SonarCloud + Bitbucket Cloud pull request & Branches analyse

tahacanatak · April 14, 2021, 12:56pm

Hi,
I’m having a few problems while scanning pull requests coming to a private project in bitbucket cloud.

the transactions I have done so far;

I integrated my project in bitbucket cloud into sonar cloud.
I use aws codebuild as a trigger. When a pull request is create, the codebuild runs and analyzes the incoming pull request.I can see the analysis as “passed” on the sonarcloud screen.

my problems

1 ) I cannot view my branches and pull requests in the repo. So I cannot distinguish which analysis result belongs to which pull request.

2 ) I cannot see the results of the analyzed pull request on the bitbucket cloud pull request screen.

this image is codebuild webhook configurations

this is my buildspec.yml file

version: 0.2

phases:
install:
runtime-versions:
nodejs: 12
java: corretto11
commands:
- apt-get update
- apt-get install -y jq
- export SONAR_SCANNER_VERSION=4.4.0.2170
- export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
- curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
- unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
- export PATH=$SONAR_SCANNER_HOME/bin:$PATH
- export SONAR_SCANNER_OPTS="-server"
pre_build:
commands:
- sonar-scanner -Dsonar.organization=bilgeadamguney -Dsonar.projectKey=bilgeadamguney_my-sonar-app -Dsonar.sources=src -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN
- sleep 5
- curl -u SONAR_TOKEN https://sonarcloud.io/api/qualitygates/project_status?projectKey=bilgeadamguney_my-sonar-app > analysis.json - cat analysis.json - if [ (jq -r ‘.projectStatus.status’ analysis.json) = ERROR ] ; then $CODEBUILD_BUILD_SUCCEEDING -eq 0 ;fi
build:
commands:
- echo Building Project
- echo Finished Building

cache:
paths:
- “node_modules/**/*”

Alexandre_Holzhey · April 19, 2021, 9:35am

Hi @tahacanatak and welcome to our Community!

Looking at how you execute the scanner:

sonar-scanner -Dsonar.organization=bilgeadamguney -Dsonar.projectKey=bilgeadamguney_my-sonar-app -Dsonar.sources=src -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN

I see there is no information related to the pull request/branch to be analysed.

Since you are not using an SonarCloud-integrated CI you need to configure some additional parameters. You can check them here, basically:

sonar.branch.name
sonar.branch.target

For pull requests (currently there is no documentation for it), you need to specify the parameter:

sonar.pullrequest.key

I hope that helps! Please come back if you need further help.

tahacanatak · April 19, 2021, 10:07am

Hi Thank you so much.
Help solved the problem using this.
Is there any difference from what you suggest?

sonar-scanner -Dsonar.organization=test
-Dsonar.projectKey=my-sonar-app
-Dsonar.sources=src
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.login=$SONAR_TOKEN
-Dsonar.pullrequest.base=master
-Dsonar.pullrequest.branch=CODEBUILDEXTRAS_GIT_BRANCH -Dsonar.pullrequest.key=(echo $CODEBUILD_WEBHOOK_TRIGGER | cut -c 4-5000)

Alexandre_Holzhey · April 19, 2021, 10:25am

You are welcome. Your approach is fine!

One remark: I would not send pull request information when doing an analysis on a long living branch, for example. If you do that, please change your script properly (not having such parameters). But i guess you are only analyzing pull requests this way, that is correct?

tahacanatak · April 20, 2021, 8:20am

yes I only analyze pull requests.

I want to ask one more question.I use the same parameters when doing analysis in dotnet projects, but I get the following error.Are other parameters used in other pull request analyzes in dotnet projects?

Running command dotnet sonarscanner begin /k:ba.lms /o:guney /d:sonar.login=$SONAR_TOKEN /d:sonar.host.url=https://sonarcloud.io /d:sonar.pullrequest.base=master /d:sonar.pullrequest.branch=$CODEBUILDEXTRAS_GIT_BRANCH /d:sonar.pullrequest.key=$PULL_REQUEST_NUMBER /d:sonar.verbose=true

164 SonarScanner for MSBuild 5.2
165 Using the .NET Core version of the Scanner for MSBuild
166 The format of the analysis property sonar.pullrequest.branch= is invalid
167 Default properties file was found at /root/.dotnet/tools/.store/dotnet-sonarscanner/5.2.0/dotnet-sonarscanner/5.2.0/tools/net5.0/any/SonarQube.Analysis.xml

tahacanatak · April 20, 2021, 10:52am

When I run it without assigning variables to parameters, as stated below, I do not get an error. but I have to set it as a variable. I guess I’m making a syntax error

dotnet sonarscanner begin /k:ba.lms / o: guney /d:sonar.login=$SONAR_TOKEN/d:sonar.host.url=https://sonarcloud.io /d:sonar.pullrequest.base=master / d : sonar.pullrequest.branch = feature / analysis-test2 /d:sonar.pullrequest.key=642 /d:sonar.verbose=true

Alexandre_Holzhey · April 20, 2021, 12:20pm

@tahacanatak you are welcome!

Could you provide the value of this parameter:

tahacanatak · April 20, 2021, 12:41pm

value is null the problem was caused by the plug I used.Thank you again.

system · April 27, 2021, 12:42pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.