We’re having some trouble getting SonarQube to comment on our Pull Requests.
SQ Version is: Version 8.6.1 (build 40680)
So far we have
- Set the Quality Profile to the “Sonar Way” (https://pasteboard.co/JO1ApTt.png)
- Connected SQ to our GitHub as directed in the documentation ( https://docs.sonarqube.org/latest/analysis/github-integration/ )
- Confirmed in the Administration ALM Integrations settings that SQ is able to comment on Pull requests (https://pasteboard.co/JO1B0We.png)
- Imported the project from GitHub into SonarQube
- Added sonar-project.properties ( https://pasteboard.co/JO1Ehxi.png )
- Created a pull request on our test repo in GitHub with an obvious error (a password variable in the file we are committing)
However, when we raise a PR, there is no PR decoration and nothing shows up in SonarQube.
Doing some further digging, we can see the requests coming into SonarQube in the server logs, but then SonarQube doesn’t seem to do anything with the request and returns a 200 (it’s HTML loading screen) which can be seen in the git hook response (https://pasteboard.co/JO1FtA9.png).
We’ve checked GitHub permissions and the settings numerous times.
SonarQube also doesn’t seem to pick up the branches, showing only “master”. (https://pasteboard.co/JO1GlfU.png)
We can however successfully scan manually (using both docker and mac sonar-scanner-cli) but it’s the PR decoration we’re missing.
Any thoughts on what more we could/should be doing here would be great.