SonarQube + GitHub Plugin - Issue with Pull Request Analysis

Must-share information:

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  7.2

• what are you trying to achieve
  I could able to successfully analyze the pull request based on the steps shared on the URL https://docs.sonarqube.org/display/PLUG/GitHub+Plugin

I have a case when my developer has 3 commits in a pull request and when I did run below commands , it analyze only last commit and added review comments for last commit only. It ignores previous 2 commits.

mvn sonar:sonar -Dsonar.analysis.mode=preview
-Dsonar.github.pullRequest=340
-Dsonar.github.repository=BLSSSS/clientsss
-Dsonar.github.oauth=sadsajfdsfsdfdsfsd
-Dsonar.host.url=http://localhost:9000

• what have you tried so far to achieve this
  See attached image , for me analysis on pull request is working.
  
  

  image.png1312×481 35.9 KB
  
  My problem is why its not working for every commit in a pull request.

Hi,

What you’re getting is analysis of the current state of the PR’s underlying branch. You will not get a commit-by-commit analysis. This is by design. After all, if a new issue is created in the first comment and then fixed in the second, it’s no longer relevant.

Ann

Hi,

Thanks for your reply.

Point here is if 5 files added/modifed in first commit , another 3 modified in 2nd commit and another 7 is added in third commit, Analysis is only being done on last commit that is 7 files. why files of first and second commit (5+3) is ignored?

I don’t expect commit by commit Analysis however I expect Analysis is being done on all the files in PR. For me that’s not happening.

Thanks.

Hi,

Sorry, I mis-spoke (okay, wrote). You won’t get commit-by-commit reporting. But yes, every file changed in the branch should be included in the analysis. If you created a new issue in the first commit and it’s still open by the 3rd commit, you should still be seeing it.

That said, you should know that we’re no longer maintaining the GitHub plugin; it’s functionality has been replaced and then some by the Branch and PR analysis offered in the Developer Edition.

Ann

Thanks. I followed this link before start and could not find anything about its support no longer exist.

I assumed for a starter I should get good know how about SonarQube + GitHub before moving to Developer Edition.

For now do you have any recommendations for my issue ?

Sorry, I don’t have any recommendations.

Ann

Hey , I just now got the developer edition trial version.

jvm 1 | 2018.08.05 10:16:58 INFO app[o.s.a.SchedulerImpl] Process[web] is up
jvm 1 | 2018.08.05 10:16:58 INFO app[o.s.a.p.ProcessLauncherImpl] Launch process[[key=‘ce’, ipcIndex=3, logFilenamePrefix=ce]] from [C:\sonarqube-developer-7.2.1\sonarqube-7.2.1]: D:\emaratech\softwares\jdk1.8.0_121\jre\bin\java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -cp ./lib/common/*;C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\lib\jdbc\mysql\mysql-connector-java-5.1.46.jar org.sonar.ce.app.CeServer C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\temp\sq-process8053836159887138849properties
jvm 1 | 2018.08.05 10:17:06 INFO app[o.s.a.SchedulerImpl] Process[ce] is up
jvm 1 | 2018.08.05 10:17:06 INFO app[o.s.a.SchedulerImpl] SonarQube is up

I am still facing same issue - No sonar qube analysis on pull request now.

image1010×776 43.9 KB

mvn sonar:sonar -Dsonar.analysis.mode=preview
-Dsonar.github.pullRequest=339
-Dsonar.github.repository=ABC/XYZ
-Dsonar.github.oauth=fb84b5ef4d37sfjsdfsjdfjskjfsjkfkjsdfkjskj
-Dsonar.host.url=http://localhost:9000

Hi,

The analysis properties you listed will not work with the Developer Edition PR analysis. Here are the docs, for your reference: https://docs.sonarqube.org/display/SONAR/Pull+Request+Analysis

Ann

Hi,

Now I am on Developer Edition with the Trial Key shared by Adriana Z.

We are evaluating PR Analysis and noticed issue where as in the “Branch & Pull Requests” section I couldn’t see any issues. Although developer has introduced issues and we can see in Individual file also.
You can see below (I cant attach now), all issues are 0

Branches & Pull RequestsLong living branches pattern: 
(branch|release)-.*Use this page to manage project branches and pull requests.Short-lived branches and pull requests are permanently deleted after 30 days without analysis.
You can adjust this value globally in General Settings.
Branch	Status	Last Analysis Date	Actions
masterMain Branch		4 days ago	
345 – SHARI-437	
0
0
0
4 days ago	
347 – SHARI-4367	
0
0
0
4 days ago	

Am I on Developer Edition ?

jvm 1    | 2018.08.12 12:15:07 INFO  app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key='ce', ipcIndex=3, logFilenamePrefix=ce]] from [C:\sonarqube-developer-7.2.1\sonarqube-7.2.1]: D:\emaratech\softwares\jdk1.8.0_121\jre\bin\java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -cp ./lib/common/*;C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\lib\jdbc\mysql\mysql-connector-java-5.1.46.jar org.sonar.ce.app.CeServer C:\sonarqube-developer-7.2.1\sonarqube-7.2.1\temp\sq-process9012321300205295926properties
jvm 1    | 2018.08.12 12:15:16 INFO  app[][o.s.a.SchedulerImpl] Process[ce] is up
jvm 1    | 2018.08.12 12:15:16 INFO  app[][o.s.a.SchedulerImpl] SonarQube is up

What are the command used ?

$ mvn sonar:sonar -DskipTests -Dsonar.host.url=http://localhost:9000

$ mvn sonar:sonar -Dsonar.pullrequest.branch=SHARI-4367 -Dsonar.pullrequest.key=347

Hi,

Do those two commands run back to back without any kind of checkout or branch switch between them?

Ann

Do those two commands run back to back without any kind of checkout or branch switch between them?

yes

That’s your problem. The first analysis says “analyze this PR branch as master” and the second analysis says “compare this PR branch to master”. So of course no new issues are found in the PR.

Thanks Ann.

So basically Primary Analysis is on master branch and “PR Analysis” is on “PR Branch” after checkout.

Yup, you got it.

Hi

Above mentioned steps we followed on developer edition which works fine for us . However we noticed sometimes “Branch & Pull request” In SonarQube points issues in those files which do not belong to the current pull request.

Any idea ?

Hi,

I’m guessing you’re still on 7.2. Upgrade to 7.4, which addresses this with better detection of the code that’s new in the branch/PR.

 
Ann

• Developer Edition
• Version 7.3 (build 15553)

BTW - Upgrade … Does it mean cost ?

Hi,

Upgrading a version within the same edition doesn’t cost anything.

 
Ann