Sonarcloud is analysing PRs via bitbucket pipeline, but not main branch?

SonarQube Cloud Product Manager for a Day
1

We added the bitbucket pipeline as specified in the “wizard”:

image: maven:3-jdk-11

clone:
  depth: full              # SonarQube Cloud scanner needs the full history to assign issues properly

definitions:
  caches:
    sonar: ~/.sonar/cache  # Caching SonarQube Cloud artifacts will speed up your build
  steps:
    - step: &build-test-sonarcloud
        name: Build, test and analyze on SonarQube Cloud
        caches:
          - maven
          - sonar
        script:
          - mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
        artifacts:
          - target/**

pipelines:                 # More info here: https://confluence.atlassian.com/bitbucket/configure-bitbucket-pipelines-yml-792298910.html
  branches:
    master:
      - step: *build-test-sonarcloud
  pull-requests:
    '**':
      - step: *build-test-sonarcloud

Our “main” branch is set to develop in bitbucket - this is our default branch.

When we do PRs against develop, these are automatically analyzed by sonar via this pipeline. But this only analyses the chagnes, not the main repo.

In the main sonarcloud.io page for our project, it says:

"master" branch has not been analyzed yet.

how do we get sonar to analyze the main repo, not just the PRs , and to use develop, not master?

The docs say the main repo (develop branch in our case) is analyzed on first analysis, but this doesn’t seem to be the case.

Maybe the generated pipeline file should say “develop” instead of “master”?

Or maybe we need to delete the repo and start again?

2

Hi,

We’ve covered this multiple times. Here’s one excerpt, emphasis added:

It seems you want develop to act as the primary branch in the project currently under consideration. The rules are the same:

  • Analyze develop without passing a sonar.branch.name parameter. Since branch names are picked up automatically by the integrations, you may need to run this first analysis manually.
  • Via the SonarQube Cloud UI, rename the main branch to develop
  • Analyze as normal. Further analyses of the sonar.branch.name=develop branch will land in the project’s primary branch

I assume you’re asking here about which branch the PR is compared to? If so, it’s largely a question of making sure the prerequisites are in place.

 
HTH,
Ann

3

This particular question was about a brand new project. From trial and error we have created the following process, but its still not perfect.

  1. First we edit the bitbucket main branch setting to develop. This has to be done before anything else.
  2. we add the repo into sonar cloud.
  3. We add the two required sonar properties in the pom.xml of the parent and add the bitbucket pipeline yml with “master” replaced with “develop” via PR. (pipeline yml comes from the sonar “wizard”
  4. When we push the PR, it results in an analysis.
  5. When we merge the PR, it results in another analysis
  6. Lastly we checkout develop branch locally, and run the mvn sonar command locally (sing the parameters given in the “wizard”

We have had some unpredictable results.
For some projects, the PR doesnt show up in the list of PRs in sonar.io, but the develop branch does not, some times its the other way round. usually, we delete the project from sonar, and try again, but we have not come up with a reliable set of steps.

Tomorrow ill review the projects we have to try to spot a pattern.