Setting up sonarcloud with gradle scanner and bitbucket pipelines

Martynas_Sustavicius · September 7, 2023, 4:57am

We migrated to sonarcloud from sonarqube. And now our PR decorations no longer work. It seems, that the problem is our local runners for bitbucket pipelines. I’ve tried following documentation and adding these steps:

pipelines:
  pull-requests:
    "**":
      - step:
          name: 🔍 SonarQube Online
          script:
            - pipe: sonarsource/sonarcloud-scan:2.0.0
              variables:
                SONAR_TOKEN: $SONAR_TOKEN
            - pipe: sonarsource/sonarcloud-quality-gate:0.1.6
              variables:
                SONAR_TOKEN: $SONAR_TOKEN

The problem with this is that I get following error:

INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties

81

INFO: Project root configuration file: NONE

82

INFO: SonarScanner 5.0.1.3006

83

INFO: Java 17.0.8 Amazon.com Inc. (64-bit)

84

INFO: Linux 5.15.0-1040-aws amd64

85

INFO: Bitbucket Cloud Pipelines detected, no host variable set. Defaulting to sonarcloud.io.

86

INFO: User cache: /root/.sonar/cache

87

INFO: Analyzing on SonarQube server 8.0.0.46037

88

INFO: Default locale: "en", source code encoding: "UTF-8" (analysis is platform dependent)

89

INFO: Load global settings

90

INFO: Load global settings (done) | time=284ms

91

INFO: Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu

92

INFO: User cache: /root/.sonar/cache

93

INFO: Load/download plugins

94

INFO: Load plugins index

95

INFO: Load plugins index (done) | time=253ms

96

INFO: Load/download plugins (done) | time=2535ms

97

INFO: Loaded core extensions: developer-scanner

98

INFO: Found an active CI vendor: 'Bitbucket Pipelines'

99

WARN: The project has not been created on SonarCloud. Please go to https://sonarcloud.io/projects/create to set up the project.

100

INFO: Load global settings

101

INFO: Load global settings (done) | time=207ms

102

INFO: Process project properties

103

INFO: ------------------------------------------------------------------------

104

INFO: EXECUTION FAILURE

105

INFO: ------------------------------------------------------------------------

106

INFO: Total time: 8.257s

107

INFO: Final Memory: 8M/76M

108

INFO: ------------------------------------------------------------------------

109

ERROR: Error during SonarScanner execution

110

ERROR: You must define the following mandatory properties for 'Unknown': sonar.projectKey, sonar.organization

111

ERROR:

112

ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.

It seems, that this is no longer using my gradle scanner, which has all the required properties in build.gradle file.

Before this I would just run ./gradlew sonar on my bitbucket runner, but after moving to sonarcloud it no longer adds PR decorations.

How to fix PR decorations?

Colin · September 7, 2023, 4:35pm

Hey there.

Indeed, you can’t use sonarsource/sonarcloud-scan to analyze a Gradle project and expect it to use the Gradle scanner.

Did you see the tutorial in the SonarCloud UI when creating a project for integrating with Gradle and Bitbucket pipelines?

Martynas_Sustavicius · September 8, 2023, 6:05am

Yeah, I followed that tutorial, and it integrated with our bitbucket, but we only get this view on PR

Unfortunately there are no Sonar comments on actual code, even if there are critical issues. Also this doesn’t add a failed build step, so nothing is preventing developers from merging code with critical issues.

Colin · September 8, 2023, 11:16am

Thanks. Keep in mind that on a pull request analysis, you will only receive results on changed lines of changed files. If all you did i Thanks. Keep in mind that on a pull request analysis, you will only receive results on changed lines of changed files. If all you did in this PR was change your Pipeline YML, for example, you probably won’t see anything.

Has your main branch been analyzed yet, and do you see any results?

Martynas_Sustavicius · September 8, 2023, 11:33am

I can see all results on sonarcloud. On one PR sonarcloud finds “Remove this redundant import” error, which previously would cause our PR to fail and comment to appear near import, but on bitbucket PR side no comment is added, and no failed build is visible apart from:

On sonarcloud I can see those errors for that PR:

Martynas_Sustavicius · September 11, 2023, 11:50am

@Colin , thanks for your help.

I was able to resolve this issue by deleting project from sonarcloud and importing again. I can only assume, that importing sonarcloud from bitbucket might have caused some other configuration issues, because when I imported bitbucket repository from sonarcloud, everything seems to work.
Key points:

For android gradle project all you need is gradle sonar scanner. Just make sure it’s being run in pipelines.
If someone has issues with PR decorations, make sure project is bound as described here at the bottom: Bound vs Unbound | SonarCloud Docs

system · September 18, 2023, 11:51am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.