PR Decorations Sonarqube -> Bitbucket

J1022 · November 11, 2021, 9:34am

Hi everyone,

I cannot get the PR decorations from Sonarqube Enterprise (versions 8.9.0 - 8.9.3) to work in Bitbucket Server (I tested with a vanilla docker image 6.10.14 and 7.17.1).

Sonarqube actually manages to deliver the decorations to the Bitbucket instance, but they do not show up. I realize that this could be a Bitbucket problem, or it could also be that Sonarqube delivers the report to the wrong place or something similar?

The decoration report from Sonarqube lands here, the commit ID is where the branch split off, so before the actual commit in the branch. And not in the Pull Request itself. I have no idea if this is even remotely correct:

https://my-bitbucket/rest/insights/1.0/projects/TA/repos/alice/commits/0c1cbc5a1f50cbd017a65c331d5de71af1a3d4b8/reports/com.sonarsource.sonarqube

{“data”:[{“title”:“Bugs”,“value”:“0”,“type”:“TEXT”},{“title”:“Vulnerabilities”,“value”:“0”,“type”:“TEXT”},{“title”:“Code Smells”,“value”:“0”,“type”:“TEXT”},{“title”:“Security Hotspots”,“value”:“0”,“type”:“TEXT”},{“title”:“Code Coverage”,“value”:“n/a”,“type”:“TEXT”},{“title”:“Duplication”,“value”:“n/a”,“type”:“TEXT”}],“createdDate”:1636540499206,“details”:“Quality Gate passed”,“key”:“com.sonarsource.sonarqube”,“link”:“https://my-sonar/dashboard?id=TA&pullRequest=1",“logoUrl”:“https://my-sonar/images/embed-doc/sq-icon.svg”,“result”:“PASS”,“title”:“SonarQube”,“reporter”:"SonarQube”}

What do I miss? Is this feature maybe not working on newer version of either sonarqube or bitbucket? I think I only ever saw screenshots of this with bitbucket 5.x.

Thanks & BR,
Johannes

J1022 · November 19, 2021, 9:55am

Hi everyone,

I figured it out in the end.

This was the crucial bit of information: How to add code insights to pull requests

[…]As with the build status API, code insights are only displayed if they are associated with the latest commit on a pull request’s source branch. […]

So, if you do the sonar scan from the wrong branch (!= the PR source branch), or you do pre-merge checks (auto merging and creating commit hashes locally on the CI infrastructure only) then the decoration will not be visible. It will land in the HEAD commit of the analyzed branch, which then is either a different commit on the wrong branch or it will try a nonexistent (on the bitbucket server) commit hash and fail silently.

BR, Johannes

Christophe_Havard · November 22, 2021, 2:56pm

Hi @J1022 ,
I’m glad that you ended up finding the solution. Thank you for your update on this post
Regarding this specific Bitbucket information, do you think we can improve something to avoid such questioning?

Thanks!
Kind regards,
Christophe

J1022 · November 22, 2021, 4:13pm

Hi Christophe,

thanks für your response!

I think it would be helpful to either add an example in the documentation or to elaborate more on the actual mechanism used here. Where does the report need to go, etc…

And it would also be good to understand from the start that it is an integration into Bitbucket Code Insights, that helps when researching problems in the Bitbucket documentation.

BR, Johannes

Christophe_Havard · November 24, 2021, 10:37am

Ok thank you for your feedback, duly noted I will pass this to the engineering team
Kind regards,
Christophe

system · December 1, 2021, 10:39am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.