Template for a good new topic, formatted with Markdown:
ALM used: GitHub
CI system used: Automatic Analysis
Languages of the repository: C
Error observed: If I create a PR from main to release branch the quality gate always passes. All values exept of lines of new code are 0. It does not count new issues on base branch, if compare branch is main.
Create PR release ← main (merge main into release)
Potential workaround: none found yet
Is there a way to solve this using automatic analysis? Or must we switch to build-based analysis?
(may take some time until I answer, only work 20%)
Just to make sure I understand correctly – are you expect that main (typically the latest stable version of the project which can be deployed to production) is going to introduce new issues into your release branch?
I know it is untypically. But yes I expect this, if it is not shown/blocked in the pullrequest.
There could also be “accepted issues” on the main branch which are introduced into release branch. But this counter also shows always 0.
For my understanding the counters/analysis should work, regardless if it is untypically or not. Otherwise the comment of the sonarcloud bot to the PR is useless. If it just shows 0 in all categories regardless of the reality it is missleading information. And this is what I like to fix.
The only thing that works properly in this case it the counter of new lines of code.
I’ve thought a lot about the topic. Maybe I don’t understand properly how this automatic analysis works. Does the analysis within a PR use alsways the main branch as comparison? Or does it use the branch where you merge into use as comparison?
In the following example, I have a main branch with 8 new issues (compared to the last release). As a result, the main branch fails the quality gate. However, when I create a PR from main to release, the SonarCloud bot approves it. Unfortunately, this bypasses the desired quality control, especially in the case of main → release.
It should be the second one. I just fully processed that Automatic Analysis seems tobe running against PRs that target branches Automatic Analysis can’t analyze (Automatic Analysis only analyzes the main branch)… that’s weird (I can’t say for sure whether or not it’s a bug).
Here you have 5 new (changed) lines. If you open your PR in GitHub, I imagine it show you have many more?
Ok. If it should compare to the branch you are merging into (within the PR) it seems to be a bug for me. I tried a lot of combinations. Any combination worked, only if the main branch merges into another it does not work.
Yes in total in the PR are 10 changed lines. 5 without issues and 4 with issues and 1 new empty line. But the 5 lines which are not detected are in a “.cproject” file, which I do not expect to be analysed by SonarCloud. The 5 lines which are in a “.c” file are detected by SonarCloud. The interesting part is, if I go into the changed code in the PR in SonarCloud: The 4 lines with the issues are detected by Sonarcloud as changed lines:
Unfortunately I am not allowed to share repositories or create public repositories in our organization. Thus I cannot share the repository with you. But I created a public repository in a new GitHub organization which has the same behavior with the quality profile “Sonar Way”. This you could use to easy reproduce: https://github.com/Test-Settings/SonarCloudBug
It has the same status: Main branch has 1 issue, but the PR main → release none: