Sonar project migration

Hi Team,

@sophio.japharidze @ganncamp @Sancretor

We have a requirement to export a project. But we are unable to find the option “Export”. Apart from the main branch, other feature branch analyses are done.

SCM tool- GitHub
CICD tool: GitHub actions
SonarQube version: 9.9 LTS
Branching strategy: develop–> uat–> release–>main
Analysis type: Branch analysis on a project.

Flow: When a PR is raised from development to UAT, the branch analysis will happen on the development branch. Once the PR is merged the changes will move to the UAT branch. In the same way, when PR is raised from release to main, the sonar branch analysis will only happen on the release branch, after this PR is merged then only the changes will move to the main branch, as there will be no branch after the main, we cannot raise a PR from main, due to this reason we cannot perform sonar analysis on the main branch. So, as per our strategy, the main will not have branch analysis.

Hence, how can we export that project without having analysis on the main branch?

Adding the snips for reference.

Regards,
Avinash

Hi Avinash,

If I’m understanding your flow correctly, main is your default branch on the GitHub repo and the SonarQube project, correct?

Pull request analysis and branch analysis are two separate things. Based on the info you provided, it sounds like you are only doing PR analyses with your current setup.

Based on the How to Export documentation, you need to have a recent analysis on every branch you want to keep. Is there a specific reason you don’t run branch analyses on these branches, main in particular? What is your GitHub Actions workflow configuration for this project?

Also, friendly reminder that the Sonar Community Guidelines discourage “@name” mentioning people who aren’t engaged with a post.

Thanks,
Schyler

2 Likes

Hi @smanning,

If I’m understanding your flow correctly, main is your default branch on the GitHub repo and the SonarQube project, correct?
Yes

Pull request analysis and branch analysis are two separate things. Based on the info you provided, it sounds like you are only doing PR analyses with your current setup.
We are raising a pull request in GitHub between branches, then the pipeline in GitHub will trigger and perform the sonar branch analysis in specified branches.

Is there a specific reason you don’t run branch analyses on these branches, main in particular?

**As we mentioned above GitHub Pull Request will be raised from dev–>uat–>release–>main. **
dev–>uat - branch analysis will happen on dev
uat–>release - branch analysis will happen on uat
release–> main - branch analysis will happen on release

After the main there are no branches so we cannot raise a Pull Request, such that no analysis will happen in main branch.
It is our CICD strategy. Now it is not possible to do main branch analysis.

What is your GitHub Actions workflow configuration for this project?

CI workflow:
name: Continuous integration

on:
pull_request:
branches:
- development
- uat
- release
- main

env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
jobs:
CI:
if: ${{ github.base_ref == ‘development/uat/release/main’ }}
runs-on: [self-hosted, DEV, Linux]

steps:
  - name: Checkout ${{ github.head_ref }} #1
    uses: actions/checkout@v3
    with:
      ref: ${{ github.head_ref }}         

  - name: Set up JDK 11                     #2
    uses: actions/setup-java@v3
    with:
      java-version: '11'
      distribution: 'temurin'
      overwrite-settings: false
  - name: SonarQube Analysis on Overall Code.
    run: mvn sonar:sonar -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} -Dsonar.host.url=${{ env.SONAR_HOST_URL }} -Dsonar.login=${{ env.SONAR_TOKEN }} -Dsonar.sources=src -Dsonar.branch.name=${{ github.head_ref }}

Hence, without performing main branch analysis, how to export a project from one server to another server?

Also, friendly reminder that the Sonar Community Guidelines discourage “@name” mentioning people who aren’t engaged with a post.

Agreed! :+1:

Regards,
Avinash

Thanks for the additional info! It seems like performing a main branch analysis is a requirement of exporting your project in its current state. The simplest option would be to modify your CI workflow to trigger on another event type so that you can get a branch analysis run on main w/o a PR. My team also uses GitHub Actions, here is that piece of our CI workflow:

name: CI
on:
  push:
    branches:
      - 'main'
  pull_request:
  workflow_dispatch:

Alternatively, you might be able to do a hack-y workaround where you modify your branch settings on your SonarQube project to designate a different default branch and exclude main so that you can export the project, but then add main back later after importing. However, I’ve never attempted anything along these lines, so I have no idea if that would work or if there would be adverse side effects.

In general, I’m not sure why you wouldn’t want to execute a branch analysis on main, since that would provide relevant data to you in SonarQube. I’d personally recommend going the route of executing that analysis rather than messing with the branch settings of your SonarQube project.