SonarQube analysis for Pull request analysing the previous pull request files also

SonarQube Server / Community Build
1

Hi,
We are using SonarQube Enterprise Edition 9.9.2
We have our code in azure repo. When we are creating the Pull request from Azure repo sonarqube analyse the previous pull request files also. We are using Azure pipelines
command: mvn clean install sonar:sonar -Dsonar.host.url=$url -Dsonar.token=$token -Dsonar.projectKey=$key -Dsonar.pullrequest.key=$key -Dsonar.pullrequest.branch=$source -Dsonar.pullrequest.base=$base

2

Hey there.

Are you using Azure Pipelines? If so, can you share your full Azure Pipelines file?

3

trigger:

  • none

pool:
vmImage: ‘xsonar’ #self-Hosted Agent

steps:

  • task: powershell@2
    displayName: ‘Get changed Files from Pull request’
    inputs:
    targetType: ‘inline’
    script: |

      	cd "$(Build.sourcesdirectory)/MavenProject1"
      mvn clean install org.sonarsource.scanner.maven:soanr-maven-plugin:3.11.0.3922 "-Dversion=1.0" "-Dsonar.host.url=$sonarurl"
         "-Dsonar.login=$sonartoken" "-Dsonar.scm.disabled=True" "-Dsonar.projectname=$sonarproject" "-Dsonar.projectky=$sonarprojectkey"	
         "-Dsonar.pullrequest.key=$(System.PullRequest.PullRequestId)" "-Dsonar.pullRequest.branch=$(System.PullRequest.SourceBranch)"
         "-Dsonar.pullrequest.base=$(System.PullRequest.targetBranch)"

We have added this pipeline in build validation step of branch policy. so wheneverPR is raised it will be executed. sonarqube analysis the previous PR files also for another PR.
Ex: PR 100 - 1.txt (1.txt only changed) . It analysis only 1.txt - it is completed
Now if we raise 2nd PR
PR 101 -2.txt (only 2.txt only changed). But it analysis 1.txt as well as 2.txt

Note:We know we can use service connection between sonarqube and Azure devops. Then we can use Sonarqube tasks(Prepare analysis and analysis task.). When we are doing using this method sonarqube only analysis the changed files.

4

Well if that works… seems it would be great to do that then? :smiley:

However, back to my point before about shallow clones, I would recommend making sure this is configured in your pipeline

steps:
 # Checkout the repository
 - checkout: self

 # Disable shallow fetch
  fetchDepth: 0

To ensure a shallow clone isn’t being performed.

5

Thanks. I can able to get PR analysis perfectly using Azure devops pipeline tasks such as prepare analysis and below maven commands
mvn clean install org.sonarsource.scanner.maven:soanr-maven-plugin:3.11.0.3922 “-Dversion=1.0” . But i cant able to view report-tasks.txt in target\sonar folder. I can see that file placed in azure devops agent temp folder under sonar then automatically gets deleted.
sonar.scanner.metadataFilePath=c:\agent_work\1\s\111\74thuw-67dsa\report-task.txt

I am using Azure Devops Server 2022
SonarQube Enterprise Edition 9.9.2
Task: SonarQubePrepare@5

6

What are you trying to view this file for?