Quality Gate does not fail with reference branch

Hi,

  • We are using SonarQube 9.4 (build 54424).
  • Our project is configured with Reference branch set to develop for New Code
  • Our Quality Gate is set to fail when issues are found with severity Major on New Code

We have created a feature-branch based on develop in a developer’s local git repository. A new file has been added to the git repository containing a Major Sonarissue. The branch is pushed to the git server where the Sonaranalysis is triggered. The Major issue has been found. However, the quality gate passes. It should have failed.

It seems to work just fine when already existing files are modified compared to the reference branch but it fails to work when a new file is added. At least, that is what we think.

Hey there.

Do the logs indicate that the reference branch was correctly identified / the fork correctly identified?

You’ll want to look for logs like this in the scanner logs:

2022-06-08 16:32:05.121 INFO: Load New Code definition
2022-06-08 16:32:05.121 INFO: Load New Code definition (done) | time=7ms
2022-06-08 16:32:05.121 INFO: Computing New Code since fork with ‘PI24/Sprint-3/SonarPR_Decoration’

I would also recommend upgrading to SonarQUbe v9.8 – SonarQube v9.4 is an EOL version of SonarQube/

Thanks for your reply. I do not see the entries in the logfiles. However, I do see some fixes in the releases after 9.4, so I guess upgrading is a good idea. We were waiting for the LTS-version to upgrade. Is it known when this will be released?

Hm… a New Code Definition must be calculated when analyzing branches of a project (not pull requests). Are you sure you’re looking in the right place?

The release date was announced here!

I was looking in the wrong logfile, my apologies.
It says the following, where the sha1 hash is the hash of the develop-branch I created the feature-branch from (which is correct).

[INFO] Load New Code definition
[INFO] Load New Code definition (done) | time=21ms
[INFO] SCM writing changed lines
[INFO] Merge base sha1: be4bf4a04b6855e57c751e689dc3b93f9e61d250
[INFO] SCM writing changed lines (done) | time=228ms

I do have some more info. The major issue is present when I navigate to the code section. However, it is not shown as a major issue on new code. I have tried to repoduce this behaviour and the new file has two major issues. One of them shows up as major issue in the new code, the other one is only visible via the code section (two issues are reported here, which is correct).

So , what is the difference between the two issues? The only difference I can see, is that the issue which is not reported in the new code, is reported at the top of the file (it is a ’ Track lack of copyright and license headers’ issue). Both issues are part of the ‘SonarQube (Java)’ rules repository.

I can shed a little light here.

A rule such as Track lack of copyright and license headers will raise issues on a file-level, rather than a line-level.

I’m not sure how this is handled when a Reference Branch is being used to detect new lines (and therefore which issues should be raised as being “New”). I’ve flagged this thread for some expert attention.

1 Like

Any news to be reported on this issue?

Hello @mydeveloperplanet,

Thanks for reporting this!

We managed to reproduce the issue with reference branches for New Code. The issues are only displayed if git reported a line involved in that issue as new. The file-level issues are not displayed. I consider this a limitation, and I opened a new ticket. You can track its progress there.

1 Like

thank you!