Scanner command used when applicable (private details masked)
Languages of the repository (C++)
Hi,
I’ve got strange issue with PR decoration. I’ve got for example 2 repos. Let’s say repo A and repo B (and many, many more in a true life ). Repo A includes pipeline yaml files and sonar-project.properties file about other repos (including repo B). Once I am doing PR from some branch to develop branch of repo A and I am running pre-merging verification pipeline (which is included in the same repo) as a Build verification it works perfectly. I’ve got Status check option like
SonarCloud/quality gate
to select from dropdown, I see comments from SonarCloud scan inside such pull request, I see proper quality gate status in Extension tab.
BUT
I’ve got repo B where there is a code of my application (C++) and where I would like to have also PR decoration. I am doing pull request there where I am executing pre-merging verification pipeline (from repo A), the pipeline executes properly, the PR is available to see from SonarCloud perspective, after SC scan execution I can see the result of Quality gate in Extension tab but I can’t select
SonarCloud/quality gate
as status check and I can’t see the comments from SonarCloud attached to such PR.
What I’ve done so far:
Personal Access Token checked if it have permissions to repo A and repo B and also checked if such PAT has got Code (read & write) permissions
Owner of PAT if the owner has got access to the proper repos in Azure DevOps
reconfiguration of Branch Policies for both of repos many times
tests with creating PRs (with Build validation by this pre merging pipeline and Status check) to the different branch than develop inside repo A and repo B
adding Status Check manually to the branch polices of repo B - looks like the pipeline stops on this manual Status check and “wait” till infinity
Where have you configured the PAT? Is there one configured at the project-level (project Administration > General Settings > Pull Requests, in either project?
If this is only the case with repoA and not repoB – this means that most probably, repoB is using the organization-level token (global Administration > Organization Settings).
If repoB is working… you might try and remove the token you’ve set for repoA and see if it works with the organization level token.
You mean about setting up organization-level token from Azure DevOps inside SonarCloud organization settings, right?
What if the repo B has got his own sonar-project.properties file and different project in SonarCloud which is not affected by executing this pre merging verification pipeline? Different scope of sources from repo B has been configured in sonar-project.properties file inside repo A and different project and scope of sources has been configured inside sonar-project.properties file od repo B itself.
One more thing. Repo A and repo B is part of the same project inside organization from Azure DevOps perspective.
Yes, once I am creating pull request to repo B it uses pre merging pipeline yaml file which is located in repo A (as Build Verification branch policy) and in repo A there is sonar-project.properties file which includes repo B as source and inclusions.
It provide me the thing that if I do the pull request in repo B just the modified files from such repo are taken into consideration by Sonar scanner
In this case I don’t need decoration in repo A. Repo A is a “storage” for pipeline files like pre-merging verification executed as Build Verification branch policies for repo B or other repos. I don’t know if it is important but inside the yaml pipeline file from repo A which is used as build verification for example inside pull requests for repo B there is repo B synchronization and checkout and also in repo A there is sonar.project.properties file where repo B is provided as a sonar.sources and sonar.inclusions.
Currently, looks like everything works good except adding comments into pull request of repo B so let’s say “feedback” after Quality gate publish step isn’t goes back to the PR in Azure DevOps.
Are there some opportunity to debug Publish Quality gate step somehow?
I did some tests and workarounds and it looks like there is soultion of this case. We have to have the same pipeline yaml file in repo B with different name configured as a pipeline name than the pipeline from repo A. Also, in repo B as a Build verification have to be linked the pipeline (with changed name) from the same repo so even if the pipeline is visible between repos as build validation then it doesn’t work at all if it comes to PR decoration once it doesn’t appear in the same repo.
). Repo A includes pipeline yaml files and sonar-project.properties file about other repos (including repo B). Once I am doing PR from some branch to develop branch of repo A and I am running pre-merging verification pipeline (which is included in the same repo) as a Build verification it works perfectly. I’ve got Status check option like