We are running SonarQube 6.7.6 CE on premises and succesfully using the (now deprecated) GitHub Plugin - finding that the publishing of comments to the pull request in GitHub to be particularly useful.
We are now authorised to licence SonarQube DE. Thus, on upgrade to SonarQube 7.x, we will be using the built-in “new generation” pull request analysis.
However, the website blurb for Developer Edition says:
With GitHub Enterprise or Microsoft Azure DevOps, SonarQube can directly comment in the Pull Request.
GitHub Enterprise? We use “normal GitHub”, not GitHub Enterprise. So, does this mean that the pull request comments that work fine with SonarQube 6.7.6 will no longer work after we license DE and upgrade?
This limitation is not mentioned in the documentation, so I am hoping that someone will say that the sonarsource website information is incorrect!
*We use the combination internally on https://next.sonarqube.com/sonarqube/, so it works but we can’t support it because the GH.com API could change out from under the implementation in our (current or imminent) LTS, and we can’t be on the hook to re-implement the integration in the bug-fix-only LTS. So… anyone who keeps up with the latest version, ought to have no problems using the two together. But we don’t support it.
It is very disappointing to find that our main business justification for switching from a free to a paid model for using SonarQube might be fragile.
Having said that, I understand that the reason lies with GitHub. I would hope that the GitHub API would not change without changing the API version and deprecating the old version for a period before removing it. Is this a reasonable expectation?
I see that the v7.7 documentation does cover my concern that “This limitation is not mentioned”. My original post links to “current documentation”, which (at the time I posted) was for v7.6.
The Checks API is currently available for developers to preview. During the preview period, the API may change without advance notice. […]
So no we can’t be sure the API won’t change. Although, to be honest, I don’t think they will make breaking changes because they have a lot of popular third party application already using it.
Anyway, it’s on our plan to officially support SonarQube + github.com (maybe during the second half of the year, but nothing is really fixed yet)
I would assume that it is a reasonable expectation. And yet… it’s a question of timing. Let’s say the API we’re using today is deprecated tomorrow with a 1-year EOL window. That’s well within our ~18-month LTS schedule, so even assuming GitHub will act reasonably (and I do assume that), we’d still be exposed because I believe their cycle is faster than ours.
