Sonar Scan failing when no PR present on merge to branch

nsaud01 · September 3, 2019, 1:01pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

SonarQube Developer Edition v7.9
Sonar Scanner CLI 4.0.0.1744

what are you trying to achieve

I’m trying to bypass the failing of a required PR when merging to a branch such as staging or master. Right now the scans are failing when merging to another branch because no PR is present.

what have you tried so far to achieve this

I’ve tried setting up “Only scan PR branches” in CircleCI but this causes unwanted behavior when merging to main branches.

Here is my CircleCI Setup

          echo 'export CIRCLE_PR_NUMBER="${CIRCLE_PR_NUMBER:-${CIRCLE_PULL_REQUEST##*/}}"' >> $BASH_ENV
          source $BASH_ENV
          sonar-scanner \
          -Dsonar.projectKey=acme-co \
          -Dsonar.sources=${SOURCE_DIR} \
          -Dsonar.host.url=${SONAR_HOST} \
          -Dsonar.login=${SONARQUBE_TOKEN} \
          -Dsonar.github.oauth=${GITHUB_TOKEN} \
          -Dsonar.projectVersion=${CIRCLE_BRANCH} \
          -Dsonar.pullrequest.branch=${CIRCLE_BRANCH} \
          -Dsonar.github.pullRequest=${CIRCLE_PR_NUMBER} \
          -Dsonar.pullrequest.key=${CIRCLE_PR_NUMBER} \
          -Dsonar.pullrequest.provider=GitHub \
          -Dsonar.pullrequest.base=master \
          -Dsonar.sources=${SOURCE_DIR} \
          -Dsonar.exclusions=app/assets/**/* \
          -Dsonar.links.scm=${CIRCLE_REPOSITORY_URL} \
          -Dsonar.github.repository=${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME} \
          -Dsonar.projectKey=${PROJECT_KEY}

ganncamp · September 4, 2019, 11:32am

Hi,

Welcome to the community!

It’s not clear to me what you mean by this:

Could you elaborate? Maybe provide some (code formatted - ``` on the line before and on the line after) logs?

Ann

nsaud01 · September 4, 2019, 3:17pm

Hi Ann,

Here is a trace of the logs

INFO: Scanner configuration file: /sonar-scanner-4.0.0.1744-linux/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner 4.0.0.1744
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 4.15.0-1043-aws amd64
INFO: User cache: /root/.sonar/cache
INFO: SonarQube server 7.9.0
INFO: Default locale: "en", source code encoding: "UTF-8" (analysis is platform dependent)
INFO: Load global settings
INFO: Load global settings (done) | time=637ms
INFO: Server id: 67D4454D-AWwpV7vLI9bFA1XGtMu6
INFO: User cache: /root/.sonar/cache
INFO: Load/download plugins
INFO: Load plugins index
INFO: Load plugins index (done) | time=120ms
INFO: Load/download plugins (done) | time=7435ms
INFO: Loaded core extensions: developer-scanner
INFO: Process project properties
INFO: Execute project builders
INFO: Execute project builders (done) | time=3ms
INFO: Project key: acme-co
INFO: Base dir: /root/acme-co/acme-co
INFO: Working dir: /root/acme-co/acme-co/.scannerwork
INFO: Load project settings for component key: 'acme-co'
INFO: Load project settings for component key: 'acme-co' (done) | time=98ms
INFO: Load project branches
INFO: Load project branches (done) | time=98ms
INFO: Load project pull requests
INFO: Load project pull requests (done) | time=103ms
INFO: Load branch configuration
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 11.658s
INFO: Final Memory: 6M/268M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
ERROR: Parameter 'sonar.pullrequest.key' is mandatory for a pull request analysis
ERROR: 
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
Exited with code 2

So if the sonar.pullrequest.key doesn’t exist the build just fails.

ganncamp · September 4, 2019, 5:39pm

Hi,

So… either you’re analyzing a PR, in which case all the relevant parameter values should be available, or your’re not, in which case you would omit all those parameters. You don’t want to always pass all parameter keys any only fill in values when you have them.

HTH,
Ann

nsaud01 · September 4, 2019, 7:23pm

That’s where I’m confused. How do I let sonarqube know to not fail if no PR number is present? This happens when merging to main branches when there is no PR in place for that.

ganncamp · September 4, 2019, 7:43pm

Hi,

You need to manage the parameters that are passed in to analysis on the command line. When there’s a PR, use the full set you showed in your OP. When there’s not:

echo 'export CIRCLE_PR_NUMBER="${CIRCLE_PR_NUMBER:-${CIRCLE_PULL_REQUEST##*/}}"' >> $BASH_ENV
          source $BASH_ENV
          sonar-scanner \
          -Dsonar.projectKey=acme-co \
          -Dsonar.sources=${SOURCE_DIR} \
          -Dsonar.host.url=${SONAR_HOST} \
          -Dsonar.login=${SONARQUBE_TOKEN} \
          -Dsonar.projectVersion=${CIRCLE_BRANCH} \
          -Dsonar.sources=${SOURCE_DIR} \
          -Dsonar.exclusions=app/assets/**/* \
          -Dsonar.links.scm=${CIRCLE_REPOSITORY_URL} \
          -Dsonar.projectKey=${PROJECT_KEY}

BTW, you can simplify some of this by

specifying exclusions via the UI rather than the analysis command
adding a sonar-project.properties file to your project, in which you specify the recurring basics like project key, source file location, SCM location, and project key, leaving:

echo 'export CIRCLE_PR_NUMBER="${CIRCLE_PR_NUMBER:-${CIRCLE_PULL_REQUEST##*/}}"' >> $BASH_ENV
          source $BASH_ENV
          sonar-scanner \
          -Dsonar.host.url=${SONAR_HOST} \
          -Dsonar.login=${SONARQUBE_TOKEN} \
          -Dsonar.projectVersion=${CIRCLE_BRANCH} \

HTH,
Ann

nsaud01 · September 6, 2019, 3:54pm

Great advice, @ganncamp! Thanks. I’ll look into it.