Questions on pull request analysis

pull-request
csharp
vsts
sonarqube
(Magnus Kleming) #1

Currently doing a trial of SonarQube 7.7.0.23042, Developer edition, with the TFS pull request integration, and we’ve run into an issue I can’t make heads or tails of based on the available documentation.

On our develop branch we have a branch policy with two builds (A and B), both of which run code analysis against their own, separate SonarQube projects. A is a mixed web project, with C#/JS/TS etc., whereas B is a back end, pure C#/T-SQL project.

Problem 1:
When adding a new code smell to the exact same (C#) file shared by both projects, A correctly(?) adds a comment to the PR about this new code smell only, while analysis B additionally adds a comment on a line of untouched code in the same file (I’ve confirmed by running just B on a fresh PR that it also adds the correct one). While it is indeed correctly identified as a code smell, it was not changed in this PR/branch, so to me this doesn’t seem right. Is this expected behavior? If not, what might be causing this behavior? I’ve tried starting from scratch on both projects, and they still report differently on this file.

Problem 2:
If A (which is the one that only reports the actual new code smell I just added) finishes last, it deletes the additional comment added by B. If this is expected behavior, does that also mean that other, accurate PR comments will be deleted by whichever analysis runs last, if that analysis does not contain those issues?

(Stephen Larkin) #2

It’s a known limitation. There’s a thread tracking it though if you wanted to throw your hat into the ring too.

1 Like
(Magnus Kleming) #3

Okay, understood. Thank you. :slight_smile: That is very unfortunate, as we have two solutions (A and B) in this same repo, and we’re not interested in splitting them up into separate repos, as we would then need to have separate A and B pull requests…
EDIT: Works perfectly with one analysis that builds both solutions though. I guess that’s good enough for now :slight_smile:

Does anyone have any input on my first question though? I still do not understand 1) why two analyses would report differently on the same file, or 2) whether or not it is expected behavior (or maybe defined an option somewhere) that one of them reports issues on code lines (albeit in a file that has been modified) that were not touched (should it, or should it not do this?).

(Julien Henry) #5

Hi @Magnus

Finding issues depends on the context. For example an unused variable issue is obviously only reported if the variable is not used. So maybe in one project, a variable of the shared file is never used, while it is in the other. Since you are analyzing the 2 projects separately, one analysis can’t “see” that the variable is used by the other project.
Of course this is just an example, and it will be hard for us to understand what is going on in your case without more details (like code snippet, id of the rule raising an issue, …) and ultimately a reproducer.