We are currently using SonarCloud integrated with Azure Devops on our Pull requests for projects and while this works well in general we get occasions where minor smells are not considered when working on a hot fix.
To ensure these are still retained we are looking at having a scheduled build to pickup any minor issues to be reviewed a tech debt.
This has led to the question of if we can reduce the scanning done as part of a PR to only major/critical issues to reduce the PR build verification.
I have not been able to see a way to create a new Rule profile for Pull Requests and specify to use that as part of the scan, the only option I can seem to find is to add in sonar.issues.ignore.multicriteria entries for all of the rules we wish to suppress for the PR validation build. This approach would appear to be difficult to maintain and we do not currently have a good way to include this in our pipelines while maintaining simplicity for the build yml.
If there is a way to either specify a pull request profile for a project or set an ignore for issues based on the severity of the rule in the ruleset? and if not is this functionality which could be worthwhile to be added to the system?
I guess you mean that sometimes you don’t care about issues with a Minor or lower severity?
There is only one Quality Gate for the entire project, including all branches and PRs. What the Quality Gate applies on PRs is all the conditions on New Code. And only conditions on New Code. It would be difficult to sometimes fail the Quality gate for Minor issues and other times allow it to pass.
What I suggest instead is that you either
mark the Minor issues on the hot fix PRs as Won’t Fix (and then un-mark after merge)
just plan to use a manual override on hot fixes if the Quality Gate is blocking the merge
Indeed the example provided of working on a hotfix and the development team not being concerned about minor smells when they are aiming to fix a live issue.
At present we have not hooked in the quality gate into the pull request as such we do not have a merge blocking issue (beyond Azure Devops requiring all comments to be resolved), we are more looking at if there is a way to reduce the build times for the PR by suppressing any minor rules, but keep them in the profile for an overnight build to pick up everything so even the minor rules are not forgotten about.
Thanks for the clarifications. In fact, all of the rules are going to run each time. And Quality Profiles (rule sets) are specified at the project level for all branches and PRs, just like with Quality Gates.
That said, if analysis recognizes that it’s in a PR, there should be a speed-up on which files are processed - assuming that the PR’s base branch has been analyzed recently. If that’s not happening (you’ll see it in your analysis logs), it’s worth looking into.