PR decoration with GitHub without using the official workflow

shyanneshan · October 30, 2023, 3:29pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
how is SonarQube deployed: zip, Docker, Helm
what are you trying to achieve
what have you tried so far to achieve this

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Env:
Sonarqube Enterprise Edition Version 9.9
GitHub Enterprise Server 3.9.5
Sonar Scanner is downloaded to the docker image and runs in our GitHub Runners.
Used compile_commands for C++ projects.

What we want to achieve is block the pr from merging if the quality gate fails. From this post, you mentioned

when a PR fails the Quality Gate, instead of failing the build, you should use PR decoration to block the merge.

But how could we use PR decorations when we are not using the official GitHub Action? I haven’t found anything online.

Also in this video, you demoed a decorator on workflow runs in the check panel, how is this implemented?

ganncamp · October 31, 2023, 1:04pm

Hi,

You can certainly use PR decoration without GitHub Actions. Just follow the three steps listed in the docs.

You should also be able to block merge, even without using Actions.

HTH,
Ann

shyanneshan · November 1, 2023, 1:26pm

Thank you for the reply, since my organization didn’t open port for GitHub Actions, I am not able to set a GitHub App for Sonarqube.

Now I wonder if it’s possible to print the info(vulnerabilities, issues, bugs) in the sonar-scanner’s output?

ganncamp · November 1, 2023, 1:50pm

Hi,

No, this isn’t possible. Just check the SonarQube UI instead.

HTH,
Ann

shyanneshan · November 1, 2023, 2:01pm

Thank you very much!