PR Decorations Sonarqube -> Bitbucket

Hi everyone,

I cannot get the PR decorations from Sonarqube Enterprise (versions 8.9.0 - 8.9.3) to work in Bitbucket Server (I tested with a vanilla docker image 6.10.14 and 7.17.1).

Sonarqube actually manages to deliver the decorations to the Bitbucket instance, but they do not show up. I realize that this could be a Bitbucket problem, or it could also be that Sonarqube delivers the report to the wrong place or something similar?

The decoration report from Sonarqube lands here, the commit ID is where the branch split off, so before the actual commit in the branch. And not in the Pull Request itself. I have no idea if this is even remotely correct:

https://my-bitbucket/rest/insights/1.0/projects/TA/repos/alice/commits/0c1cbc5a1f50cbd017a65c331d5de71af1a3d4b8/reports/com.sonarsource.sonarqube

{“data”:[{“title”:“Bugs”,“value”:“0”,“type”:“TEXT”},{“title”:“Vulnerabilities”,“value”:“0”,“type”:“TEXT”},{“title”:“Code Smells”,“value”:“0”,“type”:“TEXT”},{“title”:“Security Hotspots”,“value”:“0”,“type”:“TEXT”},{“title”:“Code Coverage”,“value”:“n/a”,“type”:“TEXT”},{“title”:“Duplication”,“value”:“n/a”,“type”:“TEXT”}],“createdDate”:1636540499206,“details”:“Quality Gate passed”,“key”:“com.sonarsource.sonarqube”,“link”:“https://my-sonar/dashboard?id=TA&pullRequest=1",“logoUrl”:“https://my-sonar/images/embed-doc/sq-icon.svg”,“result”:“PASS”,“title”:“SonarQube”,“reporter”:"SonarQube”}

What do I miss? Is this feature maybe not working on newer version of either sonarqube or bitbucket? I think I only ever saw screenshots of this with bitbucket 5.x.

Thanks & BR,
Johannes

1 Like

Hi everyone,

I figured it out in the end.

This was the crucial bit of information: How to add code insights to pull requests

[…]As with the build status API, code insights are only displayed if they are associated with the latest commit on a pull request’s source branch. […]

So, if you do the sonar scan from the wrong branch (!= the PR source branch), or you do pre-merge checks (auto merging and creating commit hashes locally on the CI infrastructure only) then the decoration will not be visible. It will land in the HEAD commit of the analyzed branch, which then is either a different commit on the wrong branch or it will try a nonexistent (on the bitbucket server) commit hash and fail silently.

BR, Johannes

1 Like

Hi @J1022 ,
I’m glad that you ended up finding the solution. Thank you for your update on this post :slight_smile:
Regarding this specific Bitbucket information, do you think we can improve something to avoid such questioning?

Thanks!
Kind regards,
Christophe

Hi Christophe,

thanks für your response!

I think it would be helpful to either add an example in the documentation or to elaborate more on the actual mechanism used here. Where does the report need to go, etc…

And it would also be good to understand from the start that it is an integration into Bitbucket Code Insights, that helps when researching problems in the Bitbucket documentation.

BR, Johannes

1 Like

Ok thank you for your feedback, duly noted :slight_smile: I will pass this to the engineering team :wink:
Kind regards,
Christophe

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.