Sonarqube does not detect New Code correctly when using git merge workflow

  • versions used
    Sonarqube: 8.5 (build 37579)
    Gradle sonarqube plugin: 2.7.1
  • error observed (wrap logs/code around triple quote ``` for proper formatting)
    Scanner uses git merge-base HEAD mainline to detect the fork point, all commits starting from that point up to HEAD are considered New Code. However, this doesn’t work in a merge-workflow.
  • steps to reproduce
  1. Create a branch from mainline: git checkout -b new_branch
  2. Create 2 commits, each adding a piece of code.
  3. Update the local mainline branch: git checkout master; git pull
    (NOTE): Make sure you pick up at least 1 new commit from origin
  4. Merge mainline into the new branch: git checkout new_branch: git merge master
    (NOTE): No merge conflicts expected, no changes to the project we are analyzing are expected either.
  5. Create one more commit.
  6. Run the gradle sonarqube task. Merge base is detected as the HEAD of mainline, so only the last commit on the branch is considered New Code.

E.g:

$ git --no-pager log --decorate=short --pretty=oneline -n15
113278cd16aa02ca26d54806c46ea4032116ecf7 (HEAD -> DP-6233_potential_fix, origin/DP-6233_potential_fix) DP-6233 - add a git log
bbe1e1f4e190186044dfdb647ca5cfd795b13537 DP-6233 - debug
ce3017c6d0c9b46a5fb571175032c0aeb138eaf2 DP-6233 - add a bit more code
a28d919428001033c8fd2731fbeb40e0eb5246c7 Merge branch 'master' into DP-6233_potential_fix
3250546a4e0bfeefbc96ead9c7186e74ce5c7402 Merge pull request #60507 in PROJECT/repo from IPD-168976-clear-about-me to master
841c801329883a2d4687075ee6ed64eeb2c6fd7d Merge pull request #60368 in PROJECT/repo from DP-6230/qq to master
0422ab9e68b533d474af4577840a1ed399d8696e Merge pull request #60499 in PROJECT/repo from CORE-3879 to master
71dd15129527b03677d38a9028e28f06e2efdb7a Merge pull request #60523 in PROJECT/repo from IPD-169616_Retry_getExperimentVariation to master
df7fe55f6a839d37e7e4b87cc587560f69997726 DP-6233 - add more code
7a4bec492ae4be3c0dbee0fbf6ec4bc2516bfa03 Merge pull request #60387 in PROJECT/repo from IPD-168610 to master
e317ccbe0fab8f2fd4ca5b8b33cead583d62faec DP-6233 - use gradle properties instead of jvm properties
41b7cabd4f73c9e11adfe3753dd617cbbbecd0a2 DP-6233 - update CheckQualityGateTask
c012afc543a2b6ed0504d8f6fc1fa3c3106a71cc DP-6233 - set the sonarqube branch in change promotion
43c7737b8a5f45821428c5ba2cb77ae5c5c8da81 Merge pull request #60185 in PROJECT/repo from IPD-169108 to master
43cd85ff32cb19e831dabf7f00b8f655777f73ce DP-6233 - add some code

All commits starting with DP-6233 are made on the same branch.
Merge base is detected as: 3250546a4e0bfeefbc96ead9c7186e74ce5c7402

2021-01-11T12:49:09.280+0200 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Merge base sha1: 3250546a4e0bfeefbc96ead9c7186e74ce5c7402

Only commits starting from there, up to HEAD are picked up as New Code

  • potential workaround
    Using a rebase-workflow