which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
** 8.7.0.41497
what are you trying to achieve
** Our code base is stored / versioned on Bitbucket Cloud
** Our Pull Requests are created/stored and managed on Bitbucket Cloud
** However, we would like to use Azure DevOps CI & CD pipelines
** How can I use Azure DevOps Pull Request decoration when I DO NOT HAVE ANY PULL REQUEST on Azure DevOps sorry?
** We would like to find a way to break the build on Azure DevOps and NOT DO ANYTHING ELSE AFTERWARDS (E.G. STOP PUBLISHING BROKEN ARTIFACTS) if SonarQube Quality Gate fails
** We would like to find a way to block Pull Requests on Bitbucket Cloud that fail SonarQube Quality Gate
I’m not sure where you got the idea the SonarQube needs to be run twice.
SonarQube scan is run once, in the Azure DevOps pipeline. The PR decoration is an integration between SonarQube and BitBucket Cloud. I tried this on ADO Services pulling code from Bitbucket Cloud, using a self-hosted SQ server publishing the Quality Gate result back to the BB Cloud PR. It works as expected.
@bcipollone sorry I misunderstood what you meant. your link “enable Pull Request Decoration for Bitbucket Cloud” only mentions about bitbucket-pipelines.yml and your instruction above did not clearly say where to add the extra line of config. I thought you meant “add this to Bitbucket Cloud”
I can see the SonarQube decoration on Bitbucket Cloud now.
The snippet I provided earlier is from a azure-pipelines.yml file checked into the root of the project on Bitbucket. Adding the sonar.qualitygate.wait=true parameter will cause the scan task to fail if the Quality Gate is not met. I’m not sure what you are attempting via the screenshots of that script but it looks like you are querying the API for quality gate status. The sonar.qualitygate.wait=true parameter does the same thing.
For Bitbucket Cloud, I believe you need to set up Merge Check to block merges. I do not have a Premium account handy to fully enforce this but I can see the build and PR decoration is happening so should be pretty straight forward.
please also clearly state that and provide the solution/code sonar.qualitygate.wait=true on SonarQube official documentation for the next newbies like me to quickly get the idea
i googled this solution for a few days and almost everyone (including SonarQube Support team members) said SonarQube does not want to break any build
While we do not recommend build breaking in all pipelines, failing the build is the only way to block the merge with Bitbucket Cloud. Other SCMs have preferred methods to prevent merges.
This parameter is already documented in our Bitbucket Cloud Integration section. Understand that we are not able to document every possible combination of SCM and CI tool or provide advice that applies to every use case. We leave it to our users to determine what works best in their CI environments based on their comfort level using SonarQube.
However, may I suggest you and the SonarQube team please kindly update your documentation on Azure DevOps integration (or a general place for integration rules which apply to ALL SCM and CI tools) to have the flag mentioned and explained, please?
As you might be aware, if you and we do not want to use Bitbucket Cloud (and hence its pipelines), NORMALLY we do NOT read any documentation related to Bitbucket Cloud. If a general rule applies to Azure DevOps and ALL other SCM and CI tools, how much effort would it take for you to document it in 1 central place as the general rule for all SonarQube users to gain the correct understanding?
that would have saved us/me lots of our time googling around and apparently finding (wrong) workarounds
that response from our reliable source actually made me believe that I MUST SEEK ALTERNATIVES while indeed SonarQube has already implemented the correct solution. That was why I did not create this support ticket in the first place and wasted 2 days of my trial (and hundreds of build minutes on Azure) on finding something useless and unnecessary.
This is not a complain, please do not get me wrong. I simply wish that no one else would have gained the wrong impression and understanding as I did (and apparently wasting their time chasing their own tail).
Your kind help, effort, and tutoring so far is greatly appreciated, Brian.