@jlawless - Further to your comment, I just want to add that the second build will also overwrite the Quality Gate Status.
So if your first build fails the quality gate (thus blocking the PR) and the second build does not, the second build will clear the failed Quality Gate allowing the PR to go through.
This is the biggest issue IMO and this is what @gordy’s solution solves.
This just bit us. PR containing validation builds for three different projects from a monorepo and only the last one to run counts. Kinda defeats the purpose of paying extra for Developer edition since we only did that for the PR protection it provides. Seems like an easy fix, just add the SQ project name to the PR comment and PR decoration ADO API calls which would make comments and decoration unique to each build.
Special thanks to @gregpakes for sticking with this issue for going on two years!
PR protection is the most important piece here. Something which @gordy has managed to provide with very little effort. Baffles me how SonarSource aren’t able to put this feature in going on 2 years now.
As @Rouke.Broersma.IS mentionned, we’ve listened to your feedback and have drafted a new MMF that hopefully will best suit your need
Link is this one https://jira.sonarsource.com/browse/MMF-2036 which is the EPIC link, and we also split this into each ALM that we currently support, and will begin indeed by Azure DevOps very soon.
One issue I’m not sure if it’s related, but our Quality Gate policies on the PRs are set as “Optional” despite the policy requirement being set as “Required”.
Is this something that you are overriding somehow?
Hi @brett.postin,
As far as I know, we don’t override any setting.
Also, I am not sure I correctly understand the issue you describe. If you need any help regarding this, please open a new ticket and I’ll be glad to help you
The issue is our “Require approval from additional services” branch policy for SonarCloud within Azure DevOps is set to “Required” i.e. a status of succeeded is required to complete PRs.
However the policy in the actual PR is listed under the “Optional” policies, meaning a failed SonarCloud quality gate would NOT block the PR.
If you aren’t overriding the Policy Requirements in some way (either intentionally or unintentionally) then I will raise the issue directly with Azure.
We don’t override the required/optional option on those status.
The behavior you describe is most likely from a PR that already exists when you turned on a project as Monorepo, which was part of that PR. If it had already a Quality Gate status, when the “new” (with the project name on it) status appeared on a new analysis on that PR, the “old” one has been moved to Optional. Is that the case ? If yes, this is a known limitation, as we don’t delete existing Statuses, but only create / update ones.
I don’t think so. The PR decoration is done only from SonarCloud to Azure DevOps, the extension has no effect on that and is not used for that specific matter (it runs analyses only).
It wasn’t the case no, the “new” status policies (with the project name) were being posted as “Optional”.
Following your suggestions and re-reading the documentation I think we have resolved it. We needed to explicitly setup a new status policy for each of the projects within the monorepo. After doing that and marking them as required they are now “Required” on PRs.
Just out of interest, with no explicit status policy defined, PRs are still decorated with a “new” status as “Optional”. Is that expected behaviour?