pipes that are included with Bitbucket cloud (unlike Bitbucket server that only provides the SCM function and not the CI one, so you have to pair it with a CI tool like Bamboo or Jenkins).
You should ask Atlassian if the same environment variables are exposed with the branch source plugin for Bitbucket regardless of whether Bitbucket server or Bitbucket cloud is used, and you should ask which are the environment variables that are exposed. In Jenkins, we would honor an environment variable called $CHANGE_ID that should contain the pull request key. You may want to check if this env variable is properly set in your pipeline, by echoing your environment variable(s) at the beginning of your pipeline for instance
Thanks @OlivierK .we have managed to get pullrequest ids.Now we have one more issue on bitbucket side we are not able to see Measures though it is showing on sonar ui.for example in the below screenshot on sonar ui side ,the coverage is showing as 77.8% but on bitbucket side it is showing n/a.Not only coverage but remaining Measures also we are not able to see on bit bucket side though sonar has Mesaure values. Can you please help us on this?
What you see in BitBucket seems normal, as there are no issues in your PR, and apparently no new code at all, then SonarQube does not do more than decorating the PR will a “Quality Gate Passed”. You would have to inject new code with some issues in the PR to see something more in the decoration.
There’s something that is suspicious though. In your SonarQube PR screenshot I can see “Last analysis had 2 warnings” top right. In a perfect set up there should be no warning, Can you click on the warnings to check what they say in detail ?
Please find warning from the below screenshot. Please note that we have already master branch analysis. Please let us know do we need to change any configurations to avoid master branch related warnings from the below screenshot.
OK, None of the 2 warnings are breaking your PR decoration so that is what matters first.
The warning seems to indicate that you have no master branch which is a possibility with recent changes in many code platforms where the default master was changed into main of where you can change the name of the main branch.
Please:
Make sure that you perform a full clone when you checkout your code (no shallow clone)
If you main branch is not master you may want to pass the -Dsonar.pullrequest.base=<NameOfYourMainBranch> to your scanner cmd line (see Pull request analysis documentation)
If the above does not solve that last warning issue and you want further investigations, I’ll ask you to open a new community thread. This one starts to become too long, as we’re a bit drifting away from the original problem, and the original problem is now sorted out.
