Sonar-scanner unable to find baseline tag for a project

Hello,

I need some help to calculate new code for a branch where baseline is a tag.

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube Developer Edition Version 8.6.1 (build 40680) (On premises)
    sonarsource/sonar-scanner-cli:latest Using docker image sha256:497d58079641d52a72898b32a885f35ee75ca6a048e458678bd36664c0ada366
    gitlab CI to trigger sonar-scanner
  • what are you trying to achieve
    I am trying to set a tag as baseline version in a project in sonarqube to get New Code details compared between latest sha in the branch against a tag.
  • what have you tried so far to achieve this
    Analyzed the branch using gitlab CI → project branch is created with branch “br1”
    Analyzed the tag using gitlab CI → another project branch created with “v0.1”
    In project settings set baseline for branch “br1” as “v0.1”
    Rerun the analysis on branch1
    Output → the analysis was successful, but new code was not calculated.
    In sonar-scanner log I see an error as below:
INFO: Load New Code definition
INFO: Load New Code definition (done) | time=42ms
INFO: Computing New Code since fork with 'v0.1'
WARN: Could not find ref: v0.1 in refs/heads, refs/remotes/upstream or refs/remotes/origin
WARN: Branch 'v0.1' not found in git
WARN: Failed to detect fork date. No New Code will be computed.

I tried using git fetch origin --tags and git fetch origin '+refs/tags/*:refs/tags/*' before triggering the scanner. But per the output it is not looking for tags.
Is there any way we can make the scanner look for tags. Appreciate your time.

Hi. I could get this to work by doing a clone - GIT_STRATEGY: clone - instead of shallow clone in gitlab CI just once. However, it started failing again.
The problem is when I set a git tag (already analysed and uploaded to SonarQube as a branch) as baseline. It fails to detect the tag. If I set a branch as baseline, it works OK. Is there anyway to make the scanner look at ref/tags?

My current .gitlabci.yml for reference is as below:

sonarqube:
  image: sonarsource/sonar-scanner-cli:latest
  variables:
    GIT_STRATEGY: clone
    CMDLET: |
      -Dsonar.host.url=$GITLABCI_SONARQUBE_URL
      -Dsonar.login=$GITLABCI_SONARQUBE_TOKEN
      -Dsonar.qualitygate.wait=true
      -Dsonar.sources=.
      -Dsonar.projectKey=$CI_PROJECT_PATH_SLUG
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    - sonar-scanner -Dsonar.projectVersion=${CI_COMMIT_SHA:0:7} $CMDLET
  after_script:
    - git show-ref v0.0.1 # shows reference from refs/tags
    - git show-ref $CI_COMMIT_REF_NAME # shows reference from refs/heads

I tried git fetch --all, git fetch origin --tags, git config --add remote.origin.fetch "+refs/tags/*:refs/tags/*" and the scanner only looks in refs/heads, refs/remotes/upstream or refs/remotes/origin. I guess the solution could be somehow to make the scanner look at refs/tags too. Can you please help. Thank you.

  • versions used (SonarQube, Scanner, Plugin, and any relevant extension)

SonarQube Developer Edition Version 8.6.1 (build 40680) (On premises)
sonarsource/sonar-scanner-cli:latest Using docker image sha256:497d58079641d52a72898b32a885f35ee75ca6a048e458678bd36664c0ada366
gitlab CI (13.5) to trigger sonar-scanner

  • error observed (wrap logs/code around triple quote ``` for proper formatting)
    I am trying to set a tag as baseline version in a project in sonarqube to get New Code details compared between latest sha in a branch against a tag. I got the output that tag is not found in git.

Output → the analysis was successful, but new code was not calculated.
In sonar-scanner log I see an error as below:

INFO: Load New Code definition
INFO: Load New Code definition (done) | time=42ms
INFO: Computing New Code since fork with 'v0.1'
WARN: Could not find ref: v0.1 in refs/heads, refs/remotes/upstream or refs/remotes/origin
WARN: Branch 'v0.1' not found in git
WARN: Failed to detect fork date. No New Code will be computed.
  • steps to reproduce

    • Analyzed the branch using gitlab CI → project branch is created with branch “br1”
    • Analyzed the tag using gitlab CI → another project branch created with “v0.1”
    • In project settings set baseline for branch “br1” as “v0.1”
    • Rerun the analysis on branch “br1”

My current .gitlabci.yml for reference is as below:

sonarqube:
  image: sonarsource/sonar-scanner-cli:latest
  variables:
    GIT_STRATEGY: clone
    CMDLET: |
      -Dsonar.host.url=$GITLABCI_SONARQUBE_URL
      -Dsonar.login=$GITLABCI_SONARQUBE_TOKEN
      -Dsonar.qualitygate.wait=true
      -Dsonar.sources=.
      -Dsonar.projectKey=$CI_PROJECT_PATH_SLUG
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    - sonar-scanner -Dsonar.projectVersion=${CI_COMMIT_SHA:0:7} $CMDLET
  after_script:
    - git show-ref v0.0.1 # shows reference from refs/tags
    - git show-ref $CI_COMMIT_REF_NAME # shows reference from refs/heads

I tried pulling all refs using git fetch --all, git fetch origin --tags and git fetch origin with option ‘+refs/tags/:refs/tags/’ before triggering the scanner. But per the output it is not looking for tags. I see no option on scanner documentation on how to make it look for tags.

I can analyse the new code fine when the base is set to another branch.

It looks like a bug to me that though SonarQube allows to set another tag as baseline, sonar scanner is not looking in refs/tags for the tag. I raised a help request with https://community.sonarsource.com/t/sonar-scanner-unable-to-find-baseline-tag-for-a-project/44557/3 but no response there yet. I do not see any way to convert that to a bug report. So I am creating a duplicate bug report. I apologise for any inconvenience.

  • potential workaround

It could possibly work to put another manual analysis to analyse the tag as a ref in sonar branch. But this is difficult to maintain and needs extra analysis commands. I need to use a tag as baseline.

Hi,

Welcome to the community!

I understand why you created a second thread, but I’ve combined your threads because it’s really best to keep it to one topic-one thread. Feel free to bump after a reasonable interval tho.

In fact, SonarQube isn’t allowing you to set a tag as the baseline, but the branch you told it you were analyzing. So I’m going to move this to New Features because what you’re describing isn’t functionality we’ve implemented.

 
Ann

1 Like