Sonarcloud analysis on Bitbucket cloud and Pull requests

SonarCloud
,
1

Just signed up with Sonarcloud but it’s a bummer to realize that auto analysis is not supported. We are using bitbucket cloud with Codepipeline and Codebuild (for CI/CD)

For the Pull request decoration,

how do I get the PR key? I believe I will need to set the following in CI/CD:


properties {
        property "sonar.projectName", "${project.name}"
        property "sonar.projectKey", "${group}:${project.name}"
        property "sonar.sourceEncoding", "UTF-8"
        property "sonar.host.url", "${sonar_host}"
        property "sonar.login", "${sonar_username}"
        property "sonar.organization", "${sonar_org}"
        property "sonar.pullrequest.key", (project.hasProperty("sonar_pr_key")) ? "${sonar_pr_key}" : ""
        property "sonar.pullrequest.branch", "${sonar_branch}"
        property "sonar.pullrequest.provider", "bitbucketcloud"
}

I believe these have to be env variables? How do I get the PR key in Codepipeline/code build?

2

Hey there.

Yes, these usually set by environment variables.

You might be interested in this project:

Or parsing pull-request-number out of CODEBUILD_WEBHOOK_TRIGGER

CODEBUILD_WEBHOOK_TRIGGER

Shows the webhook event that triggered the build. This variable is available only for builds triggered by a webhook. The value is parsed from the payload sent to CodeBuild by GitHub, GitHub Enterprise Server, or Bitbucket. The value’s format depends on what type of event triggered the build.

  • For builds triggered by a pull request, it is pr/pull-request-number .
  • For builds triggered by creating a new branch or pushing a commit to a branch, it is branch/branch-name .
  • For builds triggered by a pushing a tag to a repository, it is tag/tag-name .
3

Codepipeline is not triggered on pull request though - It is triggered on commit. Merge Commit to dev, qa, prod branches is made only when pull request is approved so CODEBUILD_WEBHOOK_TRIGGER doesn’t seem to be an option?

will GitHub - thii/aws-codebuild-extras: Add extra information of your AWS CodeBuild build via environment variables. make it available still?

4

Hey there.

To analyze a pull request (which surely you want to do before the merge), you will need to trigger a build/analysis on the pull request itself.

5

Sure. can you confirm
will GitHub - thii/aws-codebuild-extras: Add extra information of your AWS CodeBuild build via environment variables. make it available if the codebuild is triggered on a commit instead?

6

I haven’t used AWS CodeBuild – so I couldn’t tell you.