SonarQube + GitHub Plugin - Issue with Pull Request Analysis

github
sonarqube

(Chandraprakash Sarathe) #1

Must-share information:

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    7.2

  • what are you trying to achieve
    I could able to successfully analyze the pull request based on the steps shared on the URL https://docs.sonarqube.org/display/PLUG/GitHub+Plugin

I have a case when my developer has 3 commits in a pull request and when I did run below commands , it analyze only last commit and added review comments for last commit only. It ignores previous 2 commits.

mvn sonar:sonar -Dsonar.analysis.mode=preview
-Dsonar.github.pullRequest=340
-Dsonar.github.repository=BLSSSS/clientsss
-Dsonar.github.oauth=sadsajfdsfsdfdsfsd
-Dsonar.host.url=http://localhost:9000

  • what have you tried so far to achieve this
    See attached image , for me analysis on pull request is working.

    My problem is why its not working for every commit in a pull request.

(G Ann Campbell) #2

Hi,

What you’re getting is analysis of the current state of the PR’s underlying branch. You will not get a commit-by-commit analysis. This is by design. After all, if a new issue is created in the first comment and then fixed in the second, it’s no longer relevant.

Ann


(Chandraprakash Sarathe) #3

Hi,

Thanks for your reply.

Point here is if 5 files added/modifed in first commit , another 3 modified in 2nd commit and another 7 is added in third commit, Analysis is only being done on last commit that is 7 files. why files of first and second commit (5+3) is ignored?

I don’t expect commit by commit Analysis however I expect Analysis is being done on all the files in PR. For me that’s not happening.

Thanks.


(G Ann Campbell) #4

Hi,

Sorry, I mis-spoke (okay, wrote). You won’t get commit-by-commit reporting. But yes, every file changed in the branch should be included in the analysis. If you created a new issue in the first commit and it’s still open by the 3rd commit, you should still be seeing it.

That said, you should know that we’re no longer maintaining the GitHub plugin; it’s functionality has been replaced and then some by the Branch and PR analysis offered in the Developer Edition.

Ann


(Chandraprakash Sarathe) #5

Thanks. I followed this link before start and could not find anything about its support no longer exist.

I assumed for a starter I should get good know how about SonarQube + GitHub before moving to Developer Edition.

For now do you have any recommendations for my issue ?


(G Ann Campbell) #6

Sorry, I don’t have any recommendations.

Ann


(Chandraprakash Sarathe) #7

Hey , I just now got the developer edition trial version.

jvm 1 | 2018.08.05 10:16:58 INFO app[][o.s.a.SchedulerImpl] Process[web] is up
jvm 1 | 2018.08.05 10:16:58 INFO app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key=‘ce’, ipcIndex=3, logFilenamePrefix=ce]] from [C:\sonarqube-developer-7.2.1\sonarqube-7.2.1]: D:\emaratech\softwares\jdk1.8.0_121\jre\bin\java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -cp ./lib/common/*;C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\lib\jdbc\mysql\mysql-connector-java-5.1.46.jar org.sonar.ce.app.CeServer C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\temp\sq-process8053836159887138849properties
jvm 1 | 2018.08.05 10:17:06 INFO app[][o.s.a.SchedulerImpl] Process[ce] is up
jvm 1 | 2018.08.05 10:17:06 INFO app[][o.s.a.SchedulerImpl] SonarQube is up

I am still facing same issue - No sonar qube analysis on pull request now.

mvn sonar:sonar -Dsonar.analysis.mode=preview
-Dsonar.github.pullRequest=339
-Dsonar.github.repository=ABC/XYZ
-Dsonar.github.oauth=fb84b5ef4d37sfjsdfsjdfjskjfsjkfkjsdfkjskj
-Dsonar.host.url=http://localhost:9000


(G Ann Campbell) #8

Hi,

The analysis properties you listed will not work with the Developer Edition PR analysis. Here are the docs, for your reference: https://docs.sonarqube.org/display/SONAR/Pull+Request+Analysis

Ann


(Chandraprakash Sarathe) #9

Hi,

Now I am on Developer Edition with the Trial Key shared by Adriana Z.

We are evaluating PR Analysis and noticed issue where as in the “Branch & Pull Requests” section I couldn’t see any issues. Although developer has introduced issues and we can see in Individual file also.
You can see below (I cant attach now), all issues are 0

Branches & Pull RequestsLong living branches pattern: 
(branch|release)-.*Use this page to manage project branches and pull requests.Short-lived branches and pull requests are permanently deleted after 30 days without analysis.
You can adjust this value globally in General Settings.
Branch	Status	Last Analysis Date	Actions
masterMain Branch		4 days ago	
345 – SHARI-437	
0
0
0
4 days ago	
347 – SHARI-4367	
0
0
0
4 days ago	

Am I on Developer Edition ?

jvm 1    | 2018.08.12 12:15:07 INFO  app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key='ce', ipcIndex=3, logFilenamePrefix=ce]] from [C:\sonarqube-developer-7.2.1\sonarqube-7.2.1]: D:\emaratech\softwares\jdk1.8.0_121\jre\bin\java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -cp ./lib/common/*;C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\lib\jdbc\mysql\mysql-connector-java-5.1.46.jar org.sonar.ce.app.CeServer C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\temp\sq-process9012321300205295926properties
jvm 1    | 2018.08.12 12:15:16 INFO  app[][o.s.a.SchedulerImpl] Process[ce] is up
jvm 1    | 2018.08.12 12:15:16 INFO  app[][o.s.a.SchedulerImpl] SonarQube is up

What are the command used ?

$ mvn sonar:sonar -DskipTests -Dsonar.host.url=http://localhost:9000

$ mvn sonar:sonar -Dsonar.pullrequest.branch=SHARI-4367 -Dsonar.pullrequest.key=347

(G Ann Campbell) #10

Hi,

Do those two commands run back to back without any kind of checkout or branch switch between them?

Ann


(Chandraprakash Sarathe) #11

Do those two commands run back to back without any kind of checkout or branch switch between them?

yes


(G Ann Campbell) #12

That’s your problem. The first analysis says “analyze this PR branch as master” and the second analysis says “compare this PR branch to master”. So of course no new issues are found in the PR.


(Chandraprakash Sarathe) #13

Thanks Ann.

So basically Primary Analysis is on master branch and “PR Analysis” is on “PR Branch” after checkout.


(G Ann Campbell) #14

Yup, you got it. :wink:


(Chandraprakash Sarathe) #15

Hi

Above mentioned steps we followed on developer edition which works fine for us . However we noticed sometimes “Branch & Pull request” In SonarQube points issues in those files which do not belong to the current pull request.

Any idea ?


(G Ann Campbell) #16

Hi,

I’m guessing you’re still on 7.2. Upgrade to 7.4, which addresses this with better detection of the code that’s new in the branch/PR.

 
Ann


(Chandraprakash Sarathe) #17
  • Developer Edition
  • Version 7.3 (build 15553)

BTW - Upgrade … Does it mean cost ?


(G Ann Campbell) #18

Hi,

Upgrading a version within the same edition doesn’t cost anything.

 
Ann