Hi,
We are trialing SonarQube Developer Edition 7.9.1.27448 mainly because of its PR analysis. Unfortunately, I’ve learnt that GitHub is not officially supported by SQ.
I wanted to give it a try anyway, hoping that the API is still compatible.
I’ve set everything according to the documentation, however I can’t see any decorations on the PR page.
The logs sonarqube.txt (7.7 KB) however show all success statuses - should there be a line here that indicates SQ tried to decorate a PR? Is there any way to debug the issue?
Also, documentation mentions setting per project Administration > Pull Requests > sonar.pullrequest.github.repository
but I couldn’t find any field like that in 7.9.1.
Instead, I’m running sonar scanner from jenkins with following arguments: sonar-scanner -Dsonar.pullrequest.key=70 -Dsonar.pullrequest.branch=test -Dsonar.github.repository=mycompany:test-app
Is there any change that GitHub API will be supported? Otherwise, there is not much reason for us to use Developer edition and will have to downgrade to older version and use GitHub plugin instead
It looks like the UI path in the docs is slightly off. Under the project Administration menu, choose General Settings, and thenPull Requests from the list on the side.
You must specify the properties about where to decorate server-side because PR decoration happens asynchronously on the server-side at the end of analysis report processing. At that point, the properties you passed in on the analysis command line are out of scope.
Regarding SonarQube + GitHub.com, it works, but if there are major API changes on the GitHub side, we won’t be backporting fixes to the LTS. If you’re willing to keep up with the latest version, then you should be golden (once you get over this initial configuration hump).
thanks the for replay. The thing is, that I’ve set properties in Administration > General Settings > Pull Requests.
I’ve set:
sonar.pullrequest.provider = GitHub
sonar.pullrequest.github.endpoint = https://api.github.com
sonar.alm.github.app.name = name of the app from GitHub Apps page
sonar.alm.github.app.id = ID of the app from GitHub Apps page
sonar.alm.github.app.privateKeyContent.secured = content of private key file generated by GitHub (should in include the starting “-----BEGIN RSA PRIVATE KEY-----” part?)
I understand that it’s an asynchronous operation run server-side, that’s why I was hoping to see anything in the logs from SQ server that would at least tell me, that it tried to communicate with GitHub and failed to connect to app/authenticate or anything. Right now I’m not even sure, if SQ tries to connect to GitHub or now.
Is there any other property that I need to pass to sonar-scanner, when I analyze a PR? For sure the PR are analyzed correctly, I can view a project and get a list of master and all PR, however, a PR that is shown in SQ with 2 code smells never received any decorations on the github page.
Edit: The GitHub App name contains a dash CompanyName-Sonarqube - is something like that definitely supported?
did a bit of progress with the topics. I’ve found this amazing warning icon in the right corner of the PR analysis, that told me, that sonar.pullrequest.github.repository was missing (for some reason I was using sonar.pullrequest.repository instead…).
Now I’m getting Pull request decoration did not happen. No commit found for revision '2a73ce5d463d563a7993e40fe9596b79b6229f58'. Please pass a valid commit revision to the scanner using 'sonar.scm.revision' parameter
But with the warning sign I should be able to resolve any issues.
Btw, do you know if in case of GitHub sonar.pullrequest.branch should be set to the name of original PR branch name or the PR-XXX name?
Yes, I realized that jenkins was creating a new commit of a merge. Got it working by using sonar.scm.revision=refs/pull/$CHANGE_ID/head instead.
The check appears now on the GitHub page, but the only issue we have is that all images on the check page are missing, probably because our projects are private. Is there any documentation about that?
yes, we have the property set. Are you saying, that images should work even with private repositories?
It is possible, that github IP is not whitelisted and hence missing images - I’ll have to talk with our network administrator about that.
Thank you!
EDIT: Just realized that we are using GitHub Authentication Plugin for SQ, so GitHub has probably access to our SQ instance.
EDIT: Nvm, I see that the fix version is 8.0.0. Looking forward to it! Any idea, when it’s available?
