Pull Request analysis and Quality Gate

q_gate
pull-request

(Luigi) #1

I have installed SonarQube 7.6 Developer Edition, and starting using it on my development environment pipeline. My coding approch is Trunk Based Development. We have only one mainline (master or trunk or develop as you prefer to define, but only one mainline)
Actually all changes on code pass through a Pull Request, that as I have understood, into SonarQube is recognized as a Short Lived Branch and only this hard coded rules are applied

Error conditions:

• new open bugs > 0
• new open vulnerabilities > 0
• new open code smells > 0

That is a subset of my Quality Gates conditions. It means that PullRequest could pass quality gate (becouse is recognised like Short-Lived Branch) and when it is merged into mainline (master/trunk) is applied my Quality Gates rules and could fail on merge. How could I know if it break quality gate before PR approvement, or more easy, how to identify a Pull Request as a Long Lived Branch?

I have tried to define * as long lived branches pattern, but it does not work. attached a screenshot.


(G Ann Campbell) #2

Hi,

This issue has been thoroughly discected already.

TL;DR: it’s working as designed and we hope to give you Real Quality Gates for PRs and short-lived branches soon.

 
Ann


(Luigi) #3

@ganncamp thanks for your reply!

Just a small summary to verify that I have well understood.

  • All PR are recognized as Short-Lived Branch and there is currently no possibility to set up an ad-hoc Quality Gate (or at least the same as the project), but this is planned for Q12019.
  • There is no way to identify PRs as Long-Lived branches (even with * in the long lived branches pattern regex).
  • The only way to go for the quality gate would be to avoid the PR and launch the merge on the mainline so as to check if the quality gate passes.

Is that right?


(G Ann Campbell) #4

Hi,

PRs and SLBs are recognized as 2 different things, but their presentation within SonarQube is the same. And yes, currently the only way to apply a full QG is to merge your PR and run a full analysis.

 
Ann


(Luigi) #5

Clear. Hope to see this feature soon. Any update? (just curiosity)