SonarQube 10.2.1 - Pull Request DevOps C# - Pipeline CI -

Hello community.

I am implementing a new pipeline in DevOps to use as validation when completing the Pull Request in master… but I do not want this specific validation to affect the information generated about the project in SonarQube… I just want it to review the files modified and if a bug appears that fails and does not allow uploading. Any idea?

Thank you
Dario Flores

Hi Dario,

Uhm… Pull Request analyses don’t affect the status of the main branch. So you can just analyze them as normal.

I have the sense that maybe I don’t understand what you’re after…

 
Ann

Hello Ann.

As always, thanks for responding.

What you want to add in the CI pipelice is to make sure that the Pull Request does not add sonar bugs, since we happily downloaded all the bugs, but now I want contention on each Pull Request.

Greetings

Hi,

Sorry, I’m still not understanding. Talk to me like I’m 5. :joy:

 
Ann

In DevOps there is the possibility of creating pipeline(build) to verify that the Pull Request has certain integrity when uploading.

Example:

  1. Let it compile
  2. Run all unit tests
  3. etc

I want to add that the new upload does not have Sonar bugs, for that I have to pass through Sonar only the files modified or added in the Pull Request…

if that happens, you can complete the PR.

Hope it’s understandable.

:slight_smile:

And thank you

Hi,

I guess I was confused because what you’re asking for is… what it’s designed to do. :smiley:

So - assuming you’re using a commercial edition of SonarQube - analyze your pull request, report the quality gate status back to your DevOps platform, and then use its mechanisms to block merge if the Quality Gate fails. The docs should help.

 
Ann

Hello good.

The big issue was the variables, once I was able to set the variables:
sonar.pullrequest.key
sonar.pullrequest.branch
sonar.pullrequest.base

It came out working, now what I need is just to configure it so that it reports the bugs and not the Code Smells, what can I touch to check the bugs only?

thank you
Dario Flores

Hi Dario,

That’s a bit harder. PR analysis is going to report on all the issues that it finds. You could stop detecting Code Smells by using a profile without those rules. The problem is that the same Quality Profile is used for all parts of a project: PRs, branches and main.

What you can do is on the Quality Gate side. If your Quality Gate has a condition about Bugs in New Code but nothing about either Code Smells in New Code or issue count in New Code then Code Smells will still be reported, but the Quality Gate won’t fail and block merge.

Does that help?

 
Ann

Thank you very much Ann.

All your comments always help me.

Greetings and good day.

Dario Flores

1 Like