QUALITY GATE STATUS: FAILED when branch does not exist

francescom412 · April 4, 2024, 3:24pm

Hello,

We’re experiencing QUALITY GATE STATUS: FAILED error when running an analysis on a new branch on Sonar Cloud. The analysis run should create the branch and publish the result, this is not happening.
The first failed run actually creates the branch with no analysis run inside, re-executing the pipeline leads to a successful result since, after the first execution, the branch exists.

There is no actual way to create the branch before analysis using Rest APIs or similar from the pipeline, what should we do to avoid pipeline re-execution when a given branch does not still exist?

ALM used:
Azure DevOps

CI system used:
Azure DevOps

Scanner command used in Pipeline:

- task: SonarCloudPrepare@1
  displayName: Initialize Sonar Cloud Analysis
  inputs:
    SonarCloud: 'Sonar Cloud Name'
    organization: 'orgname'
    scannerMode: 'Other'
    extraProperties: |
      sonar.branch.name=my_branch
      sonar.verbose=false
      sonar.sources=src/main/
      sonar.tests=src/test/

- task: Maven@4
  inputs:
    mavenPomFile: 'pom.xml'
    goals: 'clean install'
    options: '--settings settings.xml'
    publishJUnitResults: false
    javaHomeOption: 'Path'
    jdkDirectory: '/usr/lib/jvm/java-21-amazon-corretto'
    mavenVersionOption: 'Default'
    mavenAuthenticateFeed: false
    effectivePomSkip: false
    sonarQubeRunAnalysis: true
    sqMavenPluginVersionChoice: 'latest'

- task: SonarCloudPublish@1
  displayName: Publish Sonar Cloud Result
  inputs:
    pollingTimeoutSec: '300'

Languages of the repository:
Java (Maven)

Error observed:
When the branch my_branch does not exist on the Sonar Cloud Project, the execution of the above steps results in branch creation and Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922:sonar (default-cli) on project demo: QUALITY GATE STATUS: FAILED is thrown. Subsequent executions will be successful.

Steps to reproduce:

Delete my_branch branch from Sonar Cloud project
Run analysis

ganncamp · April 5, 2024, 3:31pm

Hi,

Welcome to the community!

What’s the project-level default for the New Code Definition? Is it using a reference branch (e.g. main) or some other reference point?

What do you see in the SonarCloud UI when a branch is in this state? I’m wondering if the Quality Gate status is actually “Not Computed”, and that’s being returned (wrongly, obvs) as FAILED by this particular call.

Thx,
Ann

francescom412 · April 5, 2024, 3:48pm

Hi Ann,

Thanks for your welcome and your reply !

Currently, the New Code Definition is based on Previous version. The UI states “Any code that has changed since the previous version is considered new code.Recommended for projects following regular versions or releases”.

The status of the branch in this situation is “none”. The branch appears as not analyzed yet and the analysis is in error.

Thank you,
Francesco

ganncamp · April 5, 2024, 4:09pm

Hi,

Could you share a screenshot of this?

Thx,
Ann

francescom412 · April 9, 2024, 8:22am

Hi Ann,

Forgive me for my delay. Here’s the screenshot you asked:

When clicking on it (in the screenshot is the develop branch):

Thanks in advance,
Francesco

ganncamp · April 10, 2024, 12:43pm

Hi,

Thanks for the screenshots.

What I see is an analysis with 0 issues, not an unanalyzed state.

And at this point, I’m going to flag this for more expert eyes for this part:

Ann

Julien_HENRY · April 15, 2024, 2:49pm

Hi @francescom412 ,

I guess you are using the property sonar.qualitygate.wait=true to make your CI pipeline fails in case of a red quality gate.

I was able to reproduce that on the first analysis of a branch, the quality gate is not computed, and so the status is “NONE” in the UI. We are considering this a reason to fail the scanner, to detect a later misconfiguration of the quality gate or clean code period.
I agree this is not a great user experience for the first analysis of a new branch.

I have created a ticket, but I am not sure when it will be tackled.

In the meantime, I suggest you remove the sonar.qualitygate.wait=true for the first analysis and only add it a bit later, when your branch already has some successful analyses.

francescom412 · April 16, 2024, 8:21am

Hi Julien,

Thanks a lot, for the moment we implemented a retry strategy as we do not want in any case to deploy something that has not passed the Quality Gate.

Waiting for updates on the new ticket,
Thanks again for your support,

Francesco