SCM Migration lost email addresses - Issue assignation problem

SonarQube
1

Hello,

I’m running a self hosted Sonarqube Community Edition (version 7.9.3.33349)
Several years ago, my organisation moved from Mercurial to Git SCM.

It’s only recently, when using Sonar, that we realized that email addresses of the commit were mostly lost in the migration from Mercurial to Git (I don’t know why, I wasn’t there when the migration was done).
On legacy Mercurial committed code, when doing a git blame, the author name is fine, but the email address is always devnull@localhost. So this breaks issue assignment, since identity matching is done on email address of the author of the commit.

On recently Git committed code, everything works fine, and issues are assigned correctly
Note: we are not using shallow clone when analysing project.

Is there a way to perform issue assignment based on the author name, when email matching fails ? (I don’t think so, but one has to ask :slight_smile: )
If not, would it be achievable in a plugin ? I can write the plugin myself, but need some hints on the best way to do it:

  • a PostProcessing task ?
  • a custom IssueVisitor ?
  • a custom ScmProvider ?

What I’ve done so far to fix this:

  • a temporary script (ran manually) that uses Web API to detect and reassign the issues, by doing a git blame in a bash. It works, but it’s far from being optimal and will only fix the existing issues. It does not prevent new issues (new rule, or some deprecation which will cause the line to have an issue without modification on it)
  • add SCM account in user management. It doesn’t fix the issue, since the same email is always found.

Thank you

2

Hi there,

Looks like you have a full understanding of the problem.
Identity matching, on the server side, is done based on email, username or SCM accounts that are setup for each user
See: sonarqube/UserIndex.java at master · SonarSource/sonarqube · GitHub

So the problem is that the handler that collects the blame information for git, specifically looks for the email address, because that’s usual always available in git and is the best way to match users. See here.

In your case replacing that class with something that collects the name should work. However, the SCM Git component is now part of SonarQube and no longer loaded as a plugin.
However, SonarQube still supports plugins that provide support for other SCMs.
So what you could do (no guarantee it will work!) is fork GitHub - SonarSource/sonar-scm-git, change the “provider key” (it can’t be git, or otherwise it will fail since there is already the provider for git embedded in sonarqube) and then use sonar.scm.provider=mykey to explicitly active your SCM plugin.

Note: the code embedded in SonarQube has evolved since it was embedded, so you might be missing the latest changes by using a fork from the sonar-scm-git repository. See changes here.

The other solution is to change the JGitBlameCommand in SonarQube and deploy your own scanner jar or your own distribution.