I’m using SonarQube 7.9 Developer Edition.
I’m analyzing pull requests from Github and the analysis results are sent to SonarQube. However, I’m wondering why it shows 913 new lines to cover, even if my pull request has only 1 line changed. See the attached picture. 
I’m setting the following properties
sonar.pullrequest.key
sonar.pullrequest.branch
sonar.pullrequest.base
Second question, is it possible to have SonarQube decorate the Github pull request? If yes, what are the steps?
BR,
Ilkka
Hi Ilkka,
Welcome to the community!
Regard the number of changed lines, my first suspicion is whitespace (line ending) changes. Do you have any automation anywhere to “fix” line endings?
For PR Decoration, 7.9 DE can absolutely do that. The relevant docs start here.
Ann
Thanks Ann, happy to have found this wonderful support forum.
No, there isn’t automation to fix line endings.
The docs are talking about Github Enterprise, Bitbucket Server and Azure Devops Server. However, we are using plain Github. Is there documentation what is needed to make that work?
-Ilkka
Hi Ilkka,
This should work fine. Just pretend GH is your enterprise instance.
Could you check your PR’s code page, drill into an “unchanged” file and for a changed line check out the blame data you get when you click in the line numbers column?
Ann
Hi Ann,
-Ilkka
Hi Ann,
-Ilkka
Hi Ilkka,
It would be helpful to have your analysis command/parameters here. Also, I would be interested to see a screenshot of “new line” blame data from one of the changed/unchanged files, E.g.
Ann
Hi Ann,
Here’s the command line we are executing
./gradlew -Dsonar.login=**** -Dsonar.pullrequest.key=214 -Dsonar.pullrequest.branch=XRDDEV-437 -Dsonar.pullrequest.base=develop -Dsonar.pullrequest.github.repository=nordic-institute/X-Road --stacktrace --no-daemon buildAll runProxyTest runMetaserviceTest runProxymonitorMetaserviceTest jacocoTestReport dependencyCheckAggregate sonarqube
And here’s the requested screenshot of blame data from changed files we did not change in the PR
Please also see my other question above about Github PR decoration missing images.
-Ilkka
Hi Ilkka,
For the screenshot, do you confirm that that line of that file is not changed in the branch under analysis? And if so, is it modified in some other branch? What’s the blame data look like for that file line in develop? And what’s it look like in master?
As a side note, there’s no point in specifying sonar.pullrequest.github.repository on the command line. This must be set server side and is used after analysis to decorate the PR. By the time decoration is attempted, analysis parameters are out of scope.
Ann
Hi Ann,
Yes, I can confirm that the line has not been changed in the PR branch we are analyzing (see https://github.com/nordic-institute/X-Road/pull/214).
I think that line was last modified in branch XRDDEV-634 (see https://github.com/nordic-institute/X-Road/pull/205).
The blame data for develop and master are here as attachments.
simplesensor-blame-master.txt (8.5 KB) simplesensor-blame-develop.txt (8.2 KB)
-Ilkka
I see in one of the screenshots that there were 4 warnings related to the last analysis. Are any of those about git?
Could you show us the logs of the scanner, preferably with debug enabled?
Hi Duarte,
The warnings are not related to git. See the attached screenshot. I’ll send the scanner logs as soon as I get them.
-Ilkka
Hi Duarte,
I have included parameter sonar.verbose=true to get debug output. Please find the full build log here as an attachment.
build-output.txt (455.2 KB)
-Ilkka
Hi,
The logs don’t include much from the sonarqube task. You probably need to add -d with gradle.
Anyway I can see that the checkout of the code is done without a clone and without fetching all branches (only PRs):
> git fetch --tags --progress https://github.com/nordic-institute/X-Road.git +refs/pull/*:refs/remotes/origin/pr/*
The problem might be that the local reference to the target branch of the pull request is not up to date.
I recommend you try changing the checkout to make sure that the target is updated.
Hi Duarte,
I can confirm that it works now after updating the git checkout mantras. Thanks for the valuable help you have been giving.
-Ilkka
Could you elaborate on that, please? It looks like we could have the same issue with Azure Repos Git, but I don’t know how to change that…
##[command]git -c http.extraheader="AUTHORIZATION: bearer *" fetch --force --tags --prune --progress --no-recurse-submodules origin +refs/heads/:refs/remotes/origin/ +refs/pull/6043/merge:refs/remotes/pull/6043/merge
@jsmaragon for us the solution was to add a comprehensive git clean to the beginning and fetch also additional branches. Something along these lines:
> git reset --hard # timeout=10
> git clean -fdx # timeout=10
…
> git fetch --tags --progress +refs/heads/:refs/remotes/origin/* +refs/pull/*/head:refs/remotes/origin/pull/**
Hope this helps,
-Ilkka
I am using Azure DevOps Build Pipeline, so I can not see how I can provide that, given that the checkout step is generated. Anyway, thanks @iluwatar, for the help !!
I am using gerrit for code reviews. Can I do a pull request analysis in sonarqube developer edition?
If you have a CI pipeline running, you can run a SonarQube scanner and analyze pull requests. If you have specific questions about it please open a new topic.
